Hacking Archives - Page 350 of 957

Pierluigi Paganini January 10, 2021

TeamTNT botnet now steals Docker API and AWS credentials

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April […]

Pierluigi Paganini January 09, 2021

SolarWinds hackers also used common hacker techniques, CISA revealed

CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, […]

Pierluigi Paganini January 07, 2021

Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack

An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks. The flaws, tracked as CVE-2020-29015, CVE-2020-29016, CVE-2020-29018, and […]

Pierluigi Paganini January 06, 2021

SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes

The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department’s O365 mailboxes. The US Department of Justice (DoJ) published a press release to confirm that the threat actors behind the SolarWinds supply chain attack were able to access thousands of mailboxes of its employees. “On […]

Pierluigi Paganini January 06, 2021

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited by […]

Pierluigi Paganini January 06, 2021

FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack

A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain attack. The US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack. On behalf of President Trump, the four agencies were part of the task force […]

Pierluigi Paganini January 05, 2021

Healthcare organizations faced a 45% increase in attacks since November

According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in attacks since November. Check Point researchers reported a surge in the number of attacks against organizations in the healthcare industry, +45% since November. This is more than double the overall increase observed by the experts […]

Pierluigi Paganini January 05, 2021

Over 500,000 credentials for tens of gaming firm available in the Dark Web

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked online. The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to the top 25 gaming firms. The alarm was raised by the threat intelligence firm Kela […]

Pierluigi Paganini January 05, 2021

How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack

A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google’s own Speech to Text API. Back in 2017, researchers from the University of Maryland demonstrated an attack method, dubbed unCaptcha, against Google’s audio-based reCAPTCHA v2. The system receives the audio challenge, downloads it, and submits it to Speech To […]

Pierluigi Paganini January 04, 2021

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […]

Hacking

TeamTNT botnet now steals Docker API and AWS credentials

SolarWinds hackers also used common hacker techniques, CISA revealed

Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack

SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack

Healthcare organizations faced a 45% increase in attacks since November

Over 500,000 credentials for tens of gaming firm available in the Dark Web

How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack

New alleged MuddyWater attack downloads a PowerShell script from GitHub

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Cisco confirms active exploitation of ISE and ISE-PIC flaws

SharePoint under fire: new ToolShell attacks target enterprises

CrushFTP zero-day actively exploited at least since July 18

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!