Hacking Archives - Page 132 of 966

Pierluigi Paganini October 26, 2023

iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini October 26, 2023

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report of 2023 states that the company has mitigated thousands of hyper-volumetric HTTP distributed denial-of-service attacks. 89 of the attacks mitigated by the company exceeded 100 million requests per second (rps), the largest attack peaked at […]

Pierluigi Paganini October 26, 2023

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks. The Winter […]

Pierluigi Paganini October 25, 2023

Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organization has awarded a total of $438,750 in prizes! Team Orca of Sea Security received the greatest rewards of the day, the researchers chained two […]

Pierluigi Paganini October 24, 2023

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The […]

Pierluigi Paganini October 24, 2023

How did the Okta Support breach impact 1Password?

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta […]

Pierluigi Paganini October 23, 2023

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance […]

Pierluigi Paganini October 23, 2023

City of Philadelphia suffers a data breach

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The […]

Pierluigi Paganini October 23, 2023

Vietnamese threat actors linked to DarkGate malware campaign

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., the U.S., and India. WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. DarkGate is a commodity malware that is offered with a model […]

Pierluigi Paganini October 21, 2023

A threat actor is selling access to Facebook and Instagram’s Police Portal

A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal. The portal allows law […]

Hacking

iLeakage attack exploits Safari to steal data from Apple devices

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

How did the Okta Support breach impact 1Password?

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

City of Philadelphia suffers a data breach

Vietnamese threat actors linked to DarkGate malware campaign

A threat actor is selling access to Facebook and Instagram’s Police Portal

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Severe Hikvision HikCentral product flaws: What You Need to Know

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Google addressed two Android flaws actively exploited in targeted attacks

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!