Bitfinex Hack Mastermind Behind $10 Billion Theft Gets Early Release

Ilya Lichtenstein, the man behind the massive 2016 Bitfinex Bitcoin theft, has been released early from prison. Read how the First Step Act and a trail of Walmart gift cards led to this major update in one of the world's largest crypto thefts...

Mysterious Crime Spree Targeted National Guard Equipment Stashes

A string of US armory break-ins, kept quiet by authorities for months, points to a growing security crisis—and signs of an inside job...

Hackers Leaking Taylor Swift Tickets? Don’t Get Your Hopes Up

Plus: Researchers uncover a new way to expose CSAM peddlers, OpenAI suffered a secret cyberattack, cryptocurrency thefts jump in 2024, and Twilio confirms hackers stole 33 million phone numbers...

The Shocking Data on Kia and Hyundai Thefts in the US

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage...

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Date: 29/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company...

The Worst Hacks and Breaches of 2022 So Far

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half...

North Korean Lazarus APT group targets blockchain tech companies

A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...

North Korean State-Sponsored APT Targets Blockchain Companies

CISA, the Federal Bureau of Investigation FBI, and the U.S. Treasury Department have released a joint Cybersecurity Advisory CSA that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat APT actor known as the...

Norton Put a Cryptominer in Its Antivirus Software

Plus: NFT thefts, a ransomware wave in schools, and more of the week’s top security news...

Client-Side Protection is Key to Web Application Security

The Open Web Application Security Project OWASP Foundation defines script attacks as a "type of injection in which malicious scripts are injected into otherwise benign and trusted websites."1 From the perspective of the user, malicious code is coming from trusted websites. Recently popularized by...

Ransomware Hits Leading US Medical Debt Collector R1 RCM Inc.

By Waqas Previously, R1 RCM Inc., under different name had several incidents involving thefts of laptops containing unencrypted patient data. This is a post from HackRead.com Read the original post: Ransomware Hits Leading US Medical Debt Collector R1 RCM Inc...

ATM hacker behind $1 billion malware heists arrested in Spain

By Waqas In a joint operation, Europol along with the law enforcement authorities from Belarus, This is a post from HackRead.com Read the original post: ATM hacker behind $1 billion malware heists arrested in Spain...

IC3 Warns of Extortion Email Schemes

The Internet Crime Complaint Center IC3 has issued an alert on extortion schemes that relate to recent high-profile data thefts. Fraudsters often use the news release of high-profile data breaches to scare victims into clicking on a link or paying a ransom. US-CERT encourages users and...

FatWire UpdateEngine 6.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16073/info FatWire UpdateEngine is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...

Pinterest Temporarily Locking Down Compromised Accounts

The popular social sharing site Pinterest is addressing an uptick in suspected hacks by temporarily locking down suspicious accounts and forcing those users to create more unique passwords. The lockouts follow a couple of weeks of notices that include an 11-question survey to help the company...

Security May Be Broken, But All is Not Lost

It’s been an ugly year so far for the security industry. In fact, if you’re looking at it objectively, almost nothing has gone right in the last six months. The long list of attacks this year–including RSA, Sony, Epsilon, Lockheed Martin, Citigroup and many others–coupled with the emergence of...

Economic offences, cyber crime set to rise !!

Due to an increase in computer usage in private as well as the government sector, the police recorded a sharp rise in cyber crime last year. A desktop computer is a staple in most households, and use of laptops, net books and smart phones are a rage among everyone — from kids aged six to senior...

How to Defeat Full-Disk Encryption in One Minute

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this soluti...

ASPKnowledgebase vulnerable to XSS injection.

ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of it's input fields. If you compromise it's logon, to gain administrative privileges as my previous advisory describes - you can inject the admin form-fields with XSS. This will result in automatic execution of script when...