Two hackers have been indicted for their role in the AT&T and Ticketmaster data breaches.

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this

Go beyond the BILLY. READ MORE...

Here are five things in technology that happened this past week and how they affect your business. Did you miss them?

1 — Googles secret to protect its employees from hacking is physical keys.

Google has announced a robust solution for phishing cyberattacks against its employees. The company says the adoption of physical Security Keys has stopped the attacks. Security Keys are small USB stick devices made by companies like YubiKey that function similar to two-factor authentication (2FA) methods its employees may already be using.

complete article

Hackers commonly leverage social engineering to get a foothold in a company.

Aim/Purpose: This study aims to investigate various characteristics from both victims as defaced websites and defacers that linked to a risk of being defaced through a set of descriptive analysis. Background: The current figures from a spectrum of sources, both academic and non-academic reports, proved a progressive increase of website defacement attacks to numerous organisations. Methodology: This study obtains a set of data from Zone-H site, which is accessible to the public, including 99,437 defaced websites. The descriptive analysis is applied in order to understand the motives of defacers and the probability of website re-defacements through the statistical investigation. Findings: The motives for defacing websites are driven mainly due to entertaining reasons. This in turn has an implication on the type of techniques defacers attack websites.

The suspects were detained for their alleged participation in distributed denial of service (DDoS) cyber attacks against public institutions and strategic sectors, the Civil Guard said.

EC-Council, a leading cybersecurity credentialing body, has awarded ethical hacking scholarships worth $825,000 to help shape the future of the ethical hacking practitioners.

As India gears up to celebrate its 72nd Republic Day, 3 proud Indians have proven their skills and are in the top 10 of the Global Ethical Hacking Leaderboard by EC-Council.

Programs for doing magic with hackers.git

NSS and PAM integration for parabola-hackers

La firma española detecta amenazas híbridas, con ramificaciones tanto digitales como sobre el terreno. Desinformar es una de las modalidades de ataque más frecuentes. Leer

U.S. officials say state-backed Chinese hackers foiled Microsoft’s cloud-based security and hacked the email of officials at multiple U.S. agencies that deal with China ahead of Secretary of State Antony Blinken’s trip to Beijing last month. The surgical, targeted espionage accessed the mailboxes of a small number of individuals at an unspecified number of U.S. agencies and was discovered by the State Department. Officials said none of the breached systems were classified. The hack was disclosed late Tuesday by Microsoft, which said email accounts were haced at about 25 organizations globally beginning in mid-May. A U.S. official said the number of U.S. organizations impacted was in the single digits.

The post Chinese hackers breached State Dept., other government email on eve of Blinken visit, officials say first appeared on Federal News Network.

For five years, Canadian government networks have been vulnerable to Chinese state-sponsored cyber espionage, according to a recent report by Canada's Communications Security Establishment (CSE).

Location: Engineering Library- QA76.9.A25T474 2016

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan," ESET said in its APT Activity Report for the period April to

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

North Korean hackers have disguised malware in seemingly harmless macOS apps using sophisticated code to bypass security checks and target unsuspecting users.

A newly identified smartphone vulnerability can reveal the floor plans of where you are and what you are doing - and it is possible that companies or intelligence agencies are already making use of it

Motion sensors in smartphones can be turned into makeshift microphones to eavesdrop on conversations, outsmarting security features designed to stop such attacks

Hackers are exploiting EA FC 25 to nab millions of coins and snipe the world's best football players and EA seems unable to stop it - and this is how it happens

Security researchers found a dozen vulnerabilities in 5G baseband chips found in phones made by Google, OPPO, OnePlus, Motorola, and Samsung.

© 2024 TechCrunch. All rights reserved. For personal use only.

The hackers who reportedly hit more than 130 organizations last year and stole the credentials of almost 10,000 employees are still targeting several tech and video game companies, according to a report obtained by TechCrunch. The report, prepared by cybersecurity firm CrowdStrike, calls the hackers “Scattered Spider.” In a previous publicly available report, the company […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Covid-19 themed attacks continue to be used by hacker groups to make quick money

Marc Rogers, Executive Director of Cybersecurity, Okta, Nate Warfield, Security Researcher, Microsoft and Ohad Zaidenberg, Founder and Executive, CTI League in conversation with Andy Greenberg, WIRED.

Maddie Stone, Security Researcher, Google Project Zero in conversation with Lily Hay Newman, WIRED.

Jen Easterly, director of the US government's civilian cyber defense agency, talks about the importance of working with the hacker community to close vulnerabilities sooner.