Hacking – Page 2 – WindowsTechs.com

Perfectl Malware

Posted on October 14, 2024 by Bruce Schneier

Perfectl in an impressive piece of malware:

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools. A signature characteristic of Perfctl is its use of process and file names that are identical or similar to those commonly found in Linux environments. The naming convention is one of the many ways the malware attempts to escape notice of infected users…

Continue reading Perfectl Malware→

Internet Archive’s The Wayback Machine hacked

Posted on October 11, 2024 by AshishMohta@TWC

The Internet Archive’s Wayback Machine suffered a significant data breach! Hackers apparently stole a huge database containing information from 31 million users. Internet Archive The Wayback Machine hacked Some visitors noticed a pop-up on archiv… Continue reading Internet Archive’s The Wayback Machine hacked→

Internet Archive (Archive.Org) Hacked: 31 Million Accounts Compromised

Posted on October 10, 2024 by Waqas

Internet Archive suffered a massive cyberattack, leading to a data breach where 31 million user records were stolen… Continue reading Internet Archive (Archive.Org) Hacked: 31 Million Accounts Compromised→

Credit monitoring and supply chain risk company hacked

Posted on October 8, 2024 by Christian Vasquez

The unknown hackers accessed CreditRiskMonitor employee data but not customer personal information, the company said.

The post Credit monitoring and supply chain risk company hacked appeared first on CyberScoop.

Continue reading Credit monitoring and supply chain risk company hacked→

China Possibly Hacking US “Lawful Access” Backdoor

Posted on October 8, 2024 by Bruce Schneier

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers…

Continue reading China Possibly Hacking US “Lawful Access” Backdoor→

Major U.S. water company hit by cyberattack

Posted on October 7, 2024 by Christian Vasquez

American Water Works Company said there does not appear to be any impact to water services.

The post Major U.S. water company hit by cyberattack appeared first on CyberScoop.

Continue reading Major U.S. water company hit by cyberattack→

Weird Zimbra Vulnerability

Posted on October 3, 2024 by Bruce Schneier

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit reliably.

In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:

While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
…

Continue reading Weird Zimbra Vulnerability→

British National Arrested, Charged for Hacking US Companies

Posted on September 30, 2024 by Ionut Arghire

UK national Robert Westbrook was charged in the US for executing a hack-to-trade scheme against five public companies.
The post British National Arrested, Charged for Hacking US Companies appeared first on SecurityWeek.
Continue reading British National Arrested, Charged for Hacking US Companies→

Hacking the “Bike Angels” System for Moving Bikeshares

Posted on September 23, 2024 by Bruce Schneier

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money.

At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater. Each rider used his own special blue key -- a reward from Citi Bike— to unlock a bike. He rode it one block east, to Seventh Avenue. He docked, ran back to Broadway, unlocked another bike and made the trip again…

Continue reading Hacking the “Bike Angels” System for Moving Bikeshares→

Hackers Claim Second Dell Data Breach in One Week

Posted on September 22, 2024 by Waqas

Another day, another claim of Dell data breach! Continue reading Hackers Claim Second Dell Data Breach in One Week→