Sat.Aug 24, 2024

article thumbnail

Weekly Update 414

Troy Hunt

This is such a significant week for us, to finally have Stefan join us as a proper employee at HIBP. When you start out as a pet project, you never really consider yourself a "proper" employee because, well, it's just you mucking around. And then when Charlotte started "officially" working for HIBP a few years ago, well, that's my wife helping me out.

Software 268
article thumbnail

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

The Hacker News

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation.

145
145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers can take over Ecovacs home robots to spy on their owners

Security Affairs

Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could be hacked to spy on their owners, the company will fix it. During the recent Def Con hacking conference, security researchers Dennis Giese and Braelynn explained that attackers can exploit flaws in vacuum and lawn mower robots made by Ecovacs to spy on their owners. The researchers analyzed the following devices: Ecovacs Deebot 900 Series, Ecovacs Deebot N8/T8, Ecovacs Deebot N9/T9, Ecovacs Deebot N10/T10, Ecovacs De

Hacking 144
article thumbnail

New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules

The Hacker News

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team.

Malware 140
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breaking the Drama Cycle in Cybersecurity: Moving Beyond Blame and Shame

Jane Frankland

Drama. It’s something we often associate with TV shows and movies, but it has a sneaky way of infiltrating even the most professional environments, including cybersecurity. With recent events like the CrowdStrike IT outage causing global disruption and significant financial losses, and the controversial Palo Alto Networks-sponsored event at Black Hat USA , where models were presented as mannequins adorned in evening wear with lampshades obscuring their faces, it’s evident that the cy

article thumbnail

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.

More Trending

article thumbnail

USENIX Security ’23 – TRust: A Compilation Framework For In-Process Isolation To Protect Safe Rust Against Untrusted Code

Security Boulevard

Authors/Presenters:Inyoung Bang and Martin Kayondo, Seoul National University; Hyungon Moon, UNIST (Ulsan National Institute of Science and Technology); Yunheung Paek, Seoul National University Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

ShellSweepX: A Precision Tool for Web Shell Detection

Penetration Testing

In the realm of cybersecurity, the ever-present threat of web shells demands specialized solutions. These malicious scripts, often concealed within legitimate web applications, can provide attackers with unauthorized access, potentially... The post ShellSweepX: A Precision Tool for Web Shell Detection appeared first on Cybersecurity News.

article thumbnail

Security Roundup August 2024

BH Consulting

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Europol report highlights latest cybercrime threats Cyber threats have multiplied and fragmented over the past year, with ransomware groups increasingly targeting small and medium sized businesses because their defences are weaker. Millions of victims across the EU were attacked and exploited online every day in 2023, Europol said.

article thumbnail

Qilin Ransomware: Beyond Encryption, a New Threat of Credential Theft

Penetration Testing

The Qilin ransomware group, already infamous for its “double extortion” tactics, has now added a new strategy to its repertoire: credential harvesting from Google Chrome browsers. A recent investigation by... The post Qilin Ransomware: Beyond Encryption, a New Threat of Credential Theft appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Automate Cross-Site Scripting Attack with Toxssin On Kali Linux

Hacker's King

In this article, we will learn how to automate XSS exploitation using Toxssin. Toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an HTTP server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).

article thumbnail

PEAKLIGHT Malware: A New Stealthy Memory-Only Threat Emerges

Penetration Testing

Cybersecurity researchers at Mandiant have unveiled a sophisticated new memory-only dropper and downloader that’s been silently delivering a variety of malware-as-a-service infostealers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. This stealthy malware,... The post PEAKLIGHT Malware: A New Stealthy Memory-Only Threat Emerges appeared first on Cybersecurity News.

Malware 70
article thumbnail

The US Navy Has Run Out of Pants

WIRED Threat Level

Plus: The US intelligence community formally blames Iran for Trump campaign hack, aircraft-tracking platform FlightAware says a “configuration error” exposed sensitive user data, and more.

Hacking 132
article thumbnail

CertiK Issues Public Apology to Kraken Over $3M Bug Bounty Incident

Penetration Testing

The cybersecurity firm CertiK has publicly confirmed its involvement in the incident with the cryptocurrency exchange Kraken, which had earlier accused an unnamed “whitehat research” of stealing $3 million in... The post CertiK Issues Public Apology to Kraken Over $3M Bug Bounty Incident appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Moscow Hacker Arrested in Georgia, Faces U.S. Court for Cybercrimes

Penetration Testing

Deniss Zolotarjovs, a 33-year-old resident of Moscow, has recently been charged with participating in the activities of an international cybercriminal organization. A federal grand jury in Ohio has indicted him... The post Moscow Hacker Arrested in Georgia, Faces U.S. Court for Cybercrimes appeared first on Cybersecurity News.