Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

By Deeba Ahmed Major Retailers Selling Video Doorbells with Serious Security Flaws, Consumer Reports Warns. This is a post from HackRead.com Read the original post: Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking...

Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.”...

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking groups malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. The GhostSec and Stormous ransomware groups are jointly conducting double extortion...

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

Cybersecurity researchers have discovered a new Linux variant of a remote access trojan RAT called BIFROSE aka Bifrost that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42...

China Surveillance Company Hacked

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These arent details about the tools or techniques, more the...

A Mysterious Leak Exposed Chinese Hacking Secrets

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen...

Exploit for OS Command Injection in Apache Spark

CVE-2022-33891 - Apache Spark UI Remote Code Execution RCE 🔐...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon aka Anxun is...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! options Arguments - url: Root URL base...

Duo Jailed for Hacking JFK Taxi Dispatch System

By Waqas The scheme started in September 2019 and continued until September 2021. This is a post from HackRead.com Read the original post: Duo Jailed for Hacking JFK Taxi Dispatch System...

Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance

By Deeba Ahmed According to cybersecurity firm Pen Test Partners, Livall’s smart helmets had an inherent flaw that could lead to… This is a post from HackRead.com Read the original post: Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance...

Synthetic Solutions: Redefining Cybersecurity Through Data Generation in the Face of Hacking

By Owais Sultan Cybersecurity is a constant battleground where hackers continuously devise new strategies to breach defences, jeopardizing sensitive information and… This is a post from HackRead.com Read the original post: Synthetic Solutions: Redefining Cybersecurity Through Data Generation in t...

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency CIA has been sentenced to 40 years in prison by the Southern District of New York SDNY for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally...

The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world

Id hate to be labeled a "car guy" now mentioning my new electric car in the lede of two newsletters in a row, but I couldnt resist. Id been reading headlines for years about how electric cars most notably Tesla were vulnerable to a range of security vulnerabilities, even some that could allow bad...

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver...

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacki...

Exploit for Code Injection in Craftcms Craft_Cms

This python script exploits the Remote Code Execution vulnerabil...

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group...