Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 120

Hacking Cybersecurity 120

Schneier on Security

DECEMBER 24, 2024

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.

Spyware 314

Spyware Hacking 314

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Security Affairs

JANUARY 23, 2025

is end-of-life and no longer receives security updates, for this reason, these instances are exposed to hack. The advisory details hacking activities exploiting the mentioned vulnerabilities. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA)

Hacking 115

Hacking Government Cybersecurity Information Security 115

Security Affairs

DECEMBER 7, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ransomware) Grabovac pointed out that his organization will not pay the ransom requested by the ransomware gang.

Ransomware 123

Ransomware Hacking Accountability Cyber Attacks 123

Security Affairs

NOVEMBER 2, 2024

A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info. A former Walt Disney World employee hacked servers after being fired by the company. He is accused of changing prices, adding profanities, and falsely labeling items as allergy-safe.

Hacking 139

Hacking Risk Cybercrime Information Security 139

Security Boulevard

FEBRUARY 22, 2025

billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market's history. The post North Koreas Lazarus Group Hacks Bybit, Steals $1.5 North Korea's notorious Lazarus Group reportedly stole $1.5 Billion in Crypto appeared first on Security Boulevard.

Hacking 99

Hacking Cryptocurrency Marketing Data privacy 99

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware 107

Spyware Hacking Surveillance Malware 107

Security Affairs

NOVEMBER 9, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) . “The CMU can then be compromised and “enhanced” to, for example, attempt to compromise any connected device in targeted attacks that can result in DoS, bricking, ransomware, safety compromise, etc.”

Hacking 128

Hacking Firmware Software Manufacturing 128

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking 129

Hacking Internet Internet Government 129

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government 316

Government Spyware Mobile Hacking 316

Schneier on Security

JANUARY 10, 2025

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps (..)

Data collection 310

Data collection Advertising Media Hacking 310

Schneier on Security

FEBRUARY 24, 2025

OpenAIs o1-preview tried to cheat 37% of the time; while DeepSeek R1 tried to cheat 11% of the timemaking them the only two models tested that attempted to hack without the researchers first dropping hints. While R1 and o1-preview both tried, only the latter managed to hack the game, succeeding in 6% of trials.

Engineering 298

Engineering Hacking 298

Security Boulevard

JANUARY 8, 2025

The post Green Bay Packers Retail Site Hacked, Data of 8,500 Customers Exposed appeared first on Security Boulevard.

Retail 109

Retail Hacking Data privacy Data breaches 109

Security Affairs

JANUARY 20, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,HPE) HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims, HPE spokesperson Adam R. Bauer told SecurityWeek.

Hacking 117

Hacking Cybercrime Data breaches Information Security 117

Security Affairs

JANUARY 12, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Facebook) The researchers already received for these issues 32 payrolls for a total of $288,500 but likely will receive more for the other flaws reported.

Hacking 112

Hacking Media Information Security 112

Schneier on Security

FEBRUARY 25, 2025

” More : This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. The Bybit hack has shattered long-held assumptions about crypto security. .” The announcement on the Bybit website is almost comical.

Cryptocurrency 250

Cryptocurrency Social Engineering Hacking Engineering 250

SecureWorld News

FEBRUARY 26, 2025

Well-known crypto researcher ZachXBT reached the same conclusion as Elliptic, sharing his analysis on X: Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents.

Hacking 74

Hacking Cryptocurrency Cyber threats Malware 74

Schneier on Security

JANUARY 16, 2025

” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based

Malware 247

Malware Hacking Software 247

Schneier on Security

NOVEMBER 19, 2024

As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist who specializes in covering spyware and hacking. Italian spyware is cheaper and easier to use, which makes it more widely used.

Spyware 296

Spyware Marketing Hacking 296

Schneier on Security

MARCH 4, 2025

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.

Hacking 238

Hacking Cybersecurity 238

Schneier on Security

FEBRUARY 3, 2025

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks. ” It is not clear who was behind the attack.

Spyware 272

Spyware Government Hacking Software 272

Krebs on Security

MARCH 7, 2025

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing…

Password Management 250

Password Management Hacking Passwords 250

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. police as part of an FBI investigation into the MGM hack. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 245

Identity Theft Phishing Cryptocurrency Accountability 245

Krebs on Security

FEBRUARY 28, 2025

Intrinsec said its analysis showed Prospero frequently hosts malware operations such as SocGholish and GootLoader , which are spread primarily via fake browser updates on hacked websites and often lay the groundwork for more serious cyber intrusions — including ransomware. A fake browser update page pushing mobile malware.

Malware 234

Malware Antivirus Software DDOS 234

Schneier on Security

OCTOBER 14, 2024

North Korea is the government we know that hacks cryptocurrency in order to fund its operations. Aqua Security researchers have also observed the malware serving as a backdoor to install other families of malware. Something this complex and impressive implies that a government is behind this. But this feels too complex for that.

Malware 268

Malware Cryptocurrency Internet Internet 268

Security Affairs

FEBRUARY 22, 2025

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. billion to an unidentified address.

Cryptocurrency 129

Cryptocurrency Hacking Banking Cybersecurity 129

Schneier on Security

MARCH 11, 2025

The indictment against Yin Kecheng, who was previously sanctioned by the Treasury Department in January for his involvement in the Treasury breach, quotes from his communications with a colleague in which he notes his personal preference for hacking American targets and how he’s seeking to ‘break into a big target,’ which he hoped (..)

Government 221

Government Media Hacking 221

Security Affairs

OCTOBER 22, 2024

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability. In September, Broadcom released security updates to the vulnerability CVE-2024-38812.

Hacking 140

Hacking Government Software Information Security 140

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency 105

Cryptocurrency Hacking Government Accountability 105

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. “It is true our accounts were hacked into but not to the extent of what is being reported. The police’s Criminal Investigations Department and the Auditor General are investigating the incident.

Banking 141

Banking Government Accountability Hacking 141

Security Affairs

JANUARY 4, 2025

“ Flax Typhoon is a China-linked hacking group that has been active since 2021, it targets critical infrastructure globally, exploiting vulnerabilities for persistent access. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity 121

Cybersecurity IoT Hacking Technology 121

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities.

Retail 248

Retail Advertising Cryptocurrency Marketing 248

Krebs on Security

NOVEMBER 1, 2024

One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account. This seller claims to help people monetize hacked booking.com partners, apparently by using the stolen credentials to set up fraudulent listings.

Phishing 255

Phishing Accountability Artificial Intelligence Cybercrime 255

Security Affairs

OCTOBER 31, 2024

Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) Interbank , formally the Banco Internacional del Perú Service Holding S.A.A.

Data breaches 127

Data breaches Financial Services Hacking Mobile 127

Security Affairs

NOVEMBER 11, 2024

million records containing employee data on the hacking forum BreachForums. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MOVEit) The company said that the data was stolen from a third-party vendor. Amazon did not disclose the number of impacted employees.

Data breaches 124

Data breaches Hacking Ransomware Technology 124

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Internet Archive)

Data breaches 120

Data breaches Internet Internet DDOS 120