As North Korea tries to rev up its economy, it may shift its hacking efforts from financial thievery to stealing intellectual property, China-style. That’s according to a contested new theory from cyber security firm CrowdStrike. Why it matters: North Korea is already one of the “big four” hacking threats — along […]
News
111 posts
Dmitry Artimovich, who on several occasions had been referred to as a “Russian hacker” by the world’s largest news publications (The New York Times, Associated Press), has published the book “ONLINE PAYMENT SOLUTIONS: The evolution of Visa and MasterCard. Regulation and development of payment systems in Europe” In the first Russian […]
In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. For a detailed walkthrough of the vulnerability and the […]
The remote execution flaw exists because some field types do not properly sanitize data from non-form sources and this can be exploited to achieve arbitrary PHP code execution. It is deemed highly critical because it can be exploited by unauthenticated attackers and only requires easily achievable user interaction (a visit […]
Linux Kernel is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the kernel. Failed exploits may result in denial-of-service conditions. The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code has just picked […]
The fundamental challenge of cybersecurity is not new. They have existed as long as computers have been used in sensitive applications in various industries. Industries face these issues following their level of dependency on computer technology on different timescales and context. Likewise in the automotive sector, the potential capabilities fueled by connected technology offer […]
Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory. Initially appearing unrelated, analysis showed the final payload to be a Monero cryptocurrency-mining malware variant as it scans for open port 445 and exploit a Windows SMB […]
GitHub revealed on Tuesday that last year it paid out $165,000 to researchers who took part in its public bug bounty program. Security experts also earned significant amounts of money through GitHub’s private bug bounty programs, researcher grants, and a live hacking event. The hacking event took place in August […]
Everyone likes a new Kali update! The big marquee update of this release is the update of Metasploit to version 5.0, which is their first major release since version 4.0 came out in 2011. Metasploit 5.0 is a massive update that includes database and automation APIs, new evasion capabilities, and usability improvements throughout. […]
Governments and private organisations have around 20 minutes to detect and contain a hack from Russian nation-state actors. New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their “breakout time.” “Breakout time” refers to the time a hacker group takes from gaining initial access to […]
PrivateVPN Does PrivateVPN keep any logs? The FAQ is emphatic: “No, we NEVER produce logs of any data traffic. The only things we store are your email address.” That doesn’t rule out logging session traffic, of course: connection times, bandwidth, maybe IPs. As PrivateVPN imposes a six-device limit it presumably maintains a […]
Locky ransomware is back, again… It’s delivered with the help of new tricks to fool users and anti-malware defences. Delivered through one of the largest spam campaigns in H2 2017 – as many as 23 million sent messages per day – the newest variant adds the .lukitus extension to the […]
Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach. “Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Even large security operations center (SOC) teams […]
The dump is relatively small, containing around 3MB of files. https://pastebin.com/L48e49AK At the end of July, anonymous hackers published documents stolen from an employee of cybersecurity firm FireEye, and claimed that more data would follow. On Monday, the hackers seemingly followed up, and released a second cache of alleged documents, passwords, and […]
The UK Government’s Department of Digital, Culture, Media and Sport (DCMS) has announced that firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyberattacks. The introduction of such financial penalties will be carried out by the data protection regulator, […]