If PostScript is the printer driver, the printer is vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers here. The bugs range from attackers exfiltrating copies of what’s sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets. The work from the University Alliance Ruhr landed Read more about PostScript printers extremely vulnerable outside of the network[…]

“Hmm, what is that unauth.cgi thingy? and what does that id number mean?”, I thought to myself. Luckily for me the Internet connection had come back on its own, but I was now a man on a mission, so I started to look around to see if there were any known vulnerabilities for my VEGN2610. Read more about Bypassing Authentication on NETGEAR Routers[…]

Some 35,000 mostly Amazon Web Services ElasticSearch servers are open to the internet and to ransoming criminals, Shodan boss John Matherly says. So far more than 360 instances have had data copied and erased, held to ransom using the same techniques that blitzed tens of thousands of MongoDB servers this week. Affected ElasticSearch administrators are Read more about MongoDB hackers now sacking ElasticSearch[…]

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers.The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to.Switcher brute-forces access to the network’s router and then changes its Read more about New Android-infecting malware brew hijacks devices and then attacks your wifi router[…]

Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history. The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months Read more about Yahoo Suffers World’s Biggest Hack Affecting 1 Billion Users ub 2013[…]

Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. Source: Exclusive: SWIFT confirms new cyber Read more about SWIFT confirms 1/5th of cyber attacks get through, steal money.[…]

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham’s series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Note: it was Read more about Surveillance camera compromised in 98 seconds[…]

hree has suffered a massive data breach in which the personal information and contact details of millions of customers could have been accessed. It is believed to one of the largest hacks of its kind to affect people living in Britain. Here’s everything you need to know about the hack. What happened? UK-based cyber criminals Read more about Three Mobile hack: millions of UK customers breached[…]

An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not Read more about Enter 30 to shell: Cryptsetup Initram Shell / instant access to encrypted linux machines[…]

Bangladesh’s central bank hopes to retrieve $30 million more of the $81 million stolen from its account at the New York Federal Reserve in February, two bank officials said on Monday. Hackers used stolen Bangladesh Bank credentials to try to send three dozen SWIFT messages to transfer nearly $1 billion from its Fed account. They Read more about Bangladesh hopes to recover $30 million more from $81m cyber heist[…]

Adultfriendfinder.com 339,774,493 users “World’s largest sex & swinger community” Cams.com 62,668,630 users “Where adults meet models for sex chat live through webcams” Penthouse.com 7,176,877 users Adult magazine akin to Playboy Stripshow.com 1,423,192 users Another 18+ webcam site iCams.com 1,135,731 users “Free Live Sex Cams” Unknown domain 35,372 users Total: 412,214,295 aff Source: AdultFriendFinder was hacked Read more about AdultFriendFinder was hacked, together with affiliates. 400m users data out there[…]

Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING command like “ping -t [target]”? This type of attack was only successful if the victim was on a dial-up modem connection. However, it turns out that a similar form of ICMP flooding can still be Read more about BlackNurse: Ping of death is back, DoS using only a laptop[…]

With proof of concept. Of course, this requires “hacking” the originating bot back and only works if the bot is running over http, but still, better than nothing. Source: Invincea Labs

An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others. The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the Read more about DNS devastation: Top websites whacked offline as Dyn dies again[…]

Avtech is the second most popular search term in Shodan. According to Shodan, more than 130.000 Avtech devices are exposed to the internet. That’s because there are 14 serious unpatched vulnerabilities, the guide in the link goes through. Ensure the admin interface is not exposed to the internet, change the default admin password if you Read more about Avtech devices 14 serious unpatched vulnerabilities[…]

Online skimming is a new form of card fraud. In November 2015, the first case was reported. Upon investigating, I scanned a sample of 255K online stores globally and found 3501 stores to be skimmed. It is now ten months later. Are the culprits in jail yet? Not quite, here are the numbers of compromised Read more about 69% increase in hacked online stores stealing your credit card details from 2015[…]

VIDEO Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks Read more about Hackers hijack Tesla Model S from afar, while the cars are moving, control is scary[…]

The answer is simpler than you might think: The defense of an innocent, learning disabled, 15-year-old girl. In the criminal complaint, she’s called “Patient A,” but to me, she has a name, Justina Pelletier. Boston Children’s Hospital disagreed with her diagnosis. They said her symptoms were psychological. They made misleading statements on an affidavit, went Read more about Why I Knocked Boston Children’s Hospital Off The Internet: A Statement From Martin Gottesfeld[…]

The Russian government “directed the recent compromises of emails from US persons and institutions,” the US Department of Homeland Security and the Office of the Director of National Intelligence said on Friday, an accusation that gives formal recognition to a claim previously voiced through unnamed sources. In late July, The New York Times reported that Read more about US govt straight up accuses Russia of hacking DNC emails[…]

The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads that hijacked browsers on macOS and Linux systems. We’re told the ads caused the computers’ default browsers to open up dodgy websites that Read more about Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality[…]

The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are Read more about 152k cameras in 990Gbps record-breaking dual DDoS[…]

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and Read more about Yahoo suffers largest leak of all time: 550m users[…]

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba. The magazine first thought that the sheer volume of interest in its scoop was the cause for Read more about Criticize Donald Trump, get your site smashed offline from Russia[…]

systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over /run/systemd/notify. This allows a local user to perform a denial-of-service attack against PID 1.Proof-of-concept:NOTIFY_SOCKET=/run/systemd/notify systemd-notify “” Source: Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHub