Lucene search
K

308 matches found

The Hacker News
The Hacker News
added 2023/08/25 1:52 p.m.46 views

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ aka Slippy Spider transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information...

7.3AI score
Exploits0
Trellix
Trellix
added 2023/08/17 12:0 a.m.45 views

Scattered Spider: The Modus Operandi

Scattered Spider: The Modus Operandi By Trellix · August 17, 2023 This story was also written by Phelix Oluoch Executive Summary Scattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022...

10CVSS9.9AI score0.99999EPSS
Exploits15
Code423n4
Code423n4
added 2023/07/09 12:0 a.m.8 views

Potential draining Well via slippage imprecision and swapping the same token

Lines of code Vulnerability details Impact According to Well.sol comment: // Note: The rounding approach of the Well function determines whether // slippage from imprecision goes to the Well or to the User. imprecision can either goes to the Well or User. In this scenario we will assume that Well...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/06/27 7:44 p.m.27 views

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Joseph James "PlugwalkJoe" OConnor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But...

7AI score
Exploits0
HackRead
HackRead
added 2023/06/25 9:43 p.m.20 views

Jail Time: ‘PlugWalkJoe’ Gets 5 Years for Twitter Hack and Sim Swapping

By Waqas PlugWalkJoe Joseph James O'Connor will also return $749,000, which he admitted to stealing from a Manhattan-based cryptocurrency firm. This is a post from HackRead.com Read the original post: Jail Time: PlugWalkJoe Gets 5 Years for Twitter Hack and Sim Swapping...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/24 3:18 p.m.32 views

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam

A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O'Connor aka PlugwalkJoe, 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/23 2:44 p.m.36 views

Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

A threat actor known as Muddled Libra is targeting the business process outsourcing BPO industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the relea...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.11 views

Lack of deadline parameter when executing swaps

Lines of code Vulnerability details Impact Deadline is not checked. The transaction may stay unexecuted for a long time, resulting in unfavourable trade when the transaction is finally executed. Proof of Concept The function OnRecvPacket is used to help users outside of Canto onboard seamlessly...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.11 views

The validation of the source channel is performed incorrectly

Lines of code Vulnerability details Impact There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens. Proof of Concept When bootstrapping Canto Network, node operators config channel ID for the onboarding...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.8 views

The vulnerability of the 6LoWPAN kernel driver of the RIOT operating system, related to pointer swapping errors, allows a hacker to cause a service failure.

The vulnerability of the 6LoWPAN kernel in the RIOT operating system’s graphics driver relates to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS7.2AI score0.00832EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.7 views

The vulnerability of the fusbhub.sys library in software for remote connection and control of Flexihub USB devices allows a hacker to cause a service failure.

The vulnerability of the fusbhub.sys library in software for remote connection and control of USB devices like Flexihub is related to pointer swapping errors. Exploiting this vulnerability can allow attackers to cause service failures...

5.5CVSS5.9AI score0.00325EPSS
Exploits1References5Affected Software1
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.10 views

Contributors will be unable to fund a project if UNISWAP token swapping is recommended over minting in JBXBuybackDelegate data source

Lines of code Vulnerability details Impact A core function of the juice-buyback contract, which is to maximise the project tokens received by the contributor, won't work whenever a swap from Uniswap V3 pool provides more tokens over minting because the transaction will revert. This can cause the...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/17 11:52 a.m.69 views

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/17 11:52 a.m.2 views

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944 ,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/10 10:50 a.m.21 views

Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison

A U.K. national has pleaded guilty in the U.S. in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/20 12:0 a.m.8 views

The vulnerability of the decoder_context::processSliceSegmentHeader function (decctx.cc) in the implementation of the h.265 Libde265 video codec allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the decodercontext::processSliceSegmentHeader function decctx.cc in the H.265 Libde265 video codec implementation is related to pointer swapping errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.3AI score0.0067EPSS
Exploits1References8Affected Software4
The Hacker News
The Hacker News
added 2023/04/04 1:7 p.m.34 views

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/22 12:0 a.m.6 views

The vulnerability of the mc_chroma function (motion.cc) in the h.265 Libde265 video codec implementation, which allows a hacker to cause a service failure.

The vulnerability of the mcchroma function in the h.265 Libde265 video codec implementation is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service failure by using a specially created file...

7.8CVSS6.5AI score0.00774EPSS
Exploits1References8Affected Software4
Metasploit
Metasploit
added 2023/03/21 7:50 p.m.310 views

XOR POLY Encoder

An x86 Simple POLY Xor encoding method. using polymorphism Register swapping, and instructions modification Module Options msf use encoder/x86/xorpoly msf encoderxorpoly show actions ...actions... msf encoderxorpoly set ACTION msf encoderxorpoly show options ...show and set options... msf...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of the malidp_check_pages_threshold() function (drivers/gpu/drm/arm/malidp_planes.c) in the Linux operating system’s Mali-DP kernel driver allows a hacker to trigger a service failure.

The vulnerability of the malidpcheckpagesthreshold function drivers/gpu/drm/arm/malidpplanes.c in the Linux operating system’s Mali-DP kernel driver is related to pointer swapping errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.0029EPSS
Exploits0References24Affected Software3
Rows per page
Query Builder