#1 Most trusted publication for breaking cybersecurity and hacking news, insights, and analysis for information security professionals.
7 subscribers
Dec 16, 2020 • 6 tweets • 4 min read
BREAKING 🔥
New evidence suggests #SolarWinds hackers likely compromised the software build infrastructure of Orion platform & added malicious code, which was then eventually delivered within new updates that the company compiled, signed, and delivered.
thehackernews.com/2020/12/new-ev…
SolarWinds attackers mimic the software developers' coding style and naming standards to blend in their malicious code with the rest of the code.
Dec 14, 2020 • 4 tweets • 4 min read
⚠️URGENT⚠️
Hackers exploit #Solorigate supply-chain backdoor in #SolarWinds enterprise monitoring software to breach US Treasury, Commerce Department, other government agencies, and cybersecurity firm #FireEye.
#infosec#cybersecurity#sysadmin
Citing unnamed sources, media said the latest cyberattacks against #FireEye and U.S. government agencies were the work of Russian state-sponsored #APT29 or Cozy Bear #hacking group.
Jul 15, 2020 • 10 tweets • 5 min read
🔥 WATCH OUT 🔥
Many popular #cryptocurrency-related verified Twitter accounts got simultaneously compromised and tweeted an identical "Crypto For Health" #SCAM message.
Hacked people and organizations include Gemini, #Binance, Binance's CEO, #Coinbase, CoinDesk, and KuCoin.
Elon Musk's account has also been compromised, tweeting a similar cryptocurrency scam.
A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.
#infosec
Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.
A new unpatched #vulnerability — dubbed Strandhogg — in Android could let malicious apps take extensive control over your device & steal your login credentials.
Dozens of apps are already exploiting this flaw in the wild. @Swati_THN 1) #Phishing Attacks:
#Strandhogg task hijacking vulnerability can be exploited to display a fake user interface (UI) while tricking users into thinking they are using a legitimate app, making it easy for the malware to steal their credentials using spoofed login interfaces.
Jun 4, 2019 • 6 tweets • 4 min read
New Unpatched Bug Could Allow Client-Side Attackers to Bypass #Windows Lock Screen On RDP Sessions
All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear
Starting with Windows 10 1803 and #Windows Server 2019, this flaw exists when login over #RDP requires the clients to authenticate with Network Level Authentication, an option that #Microsoft recently recommended as a workaround against the critical #BlueKeep RDP vulnerability.
Mar 17, 2019 • 8 tweets • 3 min read
EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites
(story coming shortly, stay tuned)
[ROUND 4] List of breached sites:
1) Youthmanual — Indonesian college and career platform 2) GameSalad — Online learning platform 3) Bukalapak — Online Shopping Site 4) Lifebear — Japanese Online Notebook 5) EstanteVirtual — Online Bookstore 6) Coubic — Appointment Scheduling