This Week in Security News: ePrivacy and Hack Back

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the Council of the European Union reviewed a bill dubbed the “ePrivacy” Regulation, which targets message-sharing services like WhatsApp and...

Hidden Cobra Strikes Again with Custom RAT, SMB Malware

The feds are warning that the North Korean APT group known as Hidden Cobra is mounting active attacks on U.S. businesses and others globally, including organizations in the media, aerospace, financial and critical infrastructure sectors. According to a United States Computer Emergency Readiness...

Fraudsters Claim To Hack Two Canadian Banks

UPDATE Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information of a combined 90,000 customers. The attackers have asked for a ransom of 1 Ripple XMR from each, which translates to around $1...

Monero: forum.getmonero.org Shell upload

Summary: The method uploadProfile in the UsersController allows an attacker to upload a shell to the target server due to lack of image validation. Description: Steps To Reproduce: 1. Open POC https://forum.getmonero.org/uploads/profile/lNobodyl1527340454.php or...

Bitcoin Gold loses over $18 million after hack attack

By Waqas Hackers are conducting Double Spend attack on cryptocurrency exchanges and the This is a post from HackRead.com Read the original post: Bitcoin Gold loses over $18 million after hack attack...

satvacart.com XSS vulnerability

Open Bug Bounty ID: OBB-620680 Description| Value ---|--- Affected Website:| satvacart.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Why tech companies wanted Senate Bill 315 vetoed

When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...

Securus firm that lets US Cops track cellphone users has been hacked

By Uzair Amir Securus has not confirmed the breach but evidence suggests that This is a post from HackRead.com Read the original post: Securus firm that lets US Cops track cellphone users has been hacked...

This Week in Security News: Exposure and Susceptibility

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, a new report revealed that the Equifax breach had a larger impact than previously thought. In addition, The Senate Intelligence Committee...

Georgia Governor Vetoes Controversial Hack-Back Bill

Recognizing the concerns of tech giants and security researchers alike, Georgia Gov. Nathan Deal has vetoed a controversial “hack-back” bill that would have allowed companies in the state to perform offensive cyber-actions in the face of an attack. “Certain components of the legislation have led ...

WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to “hack back” with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group...

Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms

By Waqas The master key hack has the capability of unlocking not This is a post from HackRead.com Read the original post: Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms...

Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer

Internet-connected technology, also known as the Internet of Things IoT, is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each a...

U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program

The U.S. Department of Defense is doubling down on routing out vulnerabilities in its massive government systems. On Monday, the DoD announced it was expanding its bug bounty program to include the agency’s massive Defense Travel System. The “Hack the DTS” program launched in partnership with bug...

Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing

In our weekly roundup of InfoSec happenings, we start, as has often been the case this year, with concerning Meltdown / Spectre news -- this time involving Microsoft -- and also touch on a password hack at Under Armour, a WannaCry infection at Boeing, and a severe Drupal vulnerability. Microsoft...

Animal abuse website hacked; thousands of users exposed

By Waqas An animal abuse website or otherwise called a "bestiality" platform This is a post from HackRead.com Read the original post: Animal abuse website hacked; thousands of users exposed...

letsendorse.com XSS vulnerability

Open Bug Bounty ID: OBB-591998 Description| Value ---|--- Affected Website:| letsendorse.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

British doctor says his laptop was hacked & led to Aleppo hospital airstrike

By Uzair Amir A British surgeon and consultant David Nott was just trying This is a post from HackRead.com Read the original post: British doctor says his laptop was hacked & led to Aleppo hospital airstrike...

GreyKey iPhone Unlocker

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly...