A naukri.com initiative
Hacking News
Coinpedia
3d
809
Image Credit: Coinpedia
China’s Authorities Seize $300 Million in Massive Crypto Fraud
- Chinese authorities have seized assets worth $300 million in a major cryptocurrency fraud case.
- The fraud involved the illegal exchange of Renminbi (RMB) and Korean Won using virtual currencies.
- The mastermind behind the scam, Jin Moudong, and his accomplice were detained.
- This operation has led to the discovery and dismantling of an underground banking sector involved in illicit activities.
Read Full Article
13 Likes
Coinpedia
3d
156
Image Credit: Coinpedia
Crypto Hack Weekly Report: Unpacking the Major Breaches of the Week
- Bloom from Base network hacked, resulting in a $600,000 loss.
- Gnus experienced a severe security breach through their Discord channel, causing an estimated $1.27 million in damage.
- Galaxy Fox was exploited due to a smart contract vulnerability, resulting in the loss of over 108 ETH ($330,000).
- Tsuru Token faced a vulnerability in their TRUSU Wrapper contract, leading to processing errors and bypassing control mechanisms.
Read Full Article
9 Likes
Silicon
3d
196
Image Credit: Silicon
MGM Hackers Launch New Campaign Targeting Banks, Insurance
- A hacking group known as Scattered Spider, responsible for previous attacks on MGM Resorts International and Caesars Entertainment casinos, has launched a new campaign targeting banks and insurance companies.
- The group has compromised at least two insurance firms and has targeted companies such as Visa, PNC Financial Services Group, Transamerica, New York Life Insurance, and Synchrony Financial.
- Scattered Spider, believed to consist of teenagers and young adults from the US, UK, and Eastern Europe, uses social engineering techniques to obtain passwords and sensitive information.
- The FBI is working towards arresting members of Scattered Spider, with private firms assisting in gathering evidence.
Read Full Article
11 Likes
Securityaffairs
3d
128
Image Credit: Securityaffairs
Australian Firstmac Limited disclosed a data breach after cyber attack
- Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach after the Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
- The breach resulted in unauthorized access to customer information, including names, contact information, date of birth, external bank account details, and driver's license numbers.
- Firstmac Limited assures that customer funds are secure, and there is no evidence of any impact on current customer accounts.
- Impacted customers are being provided with identity theft protection services and advised to monitor their bank accounts for suspicious activity.
Read Full Article
7 Likes
Tech Story
3d
209
How to Get Smithing Templates
- The 2024 update of Minecraft introduces smithing templates, allowing players to create personalized items.
- Smithing templates can be found in chests in various locations or traded with villagers.
- Players can also create templates using crafting tables or enchantment tables.
- Using smithing templates, players can craft customized items that suit their playstyle in Minecraft.
Read Full Article
12 Likes
Guardian
4d
254
Image Credit: Guardian
BT ramps up AI use to counter hacking threats to business customers
- BT is using artificial intelligence to detect and neutralise hacking threats to its business customers.
- The £10.5bn group has patented technology that uses AI to analyse attack data and protect tech infrastructure.
- BT's AI technology, Eagle-i, suggests policies to implement in firewalls to protect against future attacks.
- BT is also using AI to improve fault detection across its network, reducing fix times.
Read Full Article
15 Likes
Medium
4d
189
Image Credit: Medium
First OSINT Company Providing Potential Threats And Solutions For Individuals Or Medium/Small Sized…
- OSINTForYou provides customized OSINT investigations, online footprint audits, cybersecurity consulting, and social media monitoring.
- It offers a budget-friendly and logical solution for individuals or medium/small-sized businesses to uncover online risks and take control of their digital presence.
- The services provided by OSINTForYou are a more cost-effective alternative to advanced security procedures.
- OSINTForYou aims to make OSINT more recognized and valued, as it is a powerful tool with untapped potential.
Read Full Article
11 Likes
Medium
4d
335
Image Credit: Medium
Configure Fireprox for IP Rotation using AWS API Gateway
- During a penetration testing assessment, automation is needed for certain activities like web scraping from sites such as LinkedIn.
- To avoid being blocked, rotating IPs is necessary, and AWS API Gateway can be used.
- Fireprox, an open-source tool by Black Hills Information Security, creates temporary pass-through proxies that generate unique IP addresses for each request.
- Various methods, including direct usage, environment variables, and AWS profiles, can be used to configure Fireprox for IP rotation using AWS API Gateway.
Read Full Article
20 Likes
Medium
4d
85
Image Credit: Medium
How to install and use SQLNinja?
- SQLNinja is a powerful tool designed to explore and exploit SQL injection vulnerabilities on a target database.
- This article discusses the basic system requirements that must be met to use SQLNinja, including operating system, hardware, and software dependencies such as Perl modules.
- The steps involved in downloading, installing, and verifying the setup of SQLNinja on Windows, Linux, and macOS are also highlighted.
- Commands for connecting to a target database, exploring its structure, and executing SQL commands are also provided.
- The article also details advanced features of SQLNinja for exploiting SQL injection vulnerabilities, bypassing authentication, and automating attacks to cause damage to the target database.
- Users are advised to exercise caution while using SQLNinja to execute SQL commands as they can potentially wreak havoc on the target database if not used correctly.
- Online resources such as OWASP and SANS Institute can be consulted for more information on SQLNinja and SQL injection vulnerabilities.
Read Full Article
5 Likes
Medium
4d
340
Image Credit: Medium
DOS attack using python
- The script is creating a UDP socket and generating random bytes of length 1490.
- It clears the terminal screen and prints a banner displaying 'DDOS ATTACK'.
- The program takes the IP address and port number of the targeted system as inputs.
- In the main loop, it continuously sends random bytes to the target IP address and port.
Read Full Article
20 Likes
Medium
4d
319
Image Credit: Medium
Into the Dark World of Lockbit 3.0: A Practical Showcase of RAAS and PDF Trojan Technique
- Lockbit 3.0 is a highly sophisticated ransomware that is continuously evolving and adapting to evade detection.
- It offers improved encryption techniques and expanded attack vectors, posing a significant threat to organizations and individuals.
- Lockbit ransomware utilizes the concept of Ransomware-as-a-Service (RAAS) to allow cybercriminals to lease the ransomware infrastructure and customize their attacks without technical expertise.
- The practical demonstration showcases how attackers use Lockbit builders and scripting languages like AutoIT to craft sophisticated ransomware payloads.
- It also demonstrates how attackers conceal the malicious Lockbit payload within innocent files such as PDFs to lure victims into unwittingly executing the ransomware payload.
- The Lockbit 3.0 attack results in the encryption of files, alteration of system settings, and potential data loss, thereby highlighting the critical need for proactive cybersecurity measures.
- Adversaries could employ social engineering techniques to distribute the disguised ransomware Trojan through email attachments or downloads.
- The file extension manipulation technique with tools like charmap can further disguise the Trojan and make it appear as a harmless PDF document to unsuspecting victims.
- The practical demonstration underscores the importance of vigilance and cautious behavior when handling file attachments and downloads.
- The future outlook of ransomware attacks remains challenging. However, implementing robust preventive measures, staying vigilant against emerging threats, and fostering a cybersecurity-aware culture can mitigate their impact.
Read Full Article
19 Likes
Medium
4d
340
Image Credit: Medium
HackTheBox - Sauna
- Nmap scan reveals open ports and potential usernames.
- Kerbrute discovers valid usernames and retrieves TGT password hash.
- Credentials for svc_loanmgr service account found and plaintext password identified.
- Exploiting DCSync privilege leads to obtaining system-level access and accessing the root flag.
Read Full Article
20 Likes
Securityaffairs
4d
389
Image Credit: Securityaffairs
Pro-Russia hackers targeted Kosovo’s government websites
- Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government’s support to Ukraine with military equipment.
- Kosovo government websites, including the websites of the president and prime minister, were targeted with DDoS attacks.
- The attacks caused temporary disruption, but the websites were restored by the government's Information Society Agency.
- The attack is part of a hybrid war aimed at destabilizing Kosovo's security, stability, and welfare institutions.
Read Full Article
23 Likes
Medium
4d
121
Unlocking the Secrets of Public Key Cryptography: An Introduction
- Public Key Cryptography is a method that has transformed the way information is exchanged over the internet, involving the use of two keys: a public key, which is shared openly, and a private key, which is kept secret.
- Public Key Cryptography not only protects the confidentiality of data by encrypting messages but also verifies the authenticity of the sender through digital signatures.
- The history of public key cryptography is a fascinating journey of evolving digital communication needs, starting from the traditional symmetric encryption methods to asymmetric cryptography.
- RSA became the first widely adopted system that could be used for both encryption and digital signatures, marking a significant milestone in the application of public key cryptography.
- SSL certificates utilize public key cryptography to secure online transactions, making e-commerce, online banking, and private communications viable and safe.
- Digital signatures verify the origin and integrity of the message or document, confirming that it has not been altered in transit.
- SSH and VPNs protect data in transit over insecure networks, ensuring that sensitive information shared between remote computers and servers is encrypted.
- Public key cryptography has diversified its applications ranging from securing web browsers through SSL/TLS certificates to cryptocurrencies and blockchain.
- Public key cryptography ensures a robust framework for secure communication over the internet, protecting emails, online transactions, and confidential government communications.
- Public key cryptography has become synonymous with privacy and security in the digital age, making online interactions smoother and safer.
Read Full Article
7 Likes
Medium
4d
304
Image Credit: Medium
Platform Misconfiguration — By-passing HTTP method based access control, Authorization series…
- Platform misconfiguration can lead to bypassing HTTP method based access control.
- There are two conditions to bypass HTTP method based access controls.
- Misconfiguration during the development phase can cause security concerns.
- An example lab from the web security academy demonstrates this concept.
Read Full Article
18 Likes
For uninterrupted reading, download the app