A naukri.com initiative
Hacking News
Medium
1w
147
Image Credit: Medium
Weird Leak? Favicon Caching Might Be Exposing You
- Modern browsers store favicon data in persistent caches that may not get cleared even in private or incognito mode.
- Some sites pull favicons from third-party domains, potentially exposing users' visits to these sites.
- Favicon caching could be used as a fingerprintable vector in conjunction with other metadata leaks for tracking purposes.
- Community discussion is ongoing on whether to actively block or route favicons to prevent potential privacy risks.
Read Full Article
8 Likes
Massivelyop
1w
319
Activision lawsuit argues hackers make PC players quit Call of Duty Black Ops 6 over toxicity
- Activision has filed a lawsuit against the creators of hacking programs for Call of Duty: Black Ops 6, alleging that these hacks have made the multiplayer experience toxic for PC players.
- The lawsuit names Ryan Rothholz, Collin Gyetvai, and Jordan Newcombe Boothey for creating and distributing hacking programs like Lergware and GameHook that enable cheating in the game.
- Activision claims that attempts to engage with the creators of the hacking programs were ignored, leading to legal action being taken by the company.
- The company argues that such hacking programs not only harm the game's community but also impact its financial performance by driving players away from the PC version of Call of Duty: Black Ops 6.
Read Full Article
19 Likes
Securityaffairs
1w
67
Image Credit: Securityaffairs
Threat actors use fake AI tools to deliver the information stealer Noodlophile
- Threat actors are using fake AI tools to distribute the information stealer Noodlophile, as warned by Morphisec researchers.
- Attackers exploit the AI hype through viral posts and Facebook groups to trick users into downloading Noodlophile Stealer, a new malware that steals browser credentials and crypto wallets.
- Noodlophile Stealer, a previously undisclosed malware, is being sold on cybercrime forums as part of malware-as-a-service schemes and is often bundled with tools for credential theft.
- Fake AI tools like 'Dream Machine' or 'CapCut' spread through social media, attracting users seeking free video/image editors, but instead delivering malware like Noodlophile or XWorm.
Read Full Article
4 Likes
Hackingblogs
1w
101
Image Credit: Hackingblogs
One-Click Exploit: ASUS DriverHub RCE Vulnerability Exposes Admin Access
- Security researcher Paul discovered a critical ASUS DriverHub RCE vulnerability that allows attackers to execute code with admin privileges by tricking users into visiting a malicious website.
- DriverHub, a background process by ASUS, interacts with the website driverhub.asus.com using Remote Procedure Calls (RPC) instead of a graphical user interface.
- Key findings of the vulnerability include DriverHub hosting a local HTTP service, vulnerability in Origin header validation, and exploitable endpoints like InstallApp and UpdateApp which is the basis of the exploit.
- The exploit chain involves making an UpdateApp request to download a harmless-looking executable, injecting INI files, and executing a signed executable with admin rights, demonstrating the severity of the ASUS DriverHub RCE vulnerability.
Read Full Article
6 Likes
Securityaffairs
1w
46
Image Credit: Securityaffairs
German police seized eXch crypto exchange
- Germany's Federal Criminal Police (BKA) shut down the eXch crypto exchange (eXch.cx), seizing its infrastructure over money laundering and illegal trading allegations.
- The German law enforcement seized €34M in crypto and 8TB of data from the platform, marking its third-largest crypto asset seizure ever.
- eXch crypto exchange had been active since 2014, enabling anonymous crypto swaps via clearnet and darknet, avoiding Anti Money Laundering rules. Authorities suspect the platform allowed laundering $1.9B.
- eXch announced it would shut down on May 1, 2025, amid suspicions of money laundering and illegal trading. Despite the shutdown announcement, authorities swiftly seized data and crypto assets from the platform.
Read Full Article
2 Likes
Dev
1w
3.4k
Image Credit: Dev
The 1% of Hacking Nobody Talks About… But Should
- Hacking is more than just tools and code, it's a mindset of curiosity, obsession, and rebellion.
- Real hackers ask unique questions, break patterns, and aim to understand how systems truly function.
- The focus is on building a solid foundation of knowledge, such as learning Python and networking, to comprehend the underlying structures of technology.
- The goal is not fame or likes, but to gain leverage by being able to see through systems and manipulate them skillfully, always striving to learn and grow.
Read Full Article
19 Likes
TheNewsCrypto
1w
240
Mobius Token Hit by $2.15M BNB Chain Exploit as DeFi Security Concerns Grow
- Hackers drained $2.15 million from Mobius Token smart contracts on the BNB Chain on May 11.
- The attacker converted 28.5 million MBU tokens to USDT using a malicious contract.
- Cyvers Alerts confirmed the exploit, labeling it as critical due to suspicious code and abnormal transactions.
- The incident illustrates the growing security concerns in DeFi as recent hacks have led to substantial losses in the crypto space.
Read Full Article
14 Likes
Securityaffairs
1w
240
Image Credit: Securityaffairs
Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION
- 437,329 patients' personal data exposed in Ascension cyberattack.
- Operation Moonlander dismantles cybercriminal services Anyproxy and 5socks.
- SonicWall fixes critical flaws in SMA 100.
- NSO Group ordered to pay over $167M to WhatsApp for spyware campaign.
Read Full Article
14 Likes
Securityaffairs
1w
261
Image Credit: Securityaffairs
Google will pay Texas $1.4 billion over its location tracking practices
- Google agrees to pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and facial recognition data retention.
- Texas Attorney General reached a $1.375 billion settlement with Google for unlawful tracking of geolocation, incognito searches, and biometric data.
- The settlement represents a significant privacy victory for Texans and serves as a warning to companies against violating user trust.
- Google denies wrongdoing in the settlement, stating it had already made policy changes and will not alter products as part of the deal.
Read Full Article
15 Likes
Securityaffairs
1w
224
Image Credit: Securityaffairs
Ascension reveals personal data of 437,329 patients exposed in cyberattack
- A data breach at Ascension, caused by a former partner's compromise, exposed the health information of over 430,000 patients.
- The breach disclosed personal and clinical data, including names, contact info, SSNs, and medical visit details, with specific information varying by individual.
- Ascension initiated an investigation after learning of the security incident, discovering that patient information was accidentally disclosed to a former business partner, likely leading to data theft.
- The healthcare organization is offering two years of free identity monitoring to those affected by the breach and has reported the incident to the U.S. Department of Health & Human Services.
Read Full Article
13 Likes
Securityaffairs
1w
84
Image Credit: Securityaffairs
Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services
- Operation Moonlander dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects.
- U.S. Justice Department charged Russian and Kazakhstani nationals for maintaining, operating, and profiting from Anyproxy and 5socks services.
- The botnet operators enabled cryptocurrency payments and targeted IOT and SOHO devices for malicious activities like ad fraud, DDoS attacks, and brute force attacks.
- FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life routers and urged replacing compromised routers or preventing infection by disabling remote admin and rebooting.
Read Full Article
5 Likes
Hackernoon
1w
287
Image Credit: Hackernoon
Digital Defenders: Meet Syed Shahzaib Shah, Pakistan’s Ethical Hacker Changing the Game
- Syed Shahzaib Shah, a Pakistani cybersecurity researcher and ethical hacker, is known for his responsible disclosure and digital defense efforts.
- With over a decade of experience, Shahzaib Shah has become a prominent figure in the cybersecurity space, showcasing ethics, innovation, and impact.
- He has earned global recognition as a bug bounty hunter and as the founder of SS Support Network LLC, merging technical expertise with business acumen.
- Shahzaib Shah's journey from a self-taught hacker in rural Pakistan to a global influencer emphasizes the importance of responsible hacking, cyber resilience, and digital literacy.
Read Full Article
17 Likes
Hackers-Arise
1w
404
Image Credit: Hackers-Arise
Open Source Intelligence (OSINT): Using OSINT in Cyberwar!
- Open Source Intelligence (OSINT) techniques are being increasingly used in cyberwarfare to gather information about individuals from open sources.
- The process starts with accurate identification of the target individual using unique identifiers or combinations of identifiers to ensure the gathered information belongs to the correct person.
- Data leak aggregators like OsintKit are commonly used to search for and identify individuals, providing verified and validated data from various sources. It offers both free and subscription-based plans.
- By leveraging tools like OsintKit, investigators can quickly find detailed information about individuals, such as contact details, identification numbers, and residential addresses, aiding in OSINT investigations.
Read Full Article
24 Likes
Securityaffairs
1w
387
Image Credit: Securityaffairs
A cyber attack briefly disrupted South African Airways operations
- A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected.
- SAA activated disaster and continuity protocols immediately, enabling the resumption of impacted systems on the same day.
- Investigation into the cyberattack is ongoing with the assistance of independent digital forensic experts to determine the root cause and full scope of the security breach.
- The incident was reported to national authorities for criminal investigation, and steps are being taken to enhance security measures and mitigate potential risks.
Read Full Article
23 Likes
Dev
1w
366
Image Credit: Dev
Web Cache Deception Attacks
- Web Cache Deception is a vulnerability discovered in 2017 where caching systems can cache sensitive, dynamic content meant for authenticated users, making it publicly accessible due to incorrect configurations.
- The vulnerability occurs when caching systems base their caching decisions solely on the URL structure, potentially ignoring the actual server behavior. This can lead to private information being cached and exposed to unauthorized users.
- Monitoring HTTP headers like X-Cache, Cf-Cache-Status, and Age can help identify such vulnerabilities. Exploitation scenarios include tricking caching systems with manipulated URLs to cache sensitive information that should not be publicly available.
- In a real-world example, exploiting Web Cache Deception could allow attackers to reuse invalidated invite links on applications like Discord, leading to potential security breaches even after the links have been removed or expired.
Read Full Article
22 Likes
For uninterrupted reading, download the app