On the Randomness of Automatic Card Shufflers

Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it--I remember that we didnt even try very hard--but this article shows that we probably would have found non-random properties: …the executives had...

Your Microsoft Exchange Server Is a Security Liability

Endless vulnerabilities. Massive hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange...

Brazilian Police Arrest Suspected Member of Lapsus$ Hacking Group

The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang. The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launched in August 2022, the agency noted. Not much ...

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1

Rapid7 was back this year at DEF CON 30 participating at the IoT Village with another hands-on hardware hacking exercise, with the goal of teaching attendees' various concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics,...

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used f...

How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million...

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology,...

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for...

Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam

India's Central Bureau of Investigation CBI on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira...

Pay What You Want for This Collection of White Hat Hacking Courses

Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hack...

4 times students compromised school cybersecurity

For many students school can be a tough time, and we've all heard stories about bored or frustrated kids compromising school cybersecurity to change grades. Sometimes the students are celebrated, and other times it ends in them being expelled from school, or even prosecuted. Of course, these acts...

UK Teen Arrested Amid Uber and GTA 6 Hacking Saga

By Deeba Ahmed The teen was arrested from Oxfordshire and is still in police custody but his involvement in Uber and GTA hacks is unconfirmed. This is a post from HackRead.com Read the original post: UK Teen Arrested Amid Uber and GTA 6 Hacking Saga...

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he...

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

In what's the latest crypto heist to target the decentralized finance DeFi space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped...

Botched Crypto Mugging Lands Three U.K. Men in Jail

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes. Shortly after 1...

Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube

Gamers looking for cheats on YouTube are being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines. "The videos advertise cheats and cracks and provide instructions on...

Security Breaks: TeamTNT’s DockerHub Credentials Leak

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in...

Don't share the WhatsApp 'Martinelli' phone hacking alert: It's a hoax

Everyone loves a good campfire story prone to exaggeration. However, when told online its not quite got the same effect. Long ago, sites like Myspace would play host to very certain types of messages. "Dont open this post from Johnny Cyberhack, or your account will be stolen and your C drive will...

TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our...

whywomenwork.org Improper Access Control vulnerability OBB-2886319

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...