Hacking

bulletproof

Gamers risk getting played by hackers

If you’re in your mid-twenties or beyond, you will be familiar with people at family gatherings saying ‘remember when we didn’t have all these gadgets, and we used to actually talk to each other?’ The answer to this is ‘no’ – the level of conversation has remained largely unchanged, it’s just now we have gadgets and gizmos to occupy our attention during these moments of strained silence. I put it down to the Mandela effect.

nnt

European Central Bank Website Hacked

The European Central Bank (ECB) had to shut down one of its websites after it was hacked and infected with malicious software. ECB said the compromised site was on its Banks’ Integrated Reporting Dictionary (BIRD) which provides bankers with information on how to produce statistical and supervisory reports. An EBC spokesman also added that the sever hosting the site contained email addresses, names and titles of the subscribers of the BIRD newsletter which might have been stolen.

netskope

Defcon Cloud Village - Phishing in the Cloud Era

The DEFCON27 computer security conference is one of the world’s largest and reputed hacker conventions that will be held from August 8th to August 11th in Las Vegas, Nevada. This event consists of workshops and village tracks from distinguished professionals on cyber-security challenges. We were super thrilled to present our research findings in the Cloud village track on “Phishing in the Cloud Era”.

cloudsploit

A Technical Analysis of the Capital One Hack

The recent disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information made the headlines this past week. This particular incident came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what may have transpired leading up to the loss of over 100 million credit card applications and 100 thousand social security numbers.

detectify

Anne-Marie Eklund Lwinder: "I was good at making others' code stop running very early on."

She’s the CISO of The Internet Foundation of Sweden (IIS) and one of 14 trusted individuals to hold a Key to the Internet, which means the DNSSEC key generation for the internet root zone. Anne-Marie Eklund Löwinder is also one of the few Swedes who have been inducted into the Internet Hall of Fame.

websitepulse

Poor Web Hosting and Maintenance Leads to Hacking

Many individuals feel accomplished after owning a business website; so much so that they even forget to set up security defenses around it. On the other hand, most of the people deliberately skip this step because why would hackers hack small-scale business models, right? You would be surprised to learn that 43% of hackers target small businesses. Besides, 60% of small-scale companies go out of business within six months of a cyberattack.

nnt

Beware of Phishing Scams during Amazon Prime Day

Amazon Prime Day is in full effect and so are hackers working on elaborate phishing scams targeting Amazon shoppers. Amazon announced that over one million items will be discounted on July 15 and 16, leaving bargain shoppers racing to buy. But while shoppers are busy searching for the best deals on this Prime Day, malicious actors are looking to scam. McAfee reported a popular phishing kit, 16Shop, recently shifted its attention to Amazon.

detectify

Lerhan: Bypassing IDOR protection with URL shorteners

Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and found a way in through bug bounty programs. As an ethical hacker, he is naturally curious in security testing vendors which he is buying from and this time it led to bypassing IDOR protection using URL shorteners. In the following guest blog, he describes this security flaw that led him to access new client contracts on Jazztel’s platform.