HackDig : Dig high-quality web security articles

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find sof
Publish At:2022-07-04 20:00 | Read:108 | Comments:0 | Tags:Reports bug bounty disclosure HackerOne insider threat rzlr

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14

When Lock and Code host David Ruiz talks to hackers—especially good-faith hackers who want to dutifully report any vulnerabilities they uncover in their day-to-day work—he often hears about one specific law in hushed tones of fear: the Computer Fraud and Abuse Act. The Computer Fraud and Abuse Act, or CFAA, is a decades-old hacking law in the United Stat
Publish At:2022-07-04 16:02 | Read:117 | Comments:0 | Tags:Podcast cfaa Computer Fraud and Abuse Act Department of Just

Hacker claims to have stolen data on 1 billion Chinese citizens

Image: Xiangkun ZHU/BleepingComputerAn anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).The announcement was posted on a hacker forum by someone using the handle 'ChinaDan,' saying that the information was
Publish At:2022-07-04 13:46 | Read:92 | Comments:0 | Tags:Security hack

UK Army’s Twitter, YouTube accounts hacked to push crypto scam

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday.Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.The YouTube account was seen airing "Ark Invest" live streams featuring an older Elon Musk clip to mislead users into visiting
Publish At:2022-07-04 09:48 | Read:130 | Comments:0 | Tags:Security hack

Privacy Protection Agency Seizes Hacked Travel Company’s Servers

The Privacy Protection Body is the Israeli regulatory and enforcement authority for personal digital information. This authority is responsible for ensuring compliance with the law. The authority is in charge of ensuring the safety of any personally identifiable information that is stored in digital databases.This rule applies to all organizations in Israel,
Publish At:2022-07-04 09:43 | Read:81 | Comments:0 | Tags:Cybersecurity News hack

Unfaithful HackerOne employee steals bug reports to claim additional bounties

Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation s
Publish At:2022-07-04 06:02 | Read:119 | Comments:0 | Tags:Breaking News Cyber Crime Security HackerOne Hacking hacking

Privacy protection agency seizes servers of hacked travel company

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.At least 10 websites managed by Gol Tours LTD in Israel have been been shut down following a notification from the agency about fixing th
Publish At:2022-07-03 17:56 | Read:85 | Comments:0 | Tags:Security hack

Verified Twitter accounts hacked to send fake suspension notices

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials.Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.To receive the verified 'blue badge,' Twi
Publish At:2022-07-02 13:46 | Read:193 | Comments:0 | Tags:Security hack

Rogue HackerOne employee steals bug reports to sell on the side

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of disclosures,” the company said on Friday.HackerOne is a platform for coordinati
Publish At:2022-07-02 13:46 | Read:225 | Comments:0 | Tags:Security hack

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed nota
Publish At:2022-07-01 11:10 | Read:209 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Hacking Malware 8220 ha

Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE

A blog post published by Google’s Threat Analysis Group on Thursday describes the activities of hack-for-hire gangs in Russia, India and the United Arab Emirates.The internet giant has added more than 30 domains used by these threat groups to its Safe Browsing mechanism, which prevents users from accessing them.Hack-for-hire groups are often conflated with e
Publish At:2022-07-01 08:05 | Read:131 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Phishing Cybercrime hack

Pro-Russian hackers launched a massive DDoS attack against Norway

Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s most important websites and online services were taken down by a massive DDoS attack conducted by a pro-Russian group. NS
Publish At:2022-07-01 05:26 | Read:119 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Cyber Spetsnaz DDoS hack

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and no
Publish At:2022-06-30 16:13 | Read:143 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Experts blame North Korea-linked Lazarus APT for the Harmony hack

North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. 
Publish At:2022-06-30 14:10 | Read:130 | Comments:0 | Tags:APT Breaking News Digital ID Hacking hacking news informatio

Russian hacktivists take down Norway govt sites in DDoS attacks

Norway's National Security Authority (NSM) published a statement yesterday warning that some of the country's most important websites and online services are being rendered inaccessible due to distributed denial of service (DDoS) attacks.The statement further explains that a criminal pro-Russian group is believed to be behind the attacks.DDoS attacks ar
Publish At:2022-06-30 13:46 | Read:244 | Comments:0 | Tags:Security DDOS hack

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3