Gallia – Extendable Pentesting Framework

gallia hacking

Gallia is an extendable pentesting framework with a focus on the automotive domain. The scope of Gallia is conducting penetration tests from a single ECU up to whole cars, with the main focus on the UDS interface. Taking advantage of this modular design, the logging and archiving functionality was developed separately. Acting as a generic … Read more

Pegasus malware was used to attack Spanish Prime Minister Pedro Sánchez’s phone

Pegasus-smartphone-01

The Pegasus spying malware was used to hack the smartphones of Spain’s prime minister and minister of defense, according to the Madrid government. That’s the first verified use of the eavesdropping software against a current head of state. Last year, the phones of Prime Minister Pedro Sánchez and Defense Minister Margarita Robles were illegally hacked … Read more

PostgreSQL Databases Exposed to Customers Due To A Microsoft Azure Vulnerability

Azure-database-vulnerability

Microsoft fixed two problems with the Azure Database for PostgreSQL Flexible Server on Thursday, which may lead to an illegal cross-account SQL database in a territory. “A malicious user might circumvent authentication to get access to other customers’ databases by leveraging an elevated rights flaw in the Flexible Server authentication procedure for a replication user,” … Read more

A Bug In RainLoop Webmail Gives Hackers Access To All Emails

The open-source RainLoop web-based email client contains an unpatched high-severity security flaw that might be used to steal emails from users’ inboxes. In a study published this week, SonarSource security researcher Simon Scannell stated, “an attacker may simply exploit the code vulnerability by sending a malicious email to a target that uses RainLoop as a … Read more

5 Ways To Secure Your Online Privacy

Online-Privacy-01

Internet consumers have become increasingly conscious of how their data can be used in recent years. Online privacy has become a hot-button issue. There are several advantages to using online services, such as convenience and data-driven tailored experiences. We must also address concerns surrounding privacy. When we share information online, there is a danger that … Read more

Hackers insert the ‘More Eggs’ malware into resumes sent to hiring managers at corporations

cv-01

A year after fake job offers attracted potential LinkedIn job searchers, a fresh wave of phishing attempts targeting corporate recruiting supervisors with the more eggs virus has been uncovered, employing fake resumes as an infection vector. “This year, the more eggs operation has inverted the social engineering script, targeting hiring managers with fake resumes rather … Read more

ESET Discovers UEFI Flaws in Popular Lenovo Laptops

lenovo-laptop-01

Do you own a Lenovo laptop? According to the most recent batch of vulnerabilities discovered by ESET security experts, you may need to undertake some quick patching. Today, three vulnerabilities were discovered: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The last two are especially aggravating since they are associated with UEFI firmware drivers used throughout the manufacturing process … Read more

Hackers Taking Advantage of a Recently Discovered Windows Print Spooler Vulnerability

printer-01

A security hole in Microsoft’s Windows Print Spooler component, which was fixed in February, is still being actively abused in the wild, according to the US Cybersecurity and Infrastructure Security Agency (CISA). As a result, the agency has added the weakness to its Known Exploited Vulnerabilities Catalog, requiring FCEB agencies to fix the issues by … Read more

IcedID Malware used in a new hacking campaign targeting the Ukrainian government

malware-image-laptop-01

CERT-UA, Ukraine’s Computer Emergency Response Team, has issued a warning about a new wave of social engineering attacks that exploit IcedID malware and Zimbra vulnerabilities to steal sensitive data. According to the CIA, the IcedID phishing assaults are tied to a threat cluster known as UAC-0041. The infection begins with a simple email attachment containing … Read more

Beanstalk hack highlights the dangers of a malicious governance proposal

beanstalk-01

On April 17th, Beanstalk Farms, an Ethereum-based Defi system, was hacked to the tune of $182 million. PeckShield, a blockchain security startup, was the first to notice the robbery and estimated that the attacker took at least $80 million in cryptocurrency, however, the protocol’s losses were significantly higher. On its Discord server, Beanstalk provided a … Read more

Hackers used stolen OAuth access tokens to breach organizations

github-oauth-tokens-01

On Friday, GitHub, an open-source software hosting site, said that it had uncovered evidence of an unknown attacker illegally acquiring sensitive data from several organizations using stolen OAuth user credentials. “An attacker utilized stolen OAuth user credentials given to two third-party OAuth integrators, Heroku and Travis-CI, to access data from a variety of organizations, including … Read more

Google Removes Apps For Covertly Copying Contact Information

apps-playstore-smartphone-01

Google has removed apps that were found to be covertly copying contact information. More than a dozen applications have been withdrawn from Google’s Play Store after it was discovered that they had malicious code that collected people’s geolocation, telephone numbers, and email addresses. A QR code scanner, a weather app, and Muslim prayer applications are … Read more

Popular Hacking Forum Raidforums Seized By The FBI

cyber-crime-01

US and foreign law enforcement officials have taken control of a popular website where hackers have marketed data stolen from American individuals and corporations, the latest in a long-running effort to crack down on forums where cybercriminals gather. According to a notice put on RaidForums’ home page on Tuesday, “this domain has been seized” by … Read more

Meta Says Hacking Group Sent Bogus Ukrainian Surrender Messages

hacker-110

According to a recent security investigation by Meta, a Belarus-aligned hacking group attempted to get access to Ukrainian military personnel’s Facebook accounts and broadcast videos calling for the Ukrainian army to surrender using hijacked accounts. The hacking attack, dubbed “Ghostwriter” by security researchers, was carried out by a group known as UNC1151, which according to … Read more

Does College Degree Matter in Cybersecurity?

college-degree-cyber-sec-01

Cyber security is one of the vital elements of the modern world dominated by computer and digital technology. At the same time, it’s one of the most demanded areas of computer science, with cyber security specialists earning quite considerable amounts. At the same time, such a specialist must walk the path of a true computer … Read more