When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
Source: https://arxiv.org/abs/2404.08144
To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).
#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity
#hack #security #news #problem
♲ Digital Angel - 2024-04-04 23:15:13 GMT
#IBIS hotel check-in terminal keypad-code leakagesource: https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
However, when entering a '------' as booking ID, the check-in terminal lists other people's bookings and keypad codes.
Im digitalen Zeitalter gehört hybride Kriegsführung zum Geschäft. Das kommt nun auch in Deutschlands Armee an.#Bundeswehr #NancyFaeser #BorisPistorius #Hack #Digital #Deutschland #Politik
Neue Bundeswehrstruktur: Cyberabwehr in Uniform
However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.
source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and
the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed;
„Der Schlüssel der Hacks in Autos liegt im sogenannten CAN-Bus-System, das das elektronische Herz der Connected Cars darstellt. #CAN heißt Controller Area Network und meint ein örtlich begrenztes Steuergeräte-Netzwerk. Die CAN-Bus-Schnittstelle regelt die gesamte Datenübertragung und #Elektronik in komplex ausgerüsteten Kraftfahrzeugen. Einfach ausgedrückt können sich die angeschlossenen vernetzten Steuergeräte des Autos über die Leitungen unterhalten und Informationen austauschen. Und das passiert heute in modernen Autos schon oft kabellos per #Bluetooth oder #WLAN, da die Kabelbäume zu dick und der Kabelwald nicht mehr zu
durchschauen und zu warten wäre. Und das ist genau unsere hervorragende Chance, in das CAN-Bus-System des jeweiligen Autos
einzudringen – per #Mobilfunk, #Internet und #GPS. Haben wir uns dann erst einmal in diese Steuerungseinheit eingeloggt, können wir fast alles im jeweiligen Auto beeinflussen, von den Lichtern angefangen über das Navi bis hin zu den Bremsen. Nur ferngesteuert fahren können wir noch nicht“, lachte Mister Yang, den diese unvorstellbaren Möglichkeiten selbst immer wieder begeisterten und schwärmen ließen.
„Faszinierend wirklich, ich bin sehr beeindruckt, Mister Yang“, sagte Professor Linda Henderson, die mit ihren mittlerweile doch schon 69 Jahren das älteste Mitglied des Gremiums war. Trotz ihrer unglaublichen Berufserfahrung in den Führungsriegen von #Microsoft, #Amazon und #Facebook war die Professorin für #Informationstechnologie begeistert von den technischen Eingriffen ihres Kollegen in Autos auf der ganzen Welt, egal wie weit diese entfernt waren. „Die Welt ist mittlerweile ja wirklich nur noch ein Dorf durch das
Internet, 5G und natürlich auch aufgrund von fast 10.000 Satelliten, die sogar das Nummernschild eines Autos aus dem All erkennen können. Schon jetzt sieht man nachts viel mehr Satellitenpunkte am Himmel als Flugzeuge, und bis 2050 sollen es sogar schon 30.000 #Satelliten sein, auch dank Meister Elon #Musk“, dachte Professor Henderson fasziniert bei sich und verließ den Raum des Hacker-Teams.
zum #Roman: https://tempsend.com/yycjn
#sicherheit #Technologie #hack #hacker #Verkehr #Auto #Software #Hardware #Kontrolle #Zukunft
source: https://www.theinformation.com/articles/microsoft-security-breaches-rile-u-s-government-customers
Microsoft became the world’s biggest seller of cybersecurity software by bundling it with Office and Teams apps. But after a series of hacks exploited that software in the past year, several of Microsoft’s biggest customers are considering whether their reliance on Microsoft’s #software bundle puts their security at risk.
The clearest sign that Microsoft may face real consequences for its security lapses can be seen in #Washington. After the company disclosed last summer that Chinese hackers had broken into customers’ systems, including the U.S. State Department’s, the agency began to move its stored data into servers of other cloud providers such as #Amazon Web Services and #Google #Cloud, according to a technical adviser to the agency and an executive at one of the rival companies. And the agency has been discussing possible bigger cloud deals with those rivals, these people said.
Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database (NVD), the world's most widely used software vulnerability database.
Source: https://www.infosecurity-magazine.com/news/nist-vulnerability-database/
#nvd #usa #security #software #problem #exploit #hack #bug #news #cybersecurity
Source: https://research.aurainfosec.io/pentest/git-rotate/
Despite advancements in #cybersecurity, #password #spraying attacks remain a prevalent and effective technique for attackers attempting to gain unauthorised access to #cloud - based infrastructure and web applications by targeting their login portals. Password spraying involves attempting a small number of common passwords against a large number of usernames. This makes it difficult for #security systems to detect and mitigate as they often avoid common protections such as #account lockout policies by avoiding rapid or repeated login attempts for a single account. Attackers can easily obtain lists of commonly used passwords or use automated tools to generate potential passwords, increasing the likelihood of success.
Watch: https://www.youtube.com/watch?v=r1vBAjuT6L8
#sqlInjection #hack #hacker #knowledge #news #security #exploit
Even after Microsoft patched the #vulnerability last month, the company made no mention that the North Korean threat group #Lazarus had been using the vulnerability since at least August to install a stealthy #rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for #malware that had already gained administrative system rights to interact with the Windows #kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.
#software #news #security #cybercrime #bug #exploit #0day #fail #economy #problem #politics #hack #Hackers #trust #risk
Source: https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/
I wonder if this is not the breaking point of our system? When well-educated people prefer to develop ransomware instead of working for the common good because the system doesn't offer them better prospects.
#technology #news #security #cybercrime #internet #society #system #question #capitalism #future #problem #economy #finance #hack #Hackers #money
source: https://techcrunch.com/2024/02/28/anycubic-users-3d-printers-hacked-warning/?guccounter=1
Ouyang said in an email to TechCrunch: “We are investigating very carefully. There will be an official announcement very soon,” but did not comment further.
“Disconnect your printer from the internet until anycubic patches this issue,” the text file reads.
#news #3dprinter #hack #hacker #warning #software #problem #technology #vulnerability
Eine zentrale Frage bleibt allerdings unbeantwortet: Wie kann man so dämlich sein ins Badezimmer eine #Webcam einzubauen? Mir fällt kein Szenario ein wo dies sinnvoll sein könnte.
Hier zum Film: https://www.youtube.com/watch?v=WTn5ow9l5UM
Dass der Hacker alles unverschlüsselt offline auf USB-Sticks speichert und nicht verschlüsselt in der Cloud scheint auch eher, einem uninformiertem Drehbuchauthor ensprungen zu sein.
#film #hack #hacker #Erpressung #sicherheit #CyberSecurity #cybercrime #entertainment
