HackDig : Dig high-quality web security articles

A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03

In 2020, a photo of a woman sitting on a toilet—her shorts pulled half-way down her thighs—was shared on Facebook, and it was shared by someone whose job it was to look at that photo and, by labeling the objects in it, help train an artificial intelligence system for a vacuum. Bizarre? Yes. Unique? No.  In December, MIT Technology 
Publish At:2023-01-30 22:15 | Read:11424 | Comments:0 | Tags:Podcast

Update your LearnPress plugins now!

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site o
Publish At:2023-01-30 22:15 | Read:12779 | Comments:0 | Tags:News wordpress learnpress vulnerability SQL injection update

Riot Games refuses to pay ransom to avoid League of Legends leak

After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a ransom email. Needless to say, we won’t pay.While
Publish At:2023-01-30 22:15 | Read:14975 | Comments:0 | Tags:News Riot Games 2K Games Rockstar Games social engineering p

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with malware right out of the box! Immediately, I recognized some of
Publish At:2023-01-30 22:15 | Read:14778 | Comments:0 | Tags:Android Threat Intelligence

Cybercrime job ads on the dark web pay up to $20k per month

Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves.In a new report by Kaspersky, which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT gro
Publish At:2023-01-30 20:11 | Read:25900 | Comments:0 | Tags:Security cybercrime cyber

KeePass disputes vulnerability allowing stealthy password theft

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text.KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than
Publish At:2023-01-30 20:11 | Read:38796 | Comments:0 | Tags:Security Vulnerability

Porsche halts NFT launch, phishing sites fill the void

Porsche cut its minting of a new NFT collection short after a dismal turnout and backlash from the crypto community, allowing threat actors to fill the void by creating phishing sites that steal digital assets from cryptocurrency wallets.NFTs (not-fungible tokens) are digital assets stored on a blockchain, representing proof of authenticity and ownership of
Publish At:2023-01-30 20:11 | Read:20738 | Comments:0 | Tags:Security CryptoCurrency

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inje
Publish At:2023-01-30 19:47 | Read:38373 | Comments:0 | Tags:Breaking News Internet of Things Security Hacking informatio

JD Sports discloses a data breach impacting 10 million customers

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The company discovered unauthorized access to a server that contained data
Publish At:2023-01-30 18:35 | Read:23367 | Comments:0 | Tags:Breaking News Data Breach Hacking Cybercrime data breach hac

QNAP fixes critical bug letting hackers inject malicious code

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.The vulnerability is tracked as CVE-2022-27596 and rated by the company as 'Critical' (CVSS v3 score: 9.8), impacting QTS 5.0.1 and QuTS hero h5.0.1 versions of the operating
Publish At:2023-01-30 16:13 | Read:22809 | Comments:0 | Tags:Security hack

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.So far, GitHub has found no evidence that the password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used
Publish At:2023-01-30 16:13 | Read:22566 | Comments:0 | Tags:Security hack

Shady reward apps on Google Play amass 20 million downloads

A new category of activity tracking applications has been having massive success recently on Google Play, Android's official app store, having been downloaded on over 20 million devices.The applications promote themselves as health, pedometer, and good habit-building apps, promising to give users random rewards for staying active in their daily lives, reachi
Publish At:2023-01-30 12:15 | Read:29341 | Comments:0 | Tags:Security Google Mobile

U.S. No Fly list shared on a hacking forum, government investigating

A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum.BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server.No Fly list made publicThis month, Swiss hacker maia arson crimew (formerly Tillie K
Publish At:2023-01-30 12:15 | Read:33633 | Comments:0 | Tags:Security hack

JD Sports says hackers stole data of 10 million customers

UK sports apparel chain JD Sports is warning customers of a data breach after a server was hacked that contained online order information for 10 million customers.In data breach notices shared by affected customers, the company warns that the "attack" exposed customer information for orders placed between November 2018 and October 2020. JD Sports says i
Publish At:2023-01-30 12:15 | Read:27017 | Comments:0 | Tags:Security hack

Identity Reveal: Threat Actor Behind Golden Chicken Malware Service Exposed

Researchers have identified the real-world identity of the threat actor behind Golden Chickens Malware-as-a-Service (MaaS), known as “badbullzvenom.”A 16-month-long investigation by eSentire’s Threat Response Unit revealed multiple instances of the badbullzvenom account being shared between two individuals.The second threat actor, Frapstar,
Publish At:2023-01-30 12:10 | Read:29720 | Comments:0 | Tags:Cybersecurity News

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud

Friend Links