Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns...

PT-2024-20221 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins affected versions not specified Description: A new vulnerability in Jenkins is showcased in a non-competitive box on Hack The Box. The issue is demonstrated through a guided mode challenge, which is available for free. Recommendations...

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, whi...

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place...

Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack

By Deeba Ahmed Ripple’s co-founder Chris Larsen has acknowledged that his personal XRP wallet was hacked. This is a post from HackRead.com Read the original post: Ripple Co-Founders Personal XRP Wallet Breached in $112 Million Hack...

A week in security (January 22 – January 28)

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware,...

Microsoft got hacked by state sponsored group it was investigating

In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard also known as APT29 or Cozy Bear, gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting...

Lawmakers Are Out for Blood After a Hack of the SEC’s X Account Causes Bitcoin Chaos

The US Securities and Exchange Commission is under pressure to explain itself after its X account was compromised, leading to wild swings in the bitcoin market...

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol BGP traffic. "The Orange account in the IP network coordination center RIP...

Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data

By Deeba Ahmed German cybersecurity researchers from Technische Universität Berlin employed a €600 £520 - $660 tool to gain root access to the ARM64-based circuit board of Tesla's autopilot. This is a post from HackRead.com Read the original post: Researchers Crack Tesla Autopilot with Elon Mode,...

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

By Waqas Big Tech vs. Big Brother: Apple Defies India Pressure over iPhone Hacking Alerts. This is a post from HackRead.com Read the original post: Apples iPhone Hack Attack Warnings Spark Political Firestorm in India...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

By Waqas Self-Hack: Strengthen Your Security Before External Threats Strike! This is a post from HackRead.com Read the original post: Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials...

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder...

CVE-2023-49914

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

Spoofing

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

CVE-2023-49914

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

PT-2023-31409 · Interaxon · Muse App +1

Name of the Vulnerable Software and Affected Versions: InteraXon Muse 2 devices affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in an incorrect report of an outstanding, calm meditation state. This is achieved via a 480 MHz RF...

CVE-2023-49914

Affected product: InteraXon Muse 2 devices. Vulnerability: remote attackers can trigger a denial of service by delivering a 480 MHz RF carrier modulated with a (false) brain wave, a so‑called Brain‑Hack attack. The Muse App can fail to display the reception of a strong RF carrier and may mislead ...