211 matches found
FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks
By Deeba Ahmed The culprit behind these callback phishing attacks, known as Silent Ransom Group SRG, is also identified as Luna Moth. This is a post from HackRead.com Read the original post: FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks...
Backdoor Implanted on Hacked Cisco Devices Modified to Evade Detection
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgrade...
North Korea's Lazarus Group Launders $900 Million in Cryptocurrency
As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be...
Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ aka Slippy Spider transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information...
Hacks Against Ukraine's Emergency Response Services Rise During Bombings
Data from Cloudflare's free digital defense service, Project Galileo, illuminates new links between online and offline attacks...
QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
By Habiba Rashid Citizens Lab and Microsoft have exposed an Israeli firm, QuaDream, selling spyware to governments around the world. This is a post from HackRead.com Read the original post: QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks...
Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
By Waqas Alcasec boasted about his hacks in a YouTube podcast. This is a post from HackRead.com Read the original post: Alcasec Hacker, aka "Robin Hood of Spanish Hackers," Arrested...
Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or future related incidents. The SANS Institute provides research and education on information security. In th...
ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...
ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...
Login Details of Tech Giants Leaked in Two Data Center Hacks
By Waqas Threat actors have hacked two data centers in Asia and accessed login credentials of top technology giants, including Apple, Uber, Microsoft, Samsung, Alibaba, etc., and leaked them on a hacker forum. This is a post from HackRead.com Read the original post: Login Details of Tech Giants...
Norway Seizes $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers
Norwegian police agency Økokrim has announced the seizure of 60 million NOK about $5.84 million worth of cryptocurrency stolen by the Lazarus Group in March 2022 following the Axie Infinity Ronin Bridge hack. "This case shows that we also have a great capacity to follow the money on the blockchai...
Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages
A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named...
Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets
Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –BUSINESS WIRE– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...
Booklist Review of A Hacker’s Mind
Booklist reviews A Hackers Mind: Author and public-interest security technologist Schneier Data and Goliath, 2015 defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system … at the expense of someone else affected by the system.” In accessing the security...
The Worst Hacks of 2022
The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks...
The State of Cybersecurity: Why Industry Experts Are Optimistic
By Owais Sultan 2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in… This is a post from HackRead.com Read the original post: The State of Cybersecurity: Why Industry Experts Are Optimistic...
Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages
NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open source ecosystem with packages containing links to phishing...
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
Cross site scripting
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...