menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Coinpedia

2d

read

112

img
dot

Image Credit: Coinpedia

Crypto Exchange Rain Suffers $14.8 Million Loss; A Real Sophisticated Hack Indeed

  • Bahrain-based cryptocurrency exchange Rain suffered a $14.8 million loss in a sophisticated hack.
  • Wallets containing BTC, ETH, SOL, and XRP were exploited, leading to suspicious outflows.
  • The stolen funds were quickly transferred and converted into BTC or ETH to obfuscate the trail.
  • Rain administration responded promptly, taking necessary measures to protect customer funds.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

2d

read

333

img
dot

Image Credit: Securityaffairs

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

  • Since April, the Phorpiex botnet has been used to send millions of phishing emails as part of a LockBit Black ransomware campaign.
  • The botnet, active since 2016, has been involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping, and ransomware attacks.
  • In August 2021, the criminal organization behind the Phorpiex botnet shut down their operations and put the bot's source code for sale on the dark web.
  • In December 2021, a new variant of the Phorpiex botnet, named Twizt, was observed, allowing the theft of crypto assets worth $500,000.

Read Full Article

like

20 Likes

share

4 Shares

source image

Bitcoinik

3d

read

275

img
dot

Image Credit: Bitcoinik

Rain crypto exchange lost $14.1 million in a hacking incident 

  • Rain crypto exchange, based in the Middle East, lost $14.1 million in a hacking incident.
  • The incident occurred on April 29, 2024, but was publicly reported on May 13, 2024.
  • Hackers stole various cryptocurrencies from Rain, including Bitcoin, Ethereum, Solana, and XRP.
  • Rain confirmed the incident and stated that all losses will be covered, ensuring no customer faces any financial harm.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

3d

read

498

img
dot

Image Credit: Securityaffairs

Threat actors may have exploited a zero-day in older iPhones, Apple warns

  • Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS.
  • Apple released urgent security updates to address multiple vulnerabilities in iPhones, iPads, macOS.
  • The issue impacts older iPhone devices, it is tracked as CVE-2024-23296 and is a memory corruption flaw in the RTKit.
  • Apple warns that the vulnerability patched in March, tracked as CVE-2024-23296, may have been exploited as a zero-day.

Read Full Article

like

5 Likes

share

1 Share

source image

Idownloadblog

3d

read

346

img
dot

Image Credit: Idownloadblog

Untethered jailbreak for iOS 9.2-9.3.4 devices teased by dora2ios

  • Talented jailbreak developer @dora2ios teases an untethered jailbreak for iOS 9.2-9.3.4 devices.
  • @dora2ios collaborates with @imnotclarity and @staturnzdev for the successful achievement.
  • The demonstration video shows an iPhone 5s running iOS 9.3.1 utilizing jsc untether and kexploit/pwnkc.
  • No release date provided yet, interested users should follow @dora2ios on X for updates.

Read Full Article

like

20 Likes

share

4 Shares

source image

Idownloadblog

3d

read

255

img
dot

Image Credit: Idownloadblog

Security researcher says PoC for kernel vulnerability targeting iOS 17.4.1 and older coming soon

  • A security researcher has discovered a kernel vulnerability in AppleAVD on iOS 17.4.1 and older.
  • The researcher plans to publish a proof of concept (PoC) for the vulnerability soon.
  • The PoC could assist hackers in developing a kernel exploit for various purposes.
  • Users are advised not to update to iOS 17.5 to keep the vulnerability intact for potential hacking.

Read Full Article

like

15 Likes

share

3 Shares

source image

Dev

3d

read

187

img
dot

Image Credit: Dev

About selling a solution

  • When designing a commercial solution, it is important to consider the target audience and their needs.
  • Attractiveness is crucial in capturing customers' attention and differentiating your product from competitors.
  • Choosing a specific focus for your product and avoiding diversification helps maintain effectiveness.
  • Engaging with potential customers and understanding their work problems is essential for developing a useful product.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securityaffairs

3d

read

159

img
dot

Image Credit: Securityaffairs

City of Helsinki suffered a data breach

  • The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel.
  • The breach occurred on 30 April 2024 and is currently being investigated by the Police of Finland.
  • The data breach affected the City's Education Division's computer network, exposing personal information of students, guardians, and personnel.
  • The City has implemented security measures and is closely monitoring its networks to prevent further breaches.

Read Full Article

like

9 Likes

share

2 Shares

source image

Medium

3d

read

23

img
dot

Image Credit: Medium

Almost nobody likes Penetration Tests

  • Penetration tests are not typically liked but are still necessary. The problems they face include difficulty in scoping, prioritizing, and using their results. The test should be viewed as a module that interacts with existing processes. In order to solve these problems, we need to define the penetration test's inputs and outputs, which are crucial parts of functions and risks, respectively. The critical functions are then described in terms of risk scenarios associated with them. Risk scenarios help in answering the question of how to reach the worst-case impact. The essential outcome is that the test becomes more accessible to all stakeholders. The results can be made understandable at many levels. By using functions and risks, we can interface more effectively with cybersecurity processes.
  • Penetration testers can choose to either focus on the attack vector or prioritise their tests in terms of the most critical functions within an organisation. By performing a complete test of attack vectors, it is possible to streamline the testing process by condensing the results and turning them into understandable language. This method ensures that everyone who needs to understand the test's results can. Finally, penetration tests need to be able to create more value by helping an organisation expand its product offerings, improve upon its existing products, and make better business decisions.

Read Full Article

like

1 Like

share

Share

source image

Medium

3d

read

174

img
dot

Image Credit: Medium

The Best Inspirational Movies About Computer Science.

  • The Matrix tops the list of the most popular computer science-themed movies as it depicted the concept of loop and recursion.
  • The Imitation Game is a dramatic true-story-based movie about the Turing Machine and its genius inventor Alan Turing.
  • Hackers is a movie released in 1995, which shows a group of high school geeks using their programming skills for corporate extortion.
  • The Internet's Own Boy movie recounts the story of one hacker, Aaron Swartz. It’s a fascinating documentary film released in 2014.
  • The Pirates of Silicon Valley is an American biographical drama released back in 1999, it tells how Microsoft and Apple started.
  • Silicon Valley is a parody of Silicon Valley culture, which focuses on a programmer who founds a promising startup and then struggles to maintain it while competing with larger companies.
  • 12 Monkeys: Bruce Willis’s character is sent back in time to collect information about a virus and save humanity.
  • The Social Network is a great movie that tells the controversial story of Mark Zuckerberg, the creator of Facebook.
  • Source Code: A soldier wakes up in the body of an unfamiliar person using his programming capabilities.
  • Who Am I: Kein System ist sicher is a very dynamic action movie about hacking and coding.
  • We Are Legion: The Story of the Hacktivists is one more movie about hackers, about their complex culture and history.
  • Steve Jobs is a biographical drama mostly about Steve Jobs’s backstage preparation before launching iconic products like IMac, NeXT Cube, and Mac.
  • The Startup: A very realistic startup journey, which speculates what may happen if you lack wisdom and maturity.
  • TRON a 1982 classic action-adventure movie that portrays a programmer who gets sucked into the digital world.

Read Full Article

like

10 Likes

share

2 Shares

source image

Coin Telegraph

3d

read

176

img
dot

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT

  • Rain cryptocurrency exchange suffered $14.1 million in suspicious outflows two weeks ago.
  • The outflows involved Bitcoin, Ether, Solana, and XRP.
  • The funds were quickly transferred to instant exchanges and converted into BTC and ETH.
  • Approximately $5.5 million worth of ETH and $8.6 million worth of BTC were deposited into two destination addresses.

Read Full Article

like

10 Likes

share

2 Shares

source image

Coinpedia

3d

read

348

img
dot

Image Credit: Coinpedia

A Big Warning for Crypto Users: Massive ETH Deposits Into Tornado Cash Traced to Notorious Hacker

  • A large sum of 1000 ETH (about $3 million) was found going into Tornado Cash from a wallet associated with Bo Shen Hacker.
  • Reports indicate that the hacker has been trading stolen assets, including 38 million DAI, for ETH and depositing them into Tornado Cash.
  • There was a significant increase in deposits at Tornado Cash on March 18, 2024, mainly attributed to hackers utilizing the Heco Bridge cross chain.
  • Despite previous sanctions, Tornado Cash continues to operate and enable the laundering of large sums of money, highlighting the challenges faced by regulatory authorities in curbing criminal activities in the cryptocurrency sphere.

Read Full Article

like

20 Likes

share

4 Shares

source image

Medium

3d

read

180

img
dot

Image Credit: Medium

Detecting and Mitigating the XZ Backdoor >

  • XZ is a compression algorithm and file format widely used in Unix-like operating systems for data compression purposes.
  • A backdoor was discovered in the XZ compression algorithm in 2023 by a malicious developer named Jia Tan who had gained commit and release manager permissions for the project over two years of contribution.
  • The backdoor was sophisticated and consisted of multiple parts introduced over multiple commits.
  • Currently, it appears that the backdoor is added to the SSH daemon on the vulnerable machine, enabling a remote attacker to execute arbitrary code.
  • The Popeye XZ tool has been developed to detect and fix the XZ-utils backdoor vulnerability (CVE-2024–3094).
  • The Popeye XZ tool works by analyzing XZ compressed files for potential security vulnerabilities or suspicious patterns, and it may employ pattern recognition algorithms to detect known signatures of malicious XZ archives.
  • The tool also performs behavioral analysis, examining the behavior of extracted files or payloads for signs of malicious activity.
  • Jia Tan used fake accounts to send myriad feature requests and complaints about bugs to pressure the original maintainer, eventually causing the need to add another maintainer to the repository.
  • The vulnerability was assigned CVE-2024–3094 by Red Hat.
  • Vegard Nossum’s script is mentioned as a means to detect potentially vulnerable SSH binaries on systems.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

3d

read

192

img
dot

Image Credit: Securityaffairs

Russian hackers defaced local British news sites

  • A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group.
  • Local media websites in the UK are vulnerable to cyber attacks, threat actors can target them to spread fake news.
  • In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites.
  • The attackers used to replace existing legitimate articles on the sites with the fake content, instead of creating new posts.

Read Full Article

like

11 Likes

share

2 Shares

source image

Schneier

3d

read

100

img
dot

LLMs’ Data-Control Path Insecurity

  • Prompt injection is a well-known technique for attacking large language models (LLMs), which involves creating a prompt that tricks the model into doing something it shouldn’t.
  • Any LLM application that processes emails or web pages is vulnerable to prompt injection as attackers can embed malicious commands in images and videos.
  • The root cause of prompt injection is the commingling of data and commands, which is similar to the problem that plagued the pre-SS7 phone network.
  • Unlike the phone network, we can't separate an LLM's data from its commands, because the data affects the code, enabling prompt injection.
  • Defenses against prompt injection are likely to be piecemeal, and we will have to limit how much we can trust LLMs and use a more nuanced view of AI systems.
  • As we build AI systems, we will have to balance the power that generative AI provides with the security risks, and use specialized AI models that are optimized for specific tasks instead of general LLMs.
  • Further research is needed to separate the data and control paths of LLMs so that they are more secure and resistant to attacks.
  • Until then, we must be careful about using LLMs in potentially adversarial situations like the internet to prevent prompt injection attacks and protect our data.

Read Full Article

like

6 Likes

share

1 Share

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app