Using a simple Google query to mine passwords from dozens of public Trello boards
Kushagra Pathak, a Security researcher, published a great text related to mining confidential data using Google search. We have reprinted his text below, while you can find original text at following URL: https://medium.freecodecamp.org/discovering-the-hidden-mine-of-credentials-and-sensitive-information-8e5ccfef2724 How I used a simple Google query to mine passwords from dozens…
Password-Guessing Was Used to Hack Gentoo Linux Github Account
Maintainers of the Gentoo Linux distribution have now revealed the impact and “root cause” of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content…
Pentester’s Guide to IoT Penetration Testing
IoT penetration testing specifics from a certified ethical hacker with 5+ years of experience. With the growing risk to IoT security, penetration testing vendors face multiple queries from companies and individuals, who want their IoT environment to be tested against potential cyber-attacks. Usually, security service providers…
Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal
Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild. In late March, researchers at ESET found a…
Typeform, Popular Online Survey Software, Suffers Data Breach
Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users. The company identified the breach on June 27th,…
RAMpage Attack Explained—Exploiting RowHammer On Android Again!
A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android…
Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen
Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party. The company has blamed a third-party support customer service chat application for the data…
New Malware Family Uses Custom UDP Protocol for C&C Communications
Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto, the hacking group, which they dubbed…
Default Passwords Aid Satori IoT Botnet Attacks
Researchers at Netlab 360 detected a surge in malicious activity scanning and infecting several IoT devices, attempting to make them part of Satori, a variant of the Mirai IoT botnet that is used to take down websites and mine digital coins. Experts point to lack of oversight…
Google Home’s data leak proves the IoT is still deeply flawed
Google / WIRED / Artizarus The Internet of Things (IoT) security problem isn’t going away. The connected network of billions of devices – from smart doorbells to office printers – is regularly found to have privacy problems and be open to attack by potential hackers….
Stay connected