#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Decentralized Network | Breaking Cybersecurity News | The Hacker News

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
Feb 03, 2024 Vulnerability / Social Media
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as  CVE-2024-23832 , has a severity rating of 9.4 out of a maximum of 10. Security researcher  arcanicanis  has been credited with discovering and reporting it. It has been described as an "origin validation error" ( CWE-346 ), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source." Every Mastodon version prior to 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5. Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give  admins  ampl

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
Nov 09, 2022
A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which  found  more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites. IPFS as a technology is both resilient to censorship and takedowns, making it a double-edged sword. Underlying it is a peer-to-peer (P2P) network which replicates content across all participating nodes so that even if a file is removed from one machine, requests for the resource can still be served via other systems. This also makes it ripe for abuse

​DARPA Wants To Build Ultra Secure Messaging App for US Military

​DARPA Wants To Build Ultra Secure Messaging App for US Military
Apr 24, 2016
Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se

Protecting Your Organization From Insider Threats - All You Need to Know

cyber security
websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo

Kim Dotcom's Decentralized Internet — For You, Powered By You

Kim Dotcom's Decentralized Internet — For You, Powered By You
Nov 03, 2015
Imagine the internet that would offer you to communicate privately with anyone else without censorship, safe from the prying eyes of surveillance authorities…. … Decentralized, Encrypted, Peer-to-Peer Supported and especially a non-IP Address based Internet. Yeah, a New Private Internet that would be harder to get Hacked. This Internet is a dream of all Internet users today and, of course, Kim Dotcom – the Famous Internet entrepreneur who introduced legendary Megaupload and MEGA file sharing services to the World. Kim Dotcom announced plans to start his very own private internet at the beginning of this year and has now revealed more details about MegaNet — a decentralized, non-IP based network that would share data via " Blockchains ," the technology behind Bitcoins. On Thursday, Dotcom remotely addressed a conference in Sydney, Australia, where he explained how MegaNet will utilize the power of mobile phones and laptops to operate. How will M

World's 9 Biggest Banks to adopt Bitcoin's Blockchain Technology

World's 9 Biggest Banks to adopt Bitcoin's Blockchain Technology
Sep 17, 2015
The Existing Infrastructure used by Financial institutions like Banks is Archaic, Slow, and Costly, with hardly any innovation in the past three decades. Nine of the World's renowned Banks, including JPMorgan , Royal Bank of Scotland , Goldman Sachs and Barclays , are collaborating with New York-based financial tech firm R3 to create a new framework based on Bitcoin's Blockchain. Yes, they are back in the game yet again, but this time officially! Blockchain — the public and decentralized ledger technology that underpins all Bitcoin transactions has been now recognized as " the future for financial services infrastructure ". The blockchain technology is a way of keeping records by listing the owner's name with all the previous and present transaction the client was involved. It is a public ledger where a list of all the transactions ever executed is maintained. The Banks are planning to develop and implement Blockchain-like Technology where distributed/shared

MegaNet — New Decentralized, Non-IP Based and Encrypted Network

MegaNet — New Decentralized, Non-IP Based and Encrypted Network
Feb 18, 2015
The Famous Internet entrepreneur and former hacker Kim Dotcom , who introduced legendary Megaupload and MEGA file sharing services to the World, has came up with another crazy idea — To start his very own Internet that uses the "blockchain". Just last month, Kim Dotcom, a German millionaire formerly known as Kim Schmitz , launched the public beta of its end-to-end encrypted video and audio chat service called " MegaChat ", which it says gives better protection than alternatives such as Skype and Google Hangouts. Now, his latest series of tweets referred to Kim Dotcom's supposed " MegaNet " which, he believes, would be immune to the global mass surveillance conducted by governments or corporations and would not be based on IP addresses. MegaNet would be a decentralized, non-IP based network in which the blockchain used by Bitcoin will play an " important role ". Decentralizing the Internet means to take the power of the Web
Expert Insights
Cybersecurity Resources