Hacker News | Latest Cyber Hacking News on Techminis

A naukri.com initiative

New

Home

Hacking News

Securityaffairs

Image Credit: Securityaffairs

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A security researcher has released a free decryptor for Linux Akira ransomware that uses GPU power to recover keys through brute force.
The researcher, Yohanes Nugroho, implemented a decryption technique that exploits the use of timestamp-based seeds by Akira ransomware to generate unique encryption keys for each file.
By analyzing log files, file metadata, and hardware benchmarks, the researcher estimated encryption timestamps, making the brute-forcing of decryption keys more efficient.
To speed up the process, Nugroho used sixteen RTX 4090 GPUs through cloud GPU services, reducing the decryption time to 10 hours.

Read Full Article

3 Likes

Silicon

318

Image Credit: Silicon

Medusa Ransomware Hits Critical Infrastructure

The Medusa ransomware has affected more than 300 organisations in critical infrastructure in the US alone from 2021 up to last month, according to the Cybersecurity and Infrastructure Security Agency (CISA).
The group's developers demand ransoms of $100,000 to $15 million, in double-extortion attacks, pressuring organisations to restore encrypted data and prevent exfiltrated data from being published online.
Symantec has warned of an increase in Medusa attacks, with an increase of 42% between 2023 and 2024 and twice as many incidents in January and February compared to the previous year.
CISA advises organisations to mitigate ransomware by patching security vulnerabilities, segmenting networks, and filtering network traffic to block access from unknown or untrusted sources.

Read Full Article

19 Likes

Cybersecurity-Insiders

211

Image Credit: Cybersecurity-Insiders

Social Media and Email hacking surged in 2024

In 2024, there was a significant surge in hacking activities targeting social media and email accounts, with fraud incidents rising from 23,000 cases in 2023 to 35,436 in 2024.
Criminals primarily targeted users through phishing scams, tricking them into providing sensitive information and gaining unauthorized access to personal accounts.
Email service providers are enhancing spam filters with advanced AI systems, while individual users need to remain cautious of unsolicited emails and suspicious links.
Social media platforms need to take stronger action in policing deceptive ads and fraudulent promotions, while users should adopt proactive measures like verifying messages, updating passwords, enabling multi-factor authentication, and keeping devices up to date.

Read Full Article

12 Likes

Hackingblogs

280

Image Credit: Hackingblogs

Bug Bounty 10-Day Complete Free Training: Day3 – Building Workflows

Day 3 of the Bug Bounty Bootcamp focuses on building workflows and bug bounty searching methods.
Topics covered include GitHub, cloud operations, recon procedures, Google Dorks, leaked credentials, exploits, misconfigurations, CMS, OWASP, and brute force workflows.
Creating a well-structured workflow is essential for efficient bug bounty hunting.
The recon workflow involves identifying root domains, subdomains, performing DNS resolution, and gathering A, NS, MX, and CNAME entries.
Understanding terms like Root Domains, Subdomains, DNS Resolution, A Record, NS Record, MX Record, and CNAME Record is crucial for recon processes.
CIDR ranges are used for IP addresses, and port scans are conducted to identify exposed protocols and services.
Verifying Autonomous System Number (ASN) and geolocation is important to identify IP ownership.
Fingerprinting, content detection, and tools like WhatWeb, Wappalyzer, Nikto, and Nmap are used to identify technologies used by web applications.
Practical application of knowledge and tools is emphasized for skill development in bug bounty hunting.
Upcoming topics in the bootcamp include Google Dorks, password leaks, common attacks, misconfigurations, CMS, OWASP, and brute force workflows.

Read Full Article

16 Likes

Discover more

Securityaffairs

336

Image Credit: Securityaffairs

Denmark warns of increased state-sponsored campaigns targeting the European telcos

Denmark's cybersecurity agency has issued a warning about increased state-sponsored campaigns targeting European telecom companies.
The threat assessment in Denmark has raised the cyber espionage threat level for its telecom sector from medium to high due to growing threats across Europe.
The Danish Social Security Agency highlighted risks including cyber espionage, destructive attacks, cyber activism, and criminal hackers targeting the telecom sector.
State actors aim to access user data, monitor communications, and potentially launch cyber or physical attacks by targeting telecom providers for espionage.
Hackers have demonstrated advanced technical capabilities in targeting telecommunications infrastructure and protocols abroad.
China-linked APT group Salt Typhoon has been targeting global telecom providers, breaching networks using vulnerabilities in Cisco devices.
Salt Typhoon group compromised U.S. telecom firms by exploiting flaws like CVE-2023-20198 and CVE-2023-20273, maintaining persistence with GRE tunnels.
Telecoms such as Lumen, AT&T, and Verizon reported securing networks after cyberespionage attempts by Salt Typhoon, emphasizing the ongoing threat.
Other China-linked groups like Light Basin have targeted mobile carrier networks globally, compromising calling records and text messages from telecom companies.
CrowdStrike researchers highlighted the deep knowledge of telecommunication network architectures exhibited by threat actors, using protocols like GTP for malicious activities.

Read Full Article

20 Likes

Securityaffairs

Image Credit: Securityaffairs

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

New MassJacker clipper targets pirated software seekers
Cisco IOS XR flaw allows attackers to crash BGP process on routers
LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Read Full Article

3 Likes

Securityaffairs

423

Image Credit: Securityaffairs

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
Yap's Health Department detected the cyberattack and shut down the network and digital health systems to contain the threat.
The Department is working with government agencies and IT contractors to assess the extent of the breach and restore services.
No ransomware group has claimed responsibility for the attack.

Read Full Article

25 Likes

Hackingblogs

233

Image Credit: Hackingblogs

Bug Bounty 10-Day Complete Free Training: Choosing the Right Platforms

Dipanshu Kumar is leading a 10-day Bug Bounty Bootcamp to guide participants through bug bounty hunting.
Choosing the right bug bounty platform is crucial for ethical hacking compliance and success.
Popular bug bounty platforms like HackerOne, Bugcrowd, Synack, and Cobalt offer various programs to ethical hackers.
HackerOne rewards hackers for reporting vulnerabilities with payouts ranging from $50 to over $100,000.
Bugcrowd also offers rewards from $50 to over $50,000 for identified vulnerabilities with payments processed in 30 to 45 days.
Intigriti is notable for its focus on European businesses and rigorous researcher checks against sanction lists.
Synack is an invite-only bug bounty platform for experienced security researchers with monthly compensation based on vulnerability severity.
Cobalt combines penetration testing and bug bounty schemes, offering faster testing and active vulnerability management.
Additional bug bounty platforms include Yeswehack, Open Bug Bounty, HackTrophy, HackenProof, Zerocopter, and SlowMist.
The Bug Bounty Bootcamp will cover processes like CVE, CMS, OWASP, and brute force workflows, starting with recon in the upcoming sessions.

Read Full Article

14 Likes

Medium

Image Credit: Medium

What If Mr. Robot Had a Season 5? Exploring Possible Stories for Elliot Alderson

Mr. Robot left a lasting impact on viewers, inspiring many to pursue careers in cybersecurity after its realistic portrayal of hacking and cybersecurity in the digital world.
As fans ponder the possibility of a Season 5, they explore potential storylines that could delve deeper into Elliot Alderson's complex narrative.
Season 4 brought closure with a powerful ending that revealed the truth behind Elliot's fragmented psyche, leaving viewers satisfied with the conclusion.
Despite the strong conclusion, speculations arise about what a hypothetical Season 5 could offer in terms of character development and unresolved plotlines.
One theory proposes focusing on the real Elliot Alderson's journey, shedding light on his struggle to navigate a world shaped by his alter-ego, the Mastermind.
A potential conflict could arise if society's expectations clash with the real Elliot's desire to distance himself from the revolutionary identity created by the Mastermind.
Exploring the idea of the Mastermind's lingering presence in Elliot's subconscious raises questions about identity and the possibility of one persona overshadowing another.
Hypothetical storylines for Season 5 include the aftermath of past hacks, introduction of new cyber threats, and the resurgence of the hacking world in Elliot's life.
A shift towards a law enforcement perspective could offer a fresh angle in Season 5, portraying a cat-and-mouse game in a digitally transformed world.
Delving into Whiterose's mysterious machine and its potential to alter realities could introduce a sci-fi element while maintaining the show's themes of perception and control.

Read Full Article

5 Likes

Securityaffairs

402

Image Credit: Securityaffairs

New MassJacker clipper targets pirated software seekers

A new clipper malware named MassJacker is targeting users searching for pirated software.
MassJacker is a clipper malware that intercepts and manipulates clipboard data to redirect cryptocurrency funds.
The infection starts from a site distributing pirated software and involves multiple stages of execution.
MassJacker is a malware-as-a-service (MaaS), and the stolen funds are likely managed by a single entity.

Read Full Article

24 Likes

TheNewsCrypto

428

Image Credit: TheNewsCrypto

WazirX Recovery at Risk, Can Jason Kardachi Be Trusted?

Jason Kardachi, a key figure in WazirX recovery efforts, has been banned from representing cases in Singapore due to undisclosed misconduct.
WazirX must decide whether to continue working with Kardachi or find a replacement to maintain credibility and ensure progress.
Kardachi’s legal ban could delay fund recovery, weaken international cooperation, and damage user trust in WazirX.
WazirX is facing a challenge in deciding the next course of action concerning Kardachi's involvement and its impact on the recovery process.

Read Full Article

25 Likes

Securityaffairs

259

Image Credit: Securityaffairs

Cisco IOS XR flaw allows attackers to crash BGP process on routers

Cisco has addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers.
The vulnerability, tracked as CVE-2025-20115, can be exploited by sending a single BGP update message to the router.
The flaw allows for memory corruption and DoS, requiring attacker control of a BGP confederation speaker or an AS_CONFED_SEQUENCE attribute reaching 255 AS numbers.
The workaround involves limiting AS_CONFED_SEQUENCE to 254 or fewer AS numbers to reduce the risk of attacks if patches can't be applied.

Read Full Article

15 Likes

Stackexchange

151

Image Credit: Stackexchange

File a complaint to cyber investigator

A person shares their story of becoming homeless and falling victim to a cryptocurrency and romance scam.
They lost $530k and went into depression before finding help from INTELLIGENCE CYBER WIZARD SERVICES.
INTELLIGENCE CYBER WIZARD SERVICES helped them recover their losses by hacking into the scammers' server.
The person recommends contacting INTELLIGENCE CYBER WIZARD SERVICES for similar scam recovery needs.

Read Full Article

9 Likes

Hackingblogs

Image Credit: Hackingblogs

Bug Bounty 10-Day Complete Free Training: Day 1 – Mastering the Basics

Dipanshu Kumar will guide users through a 10-day Bug Bounty Bootcamp covering bug bounty hunting basics, starting with virtualization and OWASP Top 10.
Hardware requirements for bug bounty hunting are basic, needing an operating system, 8GB RAM, and a 250GB hard drive.
Virtualization tools like VMware, VirtualBox, and Docker are essential for running multiple operating systems and applications in isolated environments.
Virtualization enables the operation of multiple virtual machines or containers on a single physical system by establishing a layer between the OS and hardware.
Establishing and maintaining organization by keeping accurate records and using checklists will enhance bug bounty success rates in the long term.
Using OWASP checklist for web application security testing can help beginners keep track of their testing progress.
Taking notes is crucial for monitoring progress and recalling actions during bug bounty hunting, with tools like Evernote and OneNote being popular choices.
Consistency in note-taking, continuous learning, and integrity are key qualities for success in bug bounty hunting.
The next day's session will cover creating CVE feed sources, staying updated on cybersecurity developments, choosing bug-hunting platforms, and setting up RSS feeds.

Read Full Article

Idownloadblog

Image Credit: Idownloadblog

Nugget v5 coming soon with animated wallpapers & custom posterboard designs, among other things

Nugget v5 is set to be released with new features for customization.
The update will include animated wallpapers and custom posterboard designs.
The features will be available for beta testing to Discord Nitro boosters and Ko-Fi donators.
Nugget v5 will support various versions of iOS & iPadOS, including the beta versions.

Read Full Article

1 Like

For uninterrupted reading, download the app