moodle.adres.gov.co Cross Site Scripting vulnerability OBB-2279914

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "I...

Russian language hacking forums warming up to Chinese hackers

By Waqas Russian cybercrime and hacking forums are opening doors to Chinese and English-speaking threat actors, which so far had been a relatively restricted domain for them. This is a post from HackRead.com Read the original post: Russian language hacking forums warming up to Chinese hackers...

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West...

‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not

Security researchers have found signs that the pervasive hacking and misinformation campaign comes not from Moscow but from Minsk...

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The U.S. Federal Bureau of Investigation FBI on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus,...

Back-to-Back PlayStation 5 Hacks Hit on the Same Day

A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking over its most basic functions. Both exploits were posted on Twitter on Nov. 7 without disclosure to Sony or specifics, but they nonetheless signal potential security problems to come for the gaming...

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4

The first 3 installments of our series on Rapid7's hands-on exercise from the IoT Village at this year's DefCon covered how to set up a UART header, how to determine UART status and baud rate, and how to log into single-user mode on the device. In this final post, we'll discuss how to gain full...

Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service FSB. Calling the...

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3

In our first post in this series, we covered the setup of Rapid7's hands-on exercise at Defcon 29's IoT Village. Last week, we discussed how to determine the UART status of the header we created and how to actually start hacking on the IoT device. The goal in this next phase of the IoT hacking...

Researcher found 70% Wi-Fi networks in Tel Aviv are hackable

By Waqas While examining Wi-Fi networks in Tel Aviv, Israel, 70% or around three-quarters of home and small-scale office Wi-Fi network passwords were vulnerable to hacking using inexpensive hacking tools. This is a post from HackRead.com Read the original post: Researcher found 70% Wi-Fi networks...

New York Times Journalist Hacked with NSO Spyware

Citizen Lab is reporting that a New York Times journalist was hacked with the NSO Groups spyware Pegasus, probably by the Saudis. The world needs to do something about these cyberweapons arms manufacturers. This kind of thing isnt enough; NSO Group is an Israeli company...

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1

This year, Rapid7 participated at the IoT Village during DefCon29 by running a hands-on hardware hacking exercise, with the goal of exposing attendees to concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics, including how to u...

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But Im a cybersecurity professional, I run a team that has the...

The vulnerability of the ziplist data structure in the Redis database management system allows a hacker to execute arbitrary code.

The vulnerability of the ziplist data structure in the Redis database management system is related to the possibility of changing the configuration parameter values. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

ExpressVPN made a choice, and so did I: Lock and Code S02E19

On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turke...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive...

Apple AirTags can be used as trojan for credential hacking

By Waqas According to penetration tester and security researcher Bobby Raunch, Apple's AirTags can be used for credential hacking and data theft vectors. This is a post from HackRead.com Read the original post: Apple AirTags can be used as trojan for credential hacking...

How to Prevent Account Takeovers in 2021

Data breaches and hacking put internet users at risk of account takeover, if cybercriminals successfully gain access to valid login credentials. There are reckoned to be in excess of 8.4 million discrete passwords currently circulating online, more than 3.5 billion of which are tied to active...