Linux Hacks & Cracks - Page 22
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.
LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members’ personal data.
Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis.
The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.
Not all ransomware is made equal. To be clear, we’re not for a moment suggesting that any form of ransomware is technically, ethically, morally or legally acceptable.
Last month, five of Atlanta's 13 government offices were "hijacked," as the city's mayor put it, by ransomware that disrupted far-reaching facets of the city’s digital infrastructure. From the courts to the police department to public works, government activity was essentially frozen as the hackers gave the city a week to pay the ransom – roughly $50,000 worth of bitcoin – or have critical data and processes deleted permanently.
Security researchers, ethical hackers, and bug hunters spend their days trying to make the world safer and more secure. And yet the US legal system makes it almost impossible for them to do their jobs, thanks to flimsy interpretations of long, outdated laws.
Organizations are closing the skills and preparedness gap between hackers and themselves, improving a picture that's all too often painted as grim. That means we — at least those of us in the Western Hemisphere — are getting pretty good at cybersecurity, according to the latest numbers from one of the largest cybersecurity firms.
Of the four new advanced persistent threat (APT) groups christened by FireEye last year, three were out of Iran. Mandiant, the incident response services arm of FireEye, witnessed a major increase in nation-state hacking activity by Iranian attackers in 2017, especially on the cyber espionage side of things. Iranian groups now are maintaining and keeping a foothold in victim organizations for months and sometimes years, demonstrating their sophistication, according to Mandiant's newly published M Trends Report on its incident investigations in 2017.
Luxury department store behemoth Saks Fifth Avenue and sister stores Saks OFF 5TH and Lord & Taylor have become the latest retail victim of a data breach. The incident impacts 5 million payment cards that were used at stores in North America, from May 2017 to March 2018.
MyfitnessPal has been hacked! Because email addresses were among the information stolen, criminals have been able to send MyfitnessPal spear phishing emails for the past month. These spear phishing attacks are especially dangerous because stolen personal information that users had logged in the app can be used to make phishing emails very convincing and difficult to detect.
Hackers made off with a whopping five million credit and debit card numbers from Saks Fifth Avenue, Saks Off 5th and Lord & Taylor, placing it “among the most significant credit card heists in modern history.”
Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.
A recently discovered malware family written using the Golang (Go) programming language is targeting Linux servers and using a different binary for each attack, Talos warns.
There appears to be no honor among thieves. Threat actors have been cashing in on hacking and cyberattacks for years. Pillaging bank accounts, stealing identities, selling access to botnets to disrupt websites -- the possibilities are endless.
Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.
Thousands of servers running etcd are exposing user credentials publicly on the Internet. According to security researcher Giovanni Collazo, a quick query made through the Shodan search engine revealed a total of 2,284 etcd servers which are leaking credentials, including the passwords and keys required for cms_admin, mysql_root, and postgres server infrastructure.
For years, executives at France-based Ledger have boasted their specialized hardware for storing cryptocurrencies is so securely designed that resellers or others in the supply chain can't tamper with the devices without it being painfully obvious to end users.
Admins are being urged to update email server program Exim, patched in February, to close a remote execution flaw.
A newly uncovered 'nation-state level' cyber espionage operation has targeted humanitarian aid organisations around the globe via the use of backdoors hidden within malicious Word documents.