Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place...

Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack

By Deeba Ahmed Ripple’s co-founder Chris Larsen has acknowledged that his personal XRP wallet was hacked. This is a post from HackRead.com Read the original post: Ripple Co-Founders Personal XRP Wallet Breached in $112 Million Hack...

A week in security (January 22 – January 28)

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware,...

Microsoft got hacked by state sponsored group it was investigating

In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard also known as APT29 or Cozy Bear, gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting...

Lawmakers Are Out for Blood After a Hack of the SEC’s X Account Causes Bitcoin Chaos

The US Securities and Exchange Commission is under pressure to explain itself after its X account was compromised, leading to wild swings in the bitcoin market...

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol BGP traffic. "The Orange account in the IP network coordination center RIP...

Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data

By Deeba Ahmed German cybersecurity researchers from Technische Universität Berlin employed a €600 £520 - $660 tool to gain root access to the ARM64-based circuit board of Tesla's autopilot. This is a post from HackRead.com Read the original post: Researchers Crack Tesla Autopilot with Elon Mode,...

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

By Waqas Big Tech vs. Big Brother: Apple Defies India Pressure over iPhone Hacking Alerts. This is a post from HackRead.com Read the original post: Apples iPhone Hack Attack Warnings Spark Political Firestorm in India...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

By Waqas Self-Hack: Strengthen Your Security Before External Threats Strike! This is a post from HackRead.com Read the original post: Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials...

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder...

CVE-2023-49914

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

Spoofing

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

PT-2023-31409 · Interaxon · Muse App +1

Name of the Vulnerable Software and Affected Versions: InteraXon Muse 2 devices affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in an incorrect report of an outstanding, calm meditation state. This is achieved via a 480 MHz RF...

CVE-2023-49914

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

CVE-2023-49914

Affected product: InteraXon Muse 2 devices. Vulnerability: remote attackers can trigger a denial of service by delivering a 480 MHz RF carrier modulated with a (false) brain wave, a so‑called Brain‑Hack attack. The Muse App can fail to display the reception of a strong RF carrier and may mislead ...

Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years

An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade. Indian security firm under scrutiny, according to an in-depth analysis from SentinelOne, began as a...

Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike...

hack-attack.de Improper Access Control vulnerability OBB-3778608

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...