Hacking and Software - Cyber Security Informer

Hacking Digital License Plates

Schneier on Security

DECEMBER 17, 2024

. […] Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display.

Firmware

Firmware Hacking Software

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. But a review of this Araneida nickname on the cybercrime forums shows they have been active in the criminal hacking scene since at least 2018.

Hacking

Hacking Cybercrime Advertising Data breaches

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

Hacking Automobile Keyless Entry Systems

Schneier on Security

OCTOBER 17, 2022

A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob. The article doesn’t say how the hacking tool got installed into cars.

Hacking

Hacking Manufacturing Marketing Software

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software

Software Cryptocurrency Malware Encryption

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. federal agencies from using Kaspersky software, mandating its removal within 90 days.

Malware

Malware Antivirus Software DDOS

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

.” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. The study focused on the latest software version (74.00.324A), but experts believe that earlier versions (at least 70.x) x) may also be vulnerable. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. based computers and networks.”

Malware

Malware Hacking Software

The Software-Defined Car

Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. The behavior of new cars is increasingly defined by software, too. But keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this,” Anhalt said. They’re highly secure.

Software

Software Engineering Internet Internet

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Schneier on Security

FEBRUARY 3, 2025

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks. ” It is not clear who was behind the attack.

Spyware

Spyware Government Hacking Software

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

The Last Watchdog

FEBRUARY 25, 2025

This category of awards ranks the worlds top 50 software education products based on authentic reviews from more than 100 million G2 users. Warn “We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards, said Dara Warn, CEO of INE. Cary, NC, Feb.

Education

Education Software Small Business Cybersecurity

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware

Spyware Hacking Surveillance Malware

Car Thieves Hacking the CAN Bus

Schneier on Security

APRIL 11, 2023

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Hacking

Hacking Software Malware

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software

Software Advertising Malware Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Phishing Cybercrime Passwords

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Malware

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Security Affairs

APRIL 10, 2025

The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack. Its the second cybersecurity breach that the software company has acknowledged to clients in the last month. Oracle Corp. reported Bloomberg.

Hacking

Hacking Data breaches Encryption Passwords

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Security Affairs

NOVEMBER 26, 2024

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. ” reads the statement published by the supply chain management software provider. grocery chain Sainsbury. ” reported CNN. Blue Yonder Group , Inc.

Software

Software Ransomware Retail Manufacturing

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

Government

Government Artificial Intelligence Banking Software

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software

Software Risk Artificial Intelligence Cyber Attacks

WhatsApp hack: Meta wins payout over NSO Group spyware

Malwarebytes

MAY 8, 2025

NSO Group reverse engineered WhatsApp’s software and developed its own software and servers to send messages to victims via the WhatsApp service that contained malware. For consumers, this means applying more layer of protection in the form of regular updates, security software , and cybersecurity awareness.

Spyware

Spyware Hacking Surveillance Government

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. ” The DOJ said it also recovered more than 6.5

Hacking

Hacking Malware Ransomware Government

Attackers could hack smart solar systems and cause serious damages

Security Affairs

FEBRUARY 28, 2025

In August 2024, Bitdefender found a major bug in Solarman PVs software, exposing all client connections. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,smart solar systems) They demonstrated how to get access to systems in the United States.

Hacking

Hacking Passwords Risk Cyber threats

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

The Last Watchdog

AUGUST 3, 2024

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

Hacking

Hacking Internet Internet Software

HPE fixed multiple flaws in its StoreOnce software

Security Affairs

JUNE 4, 2025

“Potential security vulnerabilities have been identified in HPE StoreOnce Software.” “An authentication bypass vulnerabilityexists in HPE StoreOnce Software.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Hewlett Packard Enterprise)

Software

Software Backups Authentication Hacking

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. The key works without the need for any special software drivers.

Hacking

Hacking Social Engineering Phishing Scams

Researchers found one-click RCE in ASUS’s pre-installed software DriverHub

Security Affairs

MAY 12, 2025

An attacker can exploit this vulnerability to install malicious software. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ASUS ) This is understandable since ASUS is just a small startup and likely does not have the capital to pay a bounty.” ” concludes MrBruh.

Software

Software Hacking Information Security

Attackers exploit SimpleHelp RMM Software flaws for initial access

Security Affairs

JANUARY 28, 2025

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. “On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. ” reads the report published by Artic Wolf.

Software

Software Passwords Accountability Encryption

Crashing iPhones with a Flipper Zero

Schneier on Security

NOVEMBER 6, 2023

The Flipper Zero is an incredibly versatile hacking device. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups.

Firmware

Firmware Hacking Software

Court Rules Against NSO Group

Schneier on Security

MAY 13, 2025

The case is over : A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is.

Software

Software Hacking

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server.

Authentication

Authentication Engineering Malware Passwords

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Hacking

Hacking Government Software Information Security

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. Many cyber attacks exploit vulnerabilities in outdated software.

Small Business

Small Business Data breaches Backups Passwords

Android spyware hidden in mapping software targets Russian soldiers

Security Affairs

APRIL 23, 2025

“Alpine Quest is topographic software that allows different maps to be used both in online and offline mode. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Android spyware) ” reads the report published by Doctor Web.

Spyware

Spyware Software Malware Hacking

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency

Cryptocurrency Hacking Government Accountability

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Security Affairs

MARCH 30, 2025

This week, Cl0p ransomware group listed Sams Club among the victims of its December Cleo software exploit , accusing it of ignoring security. ” Ransomware gang Cl0p leaked files from Rackspace Technology and listed ~170 companies allegedly hacked via zero-day vulnerabilities in Cleos file-transfer software.

Ransomware

Ransomware Data breaches Software Hacking

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Security Affairs

DECEMBER 3, 2024

The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, an unauthenticated, remote attacker could exploit the flaw to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA. ” reads the advisory.

Software

Software Hacking Information Security

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware

Spyware Government Surveillance Hacking

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities.

Identity Theft

Identity Theft Passwords Malware Banking

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Security Affairs

APRIL 1, 2025

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0,

Authentication

Authentication Software Ransomware Hacking

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature.

Software

Software Internet Internet Hacking

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software.

Hacking

Hacking Risk Cybersecurity Government

Faking an iPhone Reboot

Schneier on Security

JANUARY 12, 2022

” It’s a complicated hack, but it works. I see this as another manifestation of the security problems that stem from all controls becoming software controls. Now that software controls those functions, you can never be sure. The user cannot feel a difference between a real shutdown and a “fake shutdown.”

Malware

Malware Software Hacking

Hacking Digital License Plates

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Trending Sources

NSO Group Spies on People on Behalf of Governments

Hacking Automobile Keyless Entry Systems

New MassJacker clipper targets pirated software seekers

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Mazda Connect flaws allow to hack some Mazda vehicles

FBI Deletes PlugX Malware from Thousands of Computers

The Software-Defined Car

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Car Thieves Hacking the CAN Bus

Using Google Search to Find Software Can Be Risky

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

DOGE as a National Cyberattack

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

WhatsApp hack: Meta wins payout over NSO Group spyware

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Attackers could hack smart solar systems and cause serious damages

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

HPE fixed multiple flaws in its StoreOnce software

When Low-Tech Hacks Cause High-Impact Breaches

Researchers found one-click RCE in ASUS’s pre-installed software DriverHub

Attackers exploit SimpleHelp RMM Software flaws for initial access

Crashing iPhones with a Flipper Zero

Court Rules Against NSO Group

Microsoft Patch Tuesday, November 2024 Edition

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Android spyware hidden in mapping software targets Russian soldiers

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Internet Archive data breach impacted 31M users

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Poland probes Pegasus spyware abuse under the PiS government

International law enforcement operation dismantled RedLine and Meta infostealers

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Faking an iPhone Reboot

Stay Connected