Linux Hacks & Cracks - Page 11
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.
Have you heard about the new Cloud Snooper malware which uses a Linux kernel driver to attack cloud servers?
Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. Learn more:
Chinese security researchers were able to successfully discover zero-day vulnerabilities in Chrome, Edge, Safari, Office 365, qemu-kvm + Ubuntu and more at a recently held hacking competition in the city of Chengdu in China. Learn more in an interesting TechWorm article:
A team of cybersecurity researchers has discovered a clever technique which relies on a vulnerability in MEMS microphones embedded in voice-controllable systems to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Learn more about this hack and how to protect yourself against it in real-life in a great The Hacker News article:
NordVPN suffered a breach nineteen months ago, which has only recently been disclosed to the public. VPN security in general is questionable. What VPNs do you use, and why should they be considered trustworthy? Learn more about the NordVPN breach in an interesting Schneier on Security article:
Are you aware that Amazon Web Services (AWS) customers were hit by severe outages yesterday after an apparent DDoS attack took S3 and other services offline for up to eight hours? Learn more about the attack:
Old passwords never die – they just become easier to decode. That’s the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago. Learn more:
Have you heard that Unix co-founder Ken Thompson's 39-year old BSD password has finally been cracked? Learn more in an interesting The Hacker News article:
Remember the O.MG cable? A project by self-taught electronics hacker _MG_, it’s a malicious Lightning cable that looks just like the regular overpriced piece of wire that connects your iPhone to a computer. The cable is now about to hit mass distribution. Learn more:
Did you know that the ex-Amazon employee responsible for the Capital One breach earlier this year used the infiltrated cloud servers to mine cryptocurrency? Learn the details in this interesting The Next Web article:
Have you heard about the new fake iPhone charging cable developed by security researcher Mike Grover which allows attackers to take over Linux, Mac and Windows computers as soon as they are plugged in? Learn more in this interesting PCMag article:
There isn’t an industry safe from data breaches. Frombanksand credit organizations to hotel and restaurant chains,academic institutions and more, hundreds of millions of individuals have had their personal information stolen – all via the companies with whom they do business.
A new variant of the Mirai botnet has been discovered which utilizes the Tor network to prevent command server takedowns or seizure.
In this article, Dave Dittrich discusses the buildup to his discovery of DDoS attacks 20 years ago. I was inspired to start a series of articles on the early history of DDoS by a few recent events. Rik Farrow interviewed me for a forthcoming issue (Fall 2019 Vol. 44, No. 3) ofUsenix;login:magazine while I was also writing up ahistory of the early days of the Honeynet Project, which refreshed my memory on a number of events in 1999-2000. I also read this MIT Technology Review article on the 20th anniversary of the “first DDoS attack” on the University of Minnesota It took me a little while to remember that July 22wasnotthe first of the three days that the University of Minnesota spent off-line from persistent flooding. That happened almost a month later. Nor was July 22 even thestart of the build upto that event. Now seemed like a good time to clarify this history.
Have you heard that hackers havestolen a massive trove of sensitive data and defaced the website of SyTech, a major contractor working for Russian intelligence agency FSB (Federal Security Service)? BBC Russia, which reported the breach, said âitâs possible that this is the largest data leak in the history of the work of Russian special services on the Internet.â The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.
Have you heard about Spearphone, a newly demonstrated attack that takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions?
Have you heard that Japanese cryptocurrency exchange Bitpoint has been hacked, resulting in the loss of $32 million worth of various digital currencies? The majority of funds lost (approximately $23 million) belonged to customers, while the rest were owned by the exchange.
Do you use Zoom for video chats? The company is now taking action to update its software only after a security researcher discovered several serious security vulnerabilities in the popular app.
A new ransomware family has been found targeting Linux-based NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid.