308 matches found
Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ aka Slippy Spider transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information...
Scattered Spider: The Modus Operandi
Scattered Spider: The Modus Operandi By Trellix · August 17, 2023 This story was also written by Phelix Oluoch Executive Summary Scattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022...
Potential draining Well via slippage imprecision and swapping the same token
Lines of code Vulnerability details Impact According to Well.sol comment: // Note: The rounding approach of the Well function determines whether // slippage from imprecision goes to the Well or to the User. imprecision can either goes to the Well or User. In this scenario we will assume that Well...
U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison
Joseph James "PlugwalkJoe" OConnor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But...
Jail Time: ‘PlugWalkJoe’ Gets 5 Years for Twitter Hack and Sim Swapping
By Waqas PlugWalkJoe Joseph James O'Connor will also return $749,000, which he admitted to stealing from a Manhattan-based cryptocurrency firm. This is a post from HackRead.com Read the original post: Jail Time: PlugWalkJoe Gets 5 Years for Twitter Hack and Sim Swapping...
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam
A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O'Connor aka PlugwalkJoe, 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the...
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
A threat actor known as Muddled Libra is targeting the business process outsourcing BPO industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the relea...
Lack of deadline parameter when executing swaps
Lines of code Vulnerability details Impact Deadline is not checked. The transaction may stay unexecuted for a long time, resulting in unfavourable trade when the transaction is finally executed. Proof of Concept The function OnRecvPacket is used to help users outside of Canto onboard seamlessly...
The validation of the source channel is performed incorrectly
Lines of code Vulnerability details Impact There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens. Proof of Concept When bootstrapping Canto Network, node operators config channel ID for the onboarding...
The vulnerability of the 6LoWPAN kernel driver of the RIOT operating system, related to pointer swapping errors, allows a hacker to cause a service failure.
The vulnerability of the 6LoWPAN kernel in the RIOT operating system’s graphics driver relates to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the fusbhub.sys library in software for remote connection and control of Flexihub USB devices allows a hacker to cause a service failure.
The vulnerability of the fusbhub.sys library in software for remote connection and control of USB devices like Flexihub is related to pointer swapping errors. Exploiting this vulnerability can allow attackers to cause service failures...
Contributors will be unable to fund a project if UNISWAP token swapping is recommended over minting in JBXBuybackDelegate data source
Lines of code Vulnerability details Impact A core function of the juice-buyback contract, which is to maximise the project tokens received by the contributor, won't work whenever a swap from Uniswap V3 pool provides more tokens over minting because the transaction will revert. This can cause the...
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944,...
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944 ,...
Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
A U.K. national has pleaded guilty in the U.S. in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and...
The vulnerability of the decoder_context::processSliceSegmentHeader function (decctx.cc) in the implementation of the h.265 Libde265 video codec allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the decodercontext::processSliceSegmentHeader function decctx.cc in the H.265 Libde265 video codec implementation is related to pointer swapping errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...
New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency
Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a...
The vulnerability of the mc_chroma function (motion.cc) in the h.265 Libde265 video codec implementation, which allows a hacker to cause a service failure.
The vulnerability of the mcchroma function in the h.265 Libde265 video codec implementation is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service failure by using a specially created file...
XOR POLY Encoder
An x86 Simple POLY Xor encoding method. using polymorphism Register swapping, and instructions modification Module Options msf use encoder/x86/xorpoly msf encoderxorpoly show actions ...actions... msf encoderxorpoly set ACTION msf encoderxorpoly show options ...show and set options... msf...
The vulnerability of the malidp_check_pages_threshold() function (drivers/gpu/drm/arm/malidp_planes.c) in the Linux operating system’s Mali-DP kernel driver allows a hacker to trigger a service failure.
The vulnerability of the malidpcheckpagesthreshold function drivers/gpu/drm/arm/malidpplanes.c in the Linux operating system’s Mali-DP kernel driver is related to pointer swapping errors. Exploiting this vulnerability could allow an attacker to cause a service failure...