menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

2w

read

52

img
dot

Image Credit: Securityaffairs

New Atrium Health data breach impacts 585,000 individuals

  • Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to the use of online tracking tools.
  • The breach occurred on Atrium Health's MyAtriumHealth Patient Portal between January 2015 and July 2019.
  • Online tracking technologies on the portal may have transmitted personal information to third-party vendors.
  • The potentially exposed data includes IP addresses, third-party identifiers/cookies, and limited patient information.

Read Full Article

like

3 Likes

source image

Securityaffairs

2w

read

0

img
dot

Image Credit: Securityaffairs

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CyberPanel flaw CVE-2024-51378 (CVSS score: 10.0) to its Known Exploited Vulnerabilities (KEV) catalog.
  • The getresetstatus vulnerability in CyberPanel allows remote attackers to bypass authentication and execute arbitrary commands by exploiting a flaw in secMiddleware.
  • The vulnerability impacted versions up to 2.3.6 and the unpatched 2.3.7, and was exploited in a large-scale hacking campaign targeting over 22,000 CyberPanel instances.
  • CISA has ordered federal agencies to fix this vulnerability by December 25, 2024.

Read Full Article

like

Like

source image

Securelist

2w

read

13

img
dot

Image Credit: Securelist

Exploits and vulnerabilities in Q3 2024

  • Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks.
  • The total number of first-time publications of PoCs for fresh CVEs rose by 2%, which indicates an acceleration in exploit creation.
  • Kaspersky solutions for Windows include vulnerabilities in Microsoft Office, Windows Error Reporting Service, Microsoft Streaming Service Proxy, WinRAR.
  • Kaspersky products detected vulnerabilities in Linux OverlayFS kernel module, Sudo utility command in the system, dynamic loader ld.so, Netfilter subsystem, kernel memory management system and nftables.
  • Vulnerabilities critical for exploitation were more likely than before to be related to operating system subsystems.
  • The ranking of TOP 10 vulnerabilities exploited in APT attacks includes vulnerabilities that grant access to systems running web applications and mail servers.
  • CVE-2024-47177 (CUPS filters) discovered in Linux version of CUPS, a printing toolkit for Unix-like operating systems can be exploited through FoomaticRIPCommandLine.
  • CVE-2024-6387 (regreSSHion) vulnerability caused a stir in Q3 2024; an attack on a system at the very stage when the SSH server receives authentication data.
  • CVE-2024-3183 (Free IPA) provides centralized identity management and authentication for Linux systems. A user with minimal privileges on the network can sniff ticket encryption data and use it to carry out a Kerberoasting attack.
  • CVE-2024-5290 (Ubuntu wpa_supplicant) vulnerability was caused by a misconfigured RPC interface the default setting allowed a regular user to access quite critical functionality.

Read Full Article

like

Like

source image

Hackingblogs

2w

read

1.7k

img
dot

Image Credit: Hackingblogs

Deloitte Was Hacked : 1 TB Of Data Was Stolen By The Ransomware Group

  • A cyberattack on Deloitte UK was claimed by the ransomware group BrainCipher, which alleges stealing over 1TB of sensitive data.
  • Discovered on BrainCipher's data leak site, the group has set a countdown of ten days and twenty hours before releasing the data. They criticized Deloitte's security practices and promised to reveal the tools used during the breach. 
  • BrainCipher, known for high-profile attacks like Indonesia's National Data Centre, spreads malware via compromised Windows domain admin credentials. Deloitte has not yet commented, and the claims remain unverified. The incident underscores the ongoing risks of ransomware to major corporations.

Read Full Article

like

10 Likes

source image

Securityaffairs

2w

read

191

img
dot

Image Credit: Securityaffairs

Hundred of CISCO switches impacted by bootloader flaw

  • A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature checks.
  • Cisco released security patches for a vulnerability, tracked as CVE-2024-20397, in the NX-OS software’s bootloader.
  • The vulnerability allows an attacker with physical access or administrative credentials to bypass image signature verification.
  • The affected Cisco products running NX-OS Software with a vulnerable BIOS version are listed in the report.

Read Full Article

like

11 Likes

source image

Medium

2w

read

291

img
dot

Image Credit: Medium

Hacking bubble.io apps: For Education purpose only❗❗❗

  • Companies using Bubble, a low-code platform, have been found to forget to hide their Swagger documentation access, opening up the opportunity for a man-in-the-middle attack.
  • Accessing the Swagger documentation at /api/1.1/meta allows hackers to add, edit, delete, and create data without user authorization, as well as impersonate users.
  • Certain endpoints in Bubble's API do not require access tokens or credentials, exposing sensitive information such as property views and search appearances.
  • The responsibility for securing apps built on low-code platforms like Bubble lies with the developers, who need to implement proper security protocols.

Read Full Article

like

17 Likes

source image

Hackers-Arise

2w

read

43

img
dot

Image Credit: Hackers-Arise

Exploit Development: Fuzzing with American Fuzzy Lop++ (AFL++) to Find Zero-Day Vulnerabilities

  • Fuzzing is an excellent tool for finding unknown or zero-day vulnerabilities in applications and services. American Fuzzy Lop ++ (AFL++) is an enhanced version of AFL that is better equipped to uncover vulnerabilities faster. AFL++ is a coverage-guided fuzzer that explores program execution paths to identify vulnerabilities. It supports various modes (e.g., classic, persistent, and QEMU modes) of code instrumentation, different mutation strategies, and evolutionary methods to maximize coverage.
  • One of the most significant advantages of AFL++ over other fuzzing tools is its advanced mutation strategies, such as deterministic and stochastic techniques, for better test case generation. AFL++ also incorporates cutting-edge mutators that can identify a broader range of anomalies in code. The tool is highly customizable and extensible, making it perfect for users who want to experiment with novel fuzzing techniques or integrate custom components.
  • The article provides a step-by-step guide on how to run AFL++ to fuzz an open-source target, specifically the Xpdf PDF viewer to identify a crash or proof of concept (PoC) for CVE-2019-13288. AFL++ retains the core principles of AFL and offers additional features and optimizations, enhancing its capabilities. Moreover, it is user-friendly, making it accessible for beginners while offering advanced features for experienced users.
  • AFL++ utilizes genetic algorithms to mutate inputs, evolving them to maximize coverage. It efficiently filters out redundant or low-value inputs and offers advanced power schedules to prioritize input mutation efforts effectively. AFL++ also supports custom dictionaries to test "magic values" (e.g., specific strings or patterns) for effective identification of vulnerabilities.
  • Fuzzing is a technique for identifying unknown vulnerabilities (zero-day) in software, and AFL++ is a powerful tool that streamlines the entire process into just a few simple steps. By exploring program execution paths, AFL++ can identify previously unknown vulnerabilities, making it an ideal tool for developers looking to identify and fix vulnerabilities before they can be exploited by attackers.
  • Finding vulnerabilities in software is the first step to developing your zero-day exploit. AFL++ is an incredibly powerful tool that is highly effective at uncovering vulnerabilities faster while remaining user-friendly. The tool is also extensible, making it a great choice for users who wish to experiment with novel fuzzing techniques or integrate custom components. By leveraging AFL++, you can identify previously unknown vulnerabilities and use that knowledge to build more secure software.
  • The process of examining the entire source code of a program to identify vulnerabilities such as buffer overflows can be a thorough but time-consuming process. Fuzzing, on the other hand, is a more effective method for quickly uncovering critical yet straightforward vulnerabilities. AFL++ is a suitable tool for this purpose as it offers advanced features and customization options to make the fuzzing process quicker and easier.
  • AFL++ is an enhanced version of AFL, a highly regarded fuzzing tool for C, C++, and Objective-C programs. AFL++ builds on AFL's highly regarded speed, intelligent test case selection, and incorporates advanced features like custom dictionaries, genetic algorithms for mutating inputs, advanced mutation strategies, power schedules, code instrumentation, and coverage tracking, amongst other features.
  • You can use AFL++ to test programs with known bugs or issues to determine if these problems will result in application downtime or more serious problems like a denial-of-service (DoS) attack. AFL++ can also identify unknown vulnerabilities in software by exploiting the behavior of certain pre-existing code in unexpected ways. This helps to identify errors that would not be detected through normal testing procedures.
  • Fuzzing is an excellent tool for identifying vulnerabilities in software. AFL++ is a powerful and user-friendly fuzzing tool that can be used to uncover previously unknown vulnerabilities or zero-day vulnerabilities in applications and services. By using AFL++, developers can identify potential vulnerabilities and take steps to fix them before attackers exploit them, thus making their software more secure.

Read Full Article

like

2 Likes

source image

Blackenterprise

2w

read

82

img
dot

Image Credit: Blackenterprise

FBI Cautions Android, iPhone Users To Encrypt Messages Due To Hacking Concerns

  • Officials are cautioning Android and iPhone users to encrypt messages due to hacking concerns.
  • Jeff Greene of the Cybersecurity and Infrastructure Security Agency recommends using encrypted messaging.
  • Signal is mentioned as a platform offering strong end-to-end encryption.
  • The hacking campaign targeted telecommunications companies and aimed to gather intelligence on America's politics.

Read Full Article

like

4 Likes

source image

Securityaffairs

2w

read

261

img
dot

Image Credit: Securityaffairs

Operation Destabilise dismantled Russian money laundering networks

  • The U.K. National Crime Agency (NCA) has disrupted Russian money laundering networks linked to organized crime across multiple countries in an operation called 'Operation Destabilise.'
  • The NCA identified two Russian-speaking networks, Smart and TGR, collaborating at the heart of the criminal enterprise.
  • As a result of Operation Destabilise, the U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned five individuals and four entities tied to the TGR Group for aiding Russian elites in sanctions evasion.
  • The NCA efforts led to 84 arrests, prison sentences, and the seizure of £20 million in both cash and cryptocurrency.

Read Full Article

like

15 Likes

source image

Securityaffairs

2w

read

187

img
dot

Image Credit: Securityaffairs

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

  • Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.
  • The Secret Blizzard threat actor compromises the infrastructure of the Pakistan-based threat actor Storm-0156 to conduct cyber espionage campaigns in South Asia.
  • Researchers confirmed that Secret Blizzard deploys backdoors, clipboard monitors, and other espionage tools using Storm-0156 infrastructure.
  • Secret Blizzard targets Afghan government entities and accesses exfiltrated data from Indian military and defense institutions.

Read Full Article

like

11 Likes

source image

Securityaffairs

2w

read

392

img
dot

Image Credit: Securityaffairs

China-linked APT Salt Typhoon has breached telcos in dozens of countries

  • APT group Salt Typhoon, linked to China, has infiltrated telecommunications companies in dozens of countries with at least eight US firms compromised, according to a senior White House official. The group has been active for one to two years and has hacked telecommunications providers in several dozen countries. The White House has said it wants to mandate minimum cybersecurity practices for telecoms. The Commerce Department’s tech security office is also preparing measures to address risks from IT and communications transactions linked to China.
  • Australia, Canada, New Zealand and the US have issued a guide advising on best practices to strengthen network security, following warnings linked to PRC-linked cyber espionage targeting telecoms. The guidelines cover scrutiny of network device configurations, advanced monitoring solutions, and restricting internet exposure of management traffic.
  • The US experts detected that Chinese cyber espionage hackers had stolen information from people who were primarily involved in government or political activity, regarding the breach of private communications. Experts’ suspect state-sponsored hackers gathered extensive internet traffic during the intrusion.
  • Data from AT&T, Verizon, and Lumen Technologies that was the target of a Salt Typhoon breach, which occurred in September, may have been accessed. T-Mobile was also recently targeted.
  • The Biden administration’s priority is to safeguard tech and telecom infrastructure from Chinese-linked cyber espionage operations to protect US national security.
  • Experts believe that security breaches like this could enable disruptive attacks during potential future conflicts.
  • The investigation continues into the breaches of US broadband providers, assessing its scope and whether threat actors compromised Cisco routers.
  • Telecoms must adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC) to reduce vulnerabilities, disrupt intrusion attempts, and strengthen network defenses.
  • The US government and law enforcement will continue investigating a large-scale cyber-espionage campaign by Chinese-linked threat actors targeting US telecoms; stolen data was subject to US law enforcement requests pursuant to court orders.
  • Security breaches such as this are part of China’s broader strategy, which puts US officials increasingly on edge about Chinese cyber efforts to infiltrate critical infrastructure.

Read Full Article

like

23 Likes

source image

Medium

2w

read

140

img
dot

Image Credit: Medium

Tor vs VPN Which One Should You Choose for Online Privacy?

  • The Tor network provides anonymity by routing internet traffic through volunteer-operated servers.
  • Key features of Tor include multiple layers of encryption and difficulty in tracing online activity.
  • A VPN establishes an encrypted connection to protect data and prioritize privacy.
  • The choice between Tor and VPN depends on specific needs, and combining them requires technical knowledge.

Read Full Article

like

8 Likes

source image

Idownloadblog

2w

read

52

img
dot

Image Credit: Idownloadblog

Legizmo ‘Moonstone’ enables pairing watchOS 6.0-11.x Apple Watches with jailbroken iPhones on iOS 14 & later

  • Luntotech11 has released Legizmo 'Moonstone,' a new jailbreak tweak that allows Apple Watches running watchOS 6.0 through 11.x to pair with jailbroken iPhones on iOS 14 and newer.
  • Legizmo 'Moonstone' offers both a tweak and native method for pairing, allowing users to use the devices together in either jailbroken or non-jailbroken states.
  • The tweak guides users through the pairing process seamlessly, giving access to most features and fixing potential inconsistencies between incompatible versions.
  • Legizmo 'Moonstone' is available for $4.99 from the Chariz repository, and users can get support from the project’s Discord server.

Read Full Article

like

3 Likes

source image

Medium

2w

read

283

img
dot

Image Credit: Medium

Building Networked Inter-Process Connections for Malware

  • Named pipes are a reliable and fast method for transferring data between malware without detection.
  • It can be used to send payloads laterally within a victim network.
  • The server creates the pipe, while the client connects to send and receive data.
  • Security measures should be considered to ensure the safety of the pipe.

Read Full Article

like

17 Likes

source image

Securityaffairs

2w

read

266

img
dot

Image Credit: Securityaffairs

Black Basta ransomware gang hit BT Group

  • BT Group's Conferencing division shut down some servers following a Black Basta ransomware attack.
  • The attack did not impact live BT Conferencing services.
  • Black Basta ransomware gang claimed to have stolen 500GB of data from BT Group.
  • Black Basta has targeted various critical infrastructure sectors and impacted over 500 organizations worldwide.

Read Full Article

like

16 Likes

For uninterrupted reading, download the app