Iranian hacking group uses compromised email accounts to distribute MSP remote access tool

Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar,...

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a...

Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

By Habiba Rashid Here is everything you need to know about the first two days at the Pwn2Own hacking contest. This is a post from HackRead.com Read the original post: Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned...

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it...

Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely

Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store...

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was i...

D4TA-HUNTER - GUI Osint Framework With Kali Linux

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...

34 Russian Hacking Groups Stole 50 Million User Passwords

By Deeba Ahmed Russian hacking groups primarily using Telegram are on a password stealing spree and so far have targeted users on Amazon, Steam, and Roblox. This is a post from HackRead.com Read the original post: 34 Russian Hacking Groups Stole 50 Million User Passwords...

Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business...

Cloud Hacking – Why API Remains the Biggest Threat?

By Owais Sultan The top causes of cloud hacking have evolved over the years. Currently, APIs are among the top threats to clouds. This is a post from HackRead.com Read the original post: Cloud Hacking - Why API Remains the Biggest Threat?...

New Book: A Hacker’s Mind

I have a new book coming out in February. Its about hacking. A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back isnt about hacking computer systems; its about hacking more general economic, political, and social systems. It generalizes the term hack as a means of...

Earth Longzhi: New subgroup of APT41

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Longzhi is running a spearphishing campaign to infect organizations with a payload such as Cobalt Strike loader, Symatic loader, CroxLoader, BigpipeLoader, OutLoader, and other custom hacking tools...

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware...

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory and how to extract file system data from the device. In this post, we'll cover how to modify the data we've extracted. Modify extracted file...

Owner can steal all the rewards token from the WardenPledge.sol smart contract and break the internal accounting

Lines of code Vulnerability details Impact The owner of the WardenPledge.sol smart contract can steal all the reward tokens from the contract and break the internal accounting. With the recoverERC20 function, the owner can transfer to him/herself the whole balance of the token. The check at L654...

China Operates Secret ‘Police Stations’ in Other Countries

Plus: The New York Post gets hacked, a huge stalkerware network is exposed, and the US claims China interfered with its Huawei probe...

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been...

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...

An odd kind of cybercrime: Gift vouchers, medical records, and...food

Someone with a gift for technology but a nasty habit of using it for very bad things has been spared from going to jail with a suspended sentence. Peter Foy, 18 at the time of his antics, racked up a remarkable, and slightly peculiar, list of compromises before being brought before the court. A...