Security News

As we all know, there are many ways that attackers with time, patience and the gift of the gab can persuade even a well-informed and well-meaning user to help them bypass the security processes that are supposed to keep them out. Typically, attackers will deliberately look for and use known security vulnerabilities internally, even though they couldn't find a way to exploit them from the outside because the defenders had taken the trouble to protect against them at the network perimeter.

Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. Nothing of this has yet been officially confirmed by Uber - the company continues to point to a terse statement on Twitter: "We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available."

Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password.

Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website.A credential stuffing attack is when threat actors use email addresses/usernames and password combinations obtained from data breaches to attempt to hack into user accounts on other websites.

Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information.After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.DDoS protection screens are commonplace on the internet, protecting sites from bots that ping them with bogus requests, aiming to overwhelm them with garbage traffic.

CS.MONEY, one of the largest platforms for trading CS:GO skins, has taken its website offline after a cyberattack allowed hackers to loot 20,000 items worth approximately $6,000,000. It supports a vibrant virtual economy with weapon skins of varying rarity and desirability, which led to the creation of trading sites that use the Steamworks API to allow players to trade skins with each other.

Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord serverOffensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Cisco has been hacked by a ransomware gangU.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.

"A simple way to send a piece of shit in a box around the world," ShitExpress describes what is a prank web service where customers can purchase and deliver real animal feces to friends or frenemies located anywhere in the world. Co hacking forum and a well-known hacker who has previously stolen private data from companies like QuestionPro and Mangatoon.

"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10.