menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Hacking News

Hacking News

source image

Hackersking

1w

read

415

img
dot

Image Credit: Hackersking

HTML Smuggling To Bypass Restrictions On Certain Files

  • File smuggling is a technique used by attackers to bypass restrictions on certain file types.
  • It involves disguising prohibited files within a different, permitted format.
  • The disguised file can pass through security filters undetected.
  • This technique can be used to send malicious files even on platforms like Gmail.

Read Full Article

like

24 Likes

source image

Securityaffairs

1w

read

284

img
dot

Image Credit: Securityaffairs

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

  • The German agency BSI has sinkholed a botnet composed of 30,000 devices infected with BadBox malware pre-installed.
  • The BSI blocked communication between the infected devices and the C2 server, isolating the malware.
  • BadBox malware conducts ad fraud, creates email accounts for spreading disinformation, and operates as a residential proxy.
  • At least 74,000 Android-based devices worldwide were shipped with the backdoored firmware.

Read Full Article

like

17 Likes

source image

Securityaffairs

1w

read

246

img
dot

Image Credit: Securityaffairs

U.S. authorities seized cybercrime marketplace Rydox

  • The U.S. Department of Justice (DoJ) seized cybercrime marketplace Rydox, which facilitated over 7,600 sales of stolen personal data and cybercrime tools.
  • Three Kosovo nationals, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, were arrested in connection with Rydox.
  • Rydox operated since February 2016, generating $230,000 through the sale of over 321,000 products to 18,000 users.
  • The U.S. authorities coordinated with international partners to seize the Rydox domain and servers, along with $225,000 in cryptocurrency.

Read Full Article

like

14 Likes

source image

TheNewsCrypto

1w

read

255

img
dot

Image Credit: TheNewsCrypto

Crypto Exchange Gate.io Denies Security Breach Rumors

  • Gate.io, one of the leading cryptocurrency exchanges, denies rumors of a security breach and massive withdrawals.
  • Gate.io's security team has found no irregularities and no external security agencies have reported issues.
  • Deposits, withdrawals, and trading activities on Gate.io are functioning normally.
  • Gate.io's Chief Business Officer dismisses the rumors as baseless and confirms the exchange is fully operational.

Read Full Article

like

15 Likes

source image

Coinpedia

1w

read

276

img
dot

Image Credit: Coinpedia

Dogecoin Network Hit by DogeReaper Exploit: What Went Wrong?

  • 69% of Dogecoin's active nodes were rendered dysfunctional after a hacker exploited the network's weakness.
  • The exploit, known as 'DogeReaper,' allows hackers to launch segmentation faults at Dogecoin nodes, terminating them.
  • Sequentia developer Andreas Kohl claimed responsibility for using the DogeReaper vulnerability on older nodes.
  • The attack exposes a crucial vulnerability in Dogecoin's decentralization system, putting pressure on the team to fix the loophole.

Read Full Article

like

16 Likes

source image

Securityaffairs

1w

read

280

img
dot

Image Credit: Securityaffairs

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

  • The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.
  • Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon, making them the first known mobile malware families linked to the Russian APT.
  • BoneSpy and PlainGnome were used in attacks against Russian-speaking victims in former Soviet states, likely due to strained relations post-Ukraine invasion.
  • Both BoneSpy and PlainGnome collect various data from infected devices and show similarities in infrastructure, techniques, and targeting, leading researchers to conclude that they are operated by Gamaredon.

Read Full Article

like

16 Likes

source image

Idownloadblog

1w

read

17

img
dot

Image Credit: Idownloadblog

Nugget updated to v4.2.1 with bug fixes that developer recommends for all users

  • The Nugget SparseRestore-based iPhone customization utility has been updated to version 4.2.1.
  • The update includes bug fixes and improvements.
  • Existing users are recommended to upgrade, and prospective users are encouraged to take advantage of the latest release.
  • Nugget supports iOS versions 17.0 through 18.2 developer beta 2 and can be used on macOS and Windows-based machines.

Read Full Article

like

1 Like

source image

Securityaffairs

1w

read

98

img
dot

Image Credit: Securityaffairs

US Bitcoin ATM operator Byte Federal suffered a data breach

  • US Bitcoin ATM operator Byte Federal disclosed a data breach after attackers gained unauthorized access to a server via a GitLab vulnerability.
  • The breach affected 58,000 customers, and potentially compromised personal information such as name, birthdate, address, phone number, and social security number.
  • Byte Federal responded by shutting down its platform, securing the compromised server, and initiating enhanced security measures.
  • Customers are advised to reset login credentials, monitor accounts for fraudulent activity, and take necessary precautions to protect against identity theft.

Read Full Article

like

5 Likes

source image

Hackingblogs

1w

read

42

img
dot

Image Credit: Hackingblogs

The Famous Yet Uncovered Chinese Spying Tool EagleMsgSpy Has Been Discovered

  • The discovery of EagleMsgSpy, a well-known Chinese spying program used by the Chinese intelligence agency and law enforcement.
  • EagleMsgSpy requires physical access to the device and collects a large amount of private information.
  • It intercepts messages, takes screenshots, records sound, gathers call logs and contacts, retrieves GPS coordinates, and more.
  • There are indications of an iOS version of this surveillance program.

Read Full Article

like

2 Likes

source image

Securityaffairs

1w

read

379

img
dot

Image Credit: Securityaffairs

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

  • Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout.
  • The surveillance tool, known as EagleMsgSpy, has been active since 2017 and requires physical access to the target device to initiate operations.
  • EagleMsgSpy collects extensive data from victim devices, including messages from various apps, screen recordings, audio, contacts, call logs, GPS coordinates, and more.
  • The surveillance tool is developed and maintained by Wuhan Chinasoft Token Information Technology Co., Ltd. and is believed to be used by several public security bureaus in mainland China.

Read Full Article

like

22 Likes

source image

Hackersking

1w

read

213

img
dot

Image Credit: Hackersking

This Is Why Hackers First Favorite Operating System Is Linux!

  • Kali Linux is a Debian-based Linux distribution developed for penetration testing, ethical hacking, and security auditing.
  • While Kali Linux is frequently used by hackers, it's not limited to them. Ethical hackers, penetration testers, and security researchers use Kali Linux to perform authorized tests and secure systems.
  • Hackers prefer Kali Linux due to its pre-installed tools, customizability, live boot capability, wireless hacking support, and being free and open-source.
  • Kali Linux is suitable for beginners with a basic understanding of Linux and cybersecurity, providing a platform to learn and improve skills in ethical hacking and penetration testing.

Read Full Article

like

12 Likes

source image

Securityaffairs

1w

read

204

img
dot

Image Credit: Securityaffairs

Operation PowerOFF took down 27 DDoS platforms across 15 countries

  • Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching cyberattacks.
  • Law enforcement agencies from 15 countries participated in the operation, seizing popular platforms for DDoS attacks.
  • Booter and stresser services enable DDoS attacks and are misused for malicious purposes.
  • Authorities arrested three administrators of these platforms in France and Germany and identified over 300 users.

Read Full Article

like

12 Likes

source image

Securelist

1w

read

401

img
dot

Image Credit: Securelist

Careto is back: what’s new after 10 years of silence?

  • The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007.
  • Kaspersky researchers have found traces of The Mask recently, identifying several cyberattacks that have been conducted by the threat actor.
  • One attack targeted an organization in Latin America in 2022, and the researchers established that attackers gained access to its MDaemon email server.
  • The researchers further discovered that attackers maintained persistence inside the organization using a unique method involving the MDaemon webmail component called WorldClient.
  • The persistence method used by the threat actor was based on WorldClient allowing loading of extensions that handle custom HTTP requests from clients to the email server.
  • The malicious extension installed by attackers implemented a set of commands associated with reconnaissance, performing file system interactions and executing additional payloads.
  • The attackers used scheduled tasks to launch files that would configure the malware to persist on compromised devices, and they leveraged COM hijacking via the CLSID.
  • The malware deployed by The Mask uses cloud storages for exfiltration and propagates across system processes.
  • Researchers attribute the attacks observed in 2022 and 2024 with medium to high confidence to The Mask.
  • The Kaspersky researchers have attributed previous attacks by The Mask as well, due to file names used by the malware and overlaps in TTPs.

Read Full Article

like

24 Likes

source image

Securityaffairs

1w

read

260

img
dot

Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

  • Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor.
  • Secret Blizzard leveraged the Amadey bot malware to infiltrate devices used by the Ukrainian military.
  • The group has a strategy of blending cybercrime with targeted cyber-espionage activities.
  • Microsoft is investigating how Secret Blizzard gained control of other threat actors' access to deploy its own tools.

Read Full Article

like

15 Likes

source image

Idownloadblog

1w

read

299

img
dot

Image Credit: Idownloadblog

Nugget updated to v4.2 with new features and bug fixes

  • Nugget version 4.2 has been released with new features and bug fixes.
  • The update includes new features such as daemon disabling, tooltips for tweaks, and error messages.
  • Bug fixes are also included, addressing issues with the exploit code and mobilegestalt file.
  • Nugget can apply jailbreak tweak-like hacks on non-jailbroken devices running iOS 17.0-18.2 beta 2.

Read Full Article

like

17 Likes

For uninterrupted reading, download the app