Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums

(Advanced Search)

Online Users
There are currently 2587 online users.
» 0 Member(s) | 2584 Guest(s)
Applebot, Bing, Google

Latest Threads
Mysterious Kill Switch Di...
Forum: The Hacker News
Last Post: yazrozzarn
01-10-2026, 04:36 AM
» Replies: 1
» Views: 865
UAW drops unfair labor pr...
Forum: Other Automakers
Last Post: BillyMum
06-16-2025, 09:15 PM
» Replies: 2
» Views: 2,560
Uber's Ex-CISO Appeals Co...
Forum: Dark Reading.com
Last Post: BillyMum
06-15-2025, 05:26 AM
» Replies: 2
» Views: 3,809
2021 Hyundai Ioniq SEL
Forum: Kia USB Entry
Last Post: HackMaster
03-31-2025, 07:17 AM
» Replies: 0
» Views: 456
Vulnerability of Remote K...
Forum: Keyless entry
Last Post: HackMaster
03-31-2025, 07:14 AM
» Replies: 0
» Views: 355
The (In)Security of Autom...
Forum: Keyless entry
Last Post: HackMaster
03-31-2025, 07:12 AM
» Replies: 0
» Views: 336
Relay Attacks on Passive ...
Forum: Keyless entry
Last Post: HackMaster
03-31-2025, 07:07 AM
» Replies: 0
» Views: 328
Hacking Tesla from Wirele...
Forum: Tesla
Last Post: HackMaster
03-31-2025, 06:58 AM
» Replies: 0
» Views: 366
Hacking Tesla from Wirele...
Forum: Tesla
Last Post: HackMaster
03-31-2025, 06:22 AM
» Replies: 0
» Views: 351
Schematics and Datasheets
Forum: Schematics
Last Post: HackMaster
02-27-2025, 12:26 AM
» Replies: 0
» Views: 312

 
  Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account.
This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place

https://thehackernews.com/2023/09/outloo...s-how.html

Print this item

  Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks.
Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.
"It is likely that this

https://thehackernews.com/2023/09/mirai-...jacks.html

Print this item

  Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attac
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attac

Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems.
The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database.
Outside of these

https://thehackernews.com/2023/09/alert-...ities.html

Print this item

  The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity expertise and the lucrative opportunities for MSPs and MSSPs in vCISO services.
Figure 1: Timeline for offering vCISO services
The State of the Virtual CISO Survey Report

https://thehackernews.com/2023/09/the-st...eport.html

Print this item

  Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author.
An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

https://thehackernews.com/2023/09/mac-us...paign.html

Print this item

  CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems.
“Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized

https://thehackernews.com/2023/09/cisa-w...ckers.html

Print this item

  North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines.
The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge

https://thehackernews.com/2023/09/north-...o-day.html

Print this item

  Protecting Your Microsoft IIS Servers Against Malware Attacks
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Protecting Your Microsoft IIS Servers Against Malware Attacks

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments. 
Recently, a

https://thehackernews.com/2023/09/protec...rvers.html

Print this item

  Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition.
The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks

https://thehackernews.com/2023/09/cisco-...x-for.html

Print this item

  Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
Posted by: The Hacker News - 09-11-2023, 04:21 AM - Forum: The Hacker News - No Replies

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware.
The issues are described as below -

CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.
CVE-2023-41064

https://thehackernews.com/2023/09/apple-...flaws.html

Print this item