Kali Linux 2023.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.3. This release has various impressive updates. The highlights of the changelog since the 2023.2 release from May: Internal Infrastructure - Major stack changes is under way Kali Autopilot - The automation attack framework has had an major...

Karma Catches Up to Global Phishing Service 16Shop

Youve probably never heard of "16Shop," but theres a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a...

Recapping the top stories from Black Hat and DEF CON

Welcome to this weeks edition of the Threat Source newsletter. I had a significant amount of FOMO last week seeing everyone out in Vegas. I was happy to not get conference crud sickness, but it seems like I missed a great time otherwise. But, as anyone who works with me could guess, I was followi...

UK Electoral Commission Hacked

The UK Electoral Commission discovered last year that it was hacked the year before. Thats fourteen months between the hack and the discovery. It doesnt know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our...

Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking

Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team SRT following a client engagement. The issues...

China Hacked Japan’s Military Networks

The NSA discovered the intrusion in 2020--we dont know how--and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on--plans, capabilities, assessments of military shortcomings, according to...

Phishing with hacked sites

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big a...

Scorpion CBS show. Plane hack

Having got on a bit of a roll with dismantling plane hacking in the media with the MH370 documentary critique, it’s probably time to tear apart the pilot episode of Scorpion from 2014. Here’s a link to the relevant part of the show: Why? It’s clearly just an entertainment show, so why bother...

Die Hard 2. Or how not to hack airplanes

How could I criticise possibly the best action movie series of all time? Well, it’s to help dispel myths about hacking planes. TV shows and films help set a narrative that is hard to shift around aviation cyber, giving the travelling public a misleading view of their security when flying. So let’...

Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study

By Waqas The new study has identified a cybersecurity training gap and an alarming lack of preparedness in countering emerging threats. This is a post from HackRead.com Read the original post: Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study...

INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform

By Waqas The cybercrime platform 16shop sold hacking tools and other malicious tools used to compromise more than 70,000 users in 43 countries. This is a post from HackRead.com Read the original post: INTERPOL Dismantles Infamous 16shop Phishing-as-a-Service Platform...

Security News This Week: The Cloud Company at the Center of a Global Hacking Spree

Plus: A framework for encrypting social media, Russia-backed hacking through Microsoft Teams, and the Bitfinex Crypto Couple pleads guilty...

Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of...

NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack

A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about 120,000 bitcoin. The development comes more than a year after Ilya Lichtenstein, 35, and his wife, Heather...

PTP at DEF CON 31 2023

Come and see us at the Aerospace Village, at Caesars Forum. Aerospace Village Fri 11th to Sun 13th Activity Take off in an A320 with hacked engine performance calculator. Then try to land it again. Fri 11th August 5:00 PM Pen Test Partners Power Hour We’ll be talking about: Hacking Electronic...

Hacking AI Resume Screening with Text in a White Font

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords--or the published job description--into the resume in a...

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

From Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure

By Waqas These vulnerabilities have been dubbed TETRA:BURST by researchers. This is a post from HackRead.com Read the original post: From Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure...

Microsoft validation error allowed state actor to access user email of government agencies and others

Microsoft is getting criticized for the way in which it handled a serious security incident that allowed a suspected Chinese espionage group to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The attacks were...

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunication...