A naukri.com initiative
Hacking News
Medium
2d
258
Image Credit: Medium
Google Chrome Zero-Day Attack
- Google Chrome has been targeted by a zero-day attack.
- The attack, known as CVE-2024–4671, utilizes a use-after-free vulnerability.
- This vulnerability allows attackers to run code by accessing an empty memory block.
- Users are advised to update their browser to mitigate the risk.
Read Full Article
15 Likes
Cryptopotato
2d
352
Image Credit: Cryptopotato
Parity Hacker Returns, Laundering $9M in Ethereum After 7 Years of Inactivity
- The hacker who stole 150,000 ETH from the Parity Multisig Wallet in 2017 has resurfaced after 7 years.
- The hacker has laundered $9 million worth of Ethereum through a cryptocurrency exchange.
- 83,017 ETH, amounting to $246.6 million, is still under the hacker's control.
- Analysts emphasize the importance of robust coding standards to avoid such incidents in the Ethereum ecosystem.
Read Full Article
21 Likes
Securityaffairs
2d
384
Image Credit: Securityaffairs
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days
- Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day.
- One vulnerability is rated Critical, 57 are rated Important, and one is rated Moderate in severity.
- Two actively exploited zero-day vulnerabilities were fixed this month.
- The vulnerabilities include Windows MSHTML Platform Security Feature Bypass and Windows DWM Core Library Elevation of Privilege.
Read Full Article
23 Likes
Medium
2d
341
Image Credit: Medium
Defensive Security: Installing PHPIDS on LAMP Servers
- PHP Intrusion Detection System (PHPIDS) is an IDS that detects malicious behavior, classifies severity, and reacts programmatically.
- To install PHPIDS, it is recommended to install it outside the application root for security reasons.
- Configuration of paths is done by editing the Config.ini.php file in the PHPIDS directory.
- By editing the auto_prepend_file parameter in the php.ini file, PHPIDS is executed before any other PHP file.
Read Full Article
20 Likes
Securityaffairs
2d
330
Image Credit: Securityaffairs
VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024
- VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-day flaws exploited at Pwn2Own Vancouver 2024.
- CVE-2024-22267 (CVSS score: 9.3) - use-after-free vulnerability in Bluetooth device. Allows execution of code as VMX process.
- CVE-2024-22268 (CVSS score: 7.1) - heap buffer-overflow vulnerability in Shader functionality. Can create denial of service.
- CVE-2024-22269 (CVSS score: 7.1) - information disclosure vulnerability in Bluetooth device. Allows reading privileged information from hypervisor memory.
Read Full Article
19 Likes
Tech Story
2d
236
How to Beat Card Happy Clash of Clans
- Understanding the characteristics of Card Happy bases, which include trap placement, divided compartments, and centralized defenses.
- Strategy 1: Planning and Scouting - Examining trap positions, identifying important objectives, organizing troop makeup, and using spells effectively.
- Strategy 2: Surgical Strikes - Luring Clan Castle defenders, using kill squads, directing main attacks, and timing spells correctly.
- Strategy 3: Air Strikes - Deploying air troops like LavaLoon or DragBat, creating funnels, using Lava Hounds as shields, and timing Bat Spells.
- Advanced Advice - Using Heroes strategically, adapting to base designs, practicing through Friendly Challenges.
Read Full Article
14 Likes
Securityaffairs
2d
184
Image Credit: Securityaffairs
MITRE released EMB3D Threat Model for embedded devices
- MITRE released the EMB3D threat model for embedded devices used in critical infrastructure.
- The threat model provides a knowledge base of cyber threats to embedded devices.
- It serves as a resource for various industries, including critical infrastructure, IoT, automotive, healthcare, and manufacturing.
- The EMB3D threat model is a dynamic framework that allows continuous evolution and contributions from the security community.
Read Full Article
11 Likes
Securelist
2d
369
Image Credit: Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
- A zero-day vulnerability (CVE-2024-30051) has been exploited by QakBot malware.
- The vulnerability is related to the Windows Desktop Window Manager (DWM) and enables privilege escalation.
- The vulnerability was reported to Microsoft, and a patch was released on May 14, 2024.
- Kaspersky products can detect exploitation of CVE-2024-30051 and related malware.
Read Full Article
22 Likes
Medium
2d
27
Image Credit: Medium
Introduction to Active Directory (AD)
- Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks.
- AD helps organizations maintain a hierarchical, structured, and secure infrastructure, enabling system administrators to control permissions and manage data.
- Active Directory is structured hierarchically starting with a forest at the top, which can include one or several domains.
- Objects in Active Directory are stored in Organizational Units (OUs) that allow administrators to organize and apply policies to different sections of an organization.
Read Full Article
1 Like
Medium
2d
248
Threat Intelligence Report: Scattered Spider Campaigns
- This report analyzes the recent activities of the Scattered Spider cybercrime group, focusing on their campaign targeting financial institutions in May 2024.
- The campaign targeted financial institutions in the United States, including Visa Inc., PNC Financial Services Group, Transamerica, New York Life Insurance, and Synchrony Financial.
- Scattered Spider utilizes social engineering tactics, likely phishing emails, to gain access to targeted systems.
- Recommendations include security awareness training, multi-factor authentication, patch management, endpoint detection and response, network security monitoring, incident response planning, and threat intelligence sharing.
Read Full Article
14 Likes
Medium
2d
307
Image Credit: Medium
The Phorpiex and LockBit Black Tango: A Multi-Million Dollar Malware Match
- The Phorpiex botnet and LockBit Black ransomware were involved in a multi-million dollar malware attack.
- Phorpiex is a spam distributor turned Malware-as-a-Service (MaaS) platform, while LockBit Black is a ruthless encrypting ransomware.
- The attack involved a massive phishing campaign orchestrated through the Phorpiex botnet, with millions of phishing emails sent worldwide.
- To minimize the risk of falling victim, individuals and organizations should practice phishing awareness, use strong passwords, maintain regular backups, invest in security software, and provide employee education.
Read Full Article
18 Likes
Cryptopotato
2d
280
Image Credit: Cryptopotato
Poloniex Hacker Transfers $53.5 Million Worth of ETH Through Tornado Cash
- In the latest development, PeckShield found that more than half of the stolen funds from the Poloniex hack were moved through Tornado Cash.
- The hacker transferred 17.8K ETH, worth approximately $53.5 million, from six different wallets to a single address of Tornado Cash.
- This comes after the hacker previously moved over 1,100 ETH in 11 batches to the sanctioned crypto mixer.
- Poloniex was hacked in November 2023, with the attackers stealing around $126 million from the exchange's hot wallets.
Read Full Article
16 Likes
Securityaffairs
2d
170
Image Credit: Securityaffairs
Google fixes sixth actively exploited Chrome zero-day this year
- Google has released emergency security updates to address an actively exploited Chrome zero-day vulnerability, tracked as CVE-2024-4761.
- The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine of the Chrome browser and is being exploited in attacks in the wild.
- This is the sixth zero-day vulnerability exploited in attacks that Google has fixed this year.
- Google has not disclosed details about the attacks exploiting the vulnerability and will roll out updates to all users over the coming days/weeks.
Read Full Article
10 Likes
Medium
2d
269
Image Credit: Medium
Unlocking the Network’s Secrets: A Thrilling Journey into Network Penetration Testing(Part 2)
- In this article, we dive deeper into the world of network reconnaissance and exploitation, focusing on Nmap and Metasploit.
- Nmap is a powerful tool that allows us to perform stealthy host discovery scans and investigate specific ports.
- Kali Linux, which comes preloaded with enumeration lists, proves to be a valuable asset during ethical hacking endeavors.
- The article also provides a script encapsulating the entire scenario of using Metasploit, offering guidance for future exploits.
Read Full Article
16 Likes
Medium
2d
340
Western Union Paypal Bank Transfer Cc cVV Authentic DL and Passport VbV ATM CC Cloned Cards…
- The news content appears to be promoting illegal activities related to financial fraud and money laundering.
- The content mentions various illegal services, including PayPal transfers, Western Union transfers, bank transfers, cash app transfers, and cloned credit cards.
- The content also advertises the availability of prepaid cards with anonymous use and selling of dumps and credit cards worldwide.
- It is important to note that engaging in such activities is illegal and unethical. Users should avoid contact and report any suspicious activities to the appropriate authorities.
Read Full Article
20 Likes
For uninterrupted reading, download the app