RSS ze světa hackingu

The FBI just saved the Christmas. The U.S. Justice Department announced earlier today that the FBI has seized domains of 15 "DDoS-for-hire" websites and charged three individuals running some of these services. DDoS-for-hire, or "Booter" or "Stresser," services rent out access to a network of infected devices, which then can be used by anyone, even the least tech-savvy individual, to launch …

The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be members of a state-sponsored …

A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system. SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them. The …

Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google's Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE …

Another day, another data breach. This time it's the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency's servers was hacked. In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed …

Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack. In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information. The impacted …

Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their …

Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a …

Facebook's latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users' private photos which they never shared on their timeline, including images uploaded to …

Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia's largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, …