Security News

Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord serverOffensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Cisco has been hacked by a ransomware gangU.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.

"A simple way to send a piece of shit in a box around the world," ShitExpress describes what is a prank web service where customers can purchase and deliver real animal feces to friends or frenemies located anywhere in the world. Co hacking forum and a well-known hacker who has previously stolen private data from companies like QuestionPro and Mangatoon.

"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10.

A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat. Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal-or satellite dish people use to access the system - that allowed him to break into the dish and explore the Starlink network from there, he revealed in a presentation called "Glitched on Earth by Humans" at the annual ethical hacker conference this week.

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. According the Talos analysts, the attackers started by gaining control of a Cisco employee's personal Google account.

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee's Google account. "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos in a lengthy breakdown of the attack.

Statistics collected by cyber-intelligence firm KELA during this year's second quarter show that marketplaces selling initial access to corporate networks have taken a blow. The average price for network access in the recent quarter was only $1,500, whereas, in Q1 '22, access to networks was sold at an average of $3,000, dropping the price by half.

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. Last week, the threat actor behind the Cisco attack emailed BleepingComputer a directory listing of files allegedly stolen during the attack.

Email marketing firm Klaviyo suffered a data breach on August 3rd. Hackers gained access to internal systems after stealing an employee's credentials via a phishing attack. Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.

Thousands of GitHub repositories were forked with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.