menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Hackingblogs

6d

read

322

img
dot

Image Credit: Hackingblogs

Exploring Fsociety: Tool Overview of this Robust and free tools for hackers 2024

  • Fsociety is an open-source tool mainly used for data gathering and web application vulnerability scanning.
  • It is compatible with Linux, Windows, and Android devices and offers a command-line interface for Kali Linux.
  • The tool provides various functionalities such as data gathering, password attacks, wireless testing, exploitation testing, and sniffing.
  • Fsociety is safe to use for ethical hacking purposes, but permission is required before testing personal or corporate systems.

Read Full Article

like

19 Likes

share

4 Shares

source image

Hackingblogs

6d

read

111

img
dot

Image Credit: Hackingblogs

What is PhoneInfoga: Easily Gather Phone Number Information with the Robust tool PhoneInfoga in 2024

  • PhoneInfoga is an advanced tool designed to extract information from phone numbers using only free resources.
  • It fetches details such as carrier, country, and area and utilizes Search Engine Fingerprinting to identify the owner of the phone number.
  • PhoneInfoga is built in Python and compatible with various platforms, including Termux.
  • It can be used for research, security testing, or investigating suspicious activity.

Read Full Article

like

6 Likes

share

1 Share

source image

Hackingblogs

6d

read

128

img
dot

Image Credit: Hackingblogs

What is Sherlock : The Ultimate Tool Sherlock for Finding Usernames Online for free 2024

  • Sherlock is a powerful tool that searches through popular social media platforms and forums to find usernames.
  • To use Sherlock, you need to install it first by following the provided commands.
  • Sherlock can help you search for usernames on various social media sites and offers a free version for multiple platforms.
  • Sherlock is known for its high accuracy rate in finding usernames quickly and efficiently.

Read Full Article

like

7 Likes

share

1 Share

source image

Medium

6d

read

53

img
dot

Image Credit: Medium

JavaScript Dependency Injection

  • Dependency injection is a design pattern in software development where objects or functions utilize other objects or functions (dependencies) without needing to understand their inner workings.
  • Dependency injection in front-end JavaScript enables an application to load its dependencies as required, rather than instantiating them within the classes.
  • Dependency Injection (DI) addresses these problems by using an injector to instantiate and inject the application’s necessary dependencies as needed.
  • While dependency injection in JavaScript offers advantages to the application, it also expands its vulnerability.
  • The following are a few of the most common vulnerabilities in JavaScript dependency injection frameworks:
  • Follow these best practices to minimize the vulnerabilities associated with JavaScript dependency injection:
  • Web frameworks and libraries are crucial in thwarting server-side JavaScript injection attacks.
  • In this example, the userInput variable is first validated using a regular expression to ensure that it only contains alphanumeric characters.
  • Finally, the sanitized user input is used to perform a safe operation, such as querying a database, and the results are returned to the client.
  • Reference MEMCYCO and SecOps and SourceDefence

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

6d

read

285

img
dot

Image Credit: Securityaffairs

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

  • Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key.
  • The flaw resides in the code that generates signatures from ECDSA private keys which use the NIST P521 curve.
  • The company recommends customers to replace the PuTTY version installed on their XenCenter system with an updated version (with a version number of at least 0.81).
  • The vulnerability CVE-2024-31497 was discovered by researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

7d

read

360

img
dot

Image Credit: Medium

AORT: All in One Recon Tool

  • AORT is a powerful reconnaissance tool that improves reconnaissance and vulnerability scanning efforts.
  • AORT has certain system requirements, including operating system compatibility and recommended hardware specifications.
  • The installation process for AORT is straightforward and involves downloading the tool's source code and running the installation script.
  • AORT offers various options for information gathering, vulnerability scanning, and generating reports.

Read Full Article

like

21 Likes

share

5 Shares

source image

Siliconangle

7d

read

740

img
dot

Image Credit: Siliconangle

Dell discloses breach affecting customer purchase database

  • Dell Technologies Inc. has disclosed a breach in its customer purchase database.
  • The breach was reported after a hacker posted on a forum soliciting bids for a dataset stolen from Dell.
  • The threat actor claims to have stolen data about 49 million customers and purchases, affecting individuals, enterprises, schools, Dell partners, and other organizations.
  • While names and addresses were compromised, sensitive information like payment details and passwords were not affected.

Read Full Article

like

17 Likes

share

5 Shares

source image

Medium

7d

read

303

img
dot

Image Credit: Medium

HackTheBox | Devvortex Walkthrough

  • The author starts with enumeration, adding the domain name to the hosts file
  • Two open ports are found: SSH on port 22 and HTTP on port 80
  • Manual enumeration and directory fuzzing do not yield any results
  • Subdomain brute forcing reveals a new subdomain

Read Full Article

like

18 Likes

share

4 Shares

source image

Tech Story

7d

read

299

img
dot

How to Withdraw Money from Robinhood

  • To withdraw money from Robinhood, follow these steps:
  • Launch the Robinhood app and log in.
  • Go to the 'Account' section and select 'Transfers'.
  • Choose 'Withdraw Funds' and enter the desired amount.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

7d

read

112

img
dot

Image Credit: Securityaffairs

Dell discloses data breach impacting millions of customers

  • Dell disclosed a security breach that exposed millions of customers’ names and physical mailing addresses.
  • The breach occurred through a Dell portal containing limited types of customer information related to purchases.
  • Compromised data includes customers’ names, addresses, and hardware and order information.
  • No financial or highly sensitive customer information was revealed in the breach.

Read Full Article

like

6 Likes

share

1 Share

source image

Medium

7d

read

399

img
dot

Image Credit: Medium

Building Your OSCP Toolkit: Must-Have Tools and Resources

  • Building Your OSCP Toolkit: Must-Have Tools and Resources is your roadmap to success in obtaining the Offensive Security Certified Professional (OSCP) certification.
  • Creating a lab environment is crucial for hands-on practice. Utilize virtualization software like VirtualBox or VMware to set up a network of vulnerable machines.
  • Network scanning tools like Nmap and Masscan are your eyes into the network. Discover hosts, open ports, and services running on them.
  • Metasploit and ExploitDB are indispensable when it comes to exploiting vulnerabilities. Explore vast databases of exploits and learn to penetrate systems ethically.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

7d

read

87

img
dot

Image Credit: Securityaffairs

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

  • Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.
  • Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet.
  • The vulnerabilities include an authentication bypass issue and a command injection vulnerability, which when exploited together allow threat actors to execute arbitrary commands on vulnerable systems without authentication.
  • The discovery of Mirai botnet delivery through these exploits highlights the ever-evolving landscape of cyber threats and the need to understand and address such vulnerabilities for network security.

Read Full Article

like

5 Likes

share

1 Share

source image

Kitploit

7d

read

141

img
dot

Image Credit: Kitploit

BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR

  • BadExclusionsNWBO is a tool that identifies folder custom or undocumented exclusions on AV/EDR.
  • The tool works by copying and running Hook_Checker.exe in all folders and subfolders of a specified path.
  • Hook_Checker.exe returns the number of EDR hooks, and if the number is 7 or less, it indicates that the folder has an exclusion.
  • The tool was inspired by another tool called Probatorum-EDR-Userland-Hook-Checker, which provided a solution to achieve similar results with less noise.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

7d

read

79

img
dot

Image Credit: Securityaffairs

Zscaler is investigating data breach claims

  • Cybersecurity firm Zscaler is investigating allegations of a data breach after hackers offered access to its network.
  • Zscaler confirmed that there is no impact or compromise to its customer, production and corporate environments.
  • A threat actor named IntelBroker announced on a forum that they were selling access to Zscaler.
  • IntelBroker offered to sell confidential logs with credentials for $20,000 in cryptocurrency.

Read Full Article

like

4 Likes

share

1 Share

source image

Securelist

7d

read

187

img
dot

APT trends report Q1 2024

  • Kaspersky’s Global Research and Analysis Team (GReAT) published their latest quarterly summary on advanced persistent threat (APT) activity, focusing on Q1 2024
  • The Gelsemium group performs server-side exploitation, using various custom and public tools deployed with stealth techniques and technologies
  • Recently, threat hunters gained insights into Careto and its campaigns in 2024, 2022 and 2019.
  • In March, a malware campaign was discovered by Kaspersky, which targeted government entities in the Middle East.
  • Lazarus Group has been observed employing its old malware on occasion, such as its old and familiar tool, ThreatNeedle.
  • SiegedSec, a small hacktivist group, stirs up offensive hack-and-leak operations on companies, infrastructure and government entities globally, driven by events and social justice goals
  • APT campaigns remain very geographically dispersed. Campaigns were focused on Europe, the Americas, the Middle East, Asia and Africa.
  • Geopolitics continues to be a key driver of APT development, and cyber espionage remains a prime goal of APT campaigns.
  • Various sectors such as government, diplomatic, gaming, maritime logistics and ISP are at risk for attack
  • As always, Kaspersky's reports are the product of their visibility into the threat landscape.

Read Full Article

like

11 Likes

share

2 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app