Search results for black hat | Breaking Cybersecurity News | The Hacker News

Anonymous Hacks FBI Contractors IRC Federal Anonymous Hackers today leak some files of  IRC Federal via a tweet . They've gotten access to contracts, internal documents, development schematics, logins and more. The Download Link released by Anonymous is  https://www.mediafire.com/?twxc1nhiluwr126#1  ,106.91 MB. Mirror also available now on Torrent . Anonymous Said " If you place any value on freedom, then stop working for the oligarchy and start working against it. Stop aiding the corporations and a government which uses unethical means to corner vast amounts of wealth and proceed to flagrantly abuse their power. Together, we have the power to change this world for the better. ". The Complete Release on Pastebin as shown Below :                              ```  : h0 yyyh     `                                                          :0yyhhh   0  0  :   hhy00:  `                                              : 0hhh               ::     : y 0y   0000 :`        

Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list. In a note to " Vendor-Sec " members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer. I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@….de at this time. Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation. The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members. This means that a compromise and the captu

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only when the target's face is detected by the camera. To demonstrate this scenario, security researchers at IBM Research came up with DeepLocker —a new breed of "highly targeted and evasive" attack tool powered by AI," which conceals its malicious intent until it reached a specific victim. According to the IBM researcher, DeepLocker flies under the radar without being detected and "unleashes its malicious action as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition." Describing it as the "sp

A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based buffer

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair  said  in an analysis, which was  presented  at the Black Hat Asia conference last week. "During this conversion process, a known issue exists in which the function removes trailing dots from any path element and any trailing spaces from the last path element. This action is completed by most user-space APIs in Windows." These so-called MagicDot paths allow for rootkit-like functionality that's accessible to any unprivileged user, who could then weaponize them to carry out a series of malicious actions without having admin permissions and remain undetected. They include the ab

Almost a year ago, at the ' Hack In The Box ' security summit in Amsterdam, a security researcher at N.Runs and a commercial airline pilot, Hugo Teso presented a demonstration that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code. Quite similar to the previous one, a security researcher claims to have devised a method that can give cyber criminals access to the satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems. Cyber security expert Ruben Santamarta, a consultant with cyber security firm IOActive , will unveil his research and all the technical details this week at a major Las Vegas hacker convention, Black Hat conference, showing How commercial airliner satellite communication systems can also be compromised by hackers, along with the evidence of satellite communications system vulnerabilities that questions the standards th

Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad. This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns. Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously. In Pastebin link shared on their Twitter account , the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad. The pair exploited a si

Security researchers have developed a Flying Drone with a custom-made tracking tool capable of sniffing out data from the devices connected to the Internet – better known as the Internet-of-things. Under its Internet of Things Map Project , a team of security researchers at the Texas-based firm Praetorian wanted to create a searchable database that will be the Shodan search engine for SCADA devices. Located More Than 1600+ Devices Using Drone To make it possible, the researchers devised a drone with their custom built connected-device tracking appliance and flew it over Austin, Texas in real time. During an 18 minute flight, the drone found nearly 1,600 Internet-connected devices , of which 453 IoT devices are made by Sony and 110 by Philips. You can see the full Austin map here . How did They locate Internet of Things Devices? The researchers located all ZigBee-enabled smart devices and networks and then started expanding their research. "When [I

At Black Hat security conference this year Cody Brocious demonstrated that How a simple Dry erase marker allows him to open an Onity hotel room door lock with an Arduino, which is totally James Bond. This is just kind of scary on multiple levels, the least being that dry erase markers are one of the most ordinary, non-suspicious objects we can think of. Watch the video below and be afraid – be very afraid. It has been refined to such a state where there are no dangling bits that come out of the marker, with a tip that looks totally normal sans any wires. All you need to do is touch the tip of the market to the door port, and you would have gained entry without mentioning a secret password. The story didn't stop there with Onity, the electronic door specialist in question, stepping in to introduce several measures to secure the doors. Brocious created a proof-of-concept device to show to security experts and press, but it was a bit crude. In order to build and test all of this yoursel

Pebble, a wristwatch that can connect to your phone - both iOS and Android - and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely. Pebble Smartwatch , developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers. A security enthusiast Hemanth Joseph  claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it. HOW PEBBLE SMARTWATCH WORKS Before proceeding towards how he did this, let me explain how Peb

Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It's not just Carrier IQ that Android users need to be worried about. A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team. " Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploi