MuddyWater targets Israeli organizations by exploiting unpatched log4j vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, an Iranian threat actor, exploits Log4j two vulnerabilities in SysAid applications to target Israeli organizations. As soon as the attacker gains access to the targeted organization, it...

A US Propaganda Operation Hit Russia and China With Memes

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world...

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

By Deeba Ahmed According to Dr. Web, the backdoor comes pre-installed in Counterfeit Android devices targeting WhatsApp and WhatsApp Business messengers. This is a post from HackRead.com Read the original post: Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts...

Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the...

Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF

With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

Microsoft Warns About Phishing Attacks by Russia-linked Hackers

Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker...

Black Hat and DEF CON Roundup

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group...

Hacking Starlink

This is the first--of many, I assume--hack of Starlink. Leveraging a string of vulnerabilities, attackers can access the Starlink system and run custom code on the devices...

Cisco Confirms Network Breach Via Hacked Employee Google Account

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. “During the...

Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates. The highlights for Kali’s 2022.3’s release: Discord Server - Kali’s new community real-time chat option has launched! Test Lab Environment - Quickly create a test bed to learn, practice, and...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

BlackStone - Pentesting Reporting Tool

BlackStone project or "BlackStone Project" is a tool created in order to automate the work of drafting and submitting a report on audits of ethical hacking or pentesting. In this tool we can register in the database the vulnerabilities that we find in the audit, classifying them by internal,...

Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

By Waqas Cellebrite is an Israel-based smartphone hacking or cracking firm that previously made headlines for unlocking iPhone devices for… This is a post from HackRead.com Read the original post: Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack...

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution RCE or cause a denial-of-service DoS condition on affected devices. The most critical of the flaws impact Cisco Small...