2024-06-19 | Hacker Trends

7 Posts

Preauth RCE on NVIDIA Triton Server

https://sites.google.com/site/zhiniangpeng/blogs/Triton-RCE

5 Posts

CDK Global cyberattack impacts thousands of US car dealerships

https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/

5 Posts

Scathing report on Medibank cyberattack highlights unenforced MFA

https://www.bleepingcomputer.com/news/security/scathing-report-on-medibank-cyberattack-highlights-unenforced-mfa/

4 Posts

Advance Auto Parts confirms data breach exposed employee information

https://www.bleepingcomputer.com/news/security/advance-auto-parts-confirms-data-breach-exposed-employee-information/

4 Posts

Binary Ninja - Restructuring the Binary Ninja Decompiler

https://binary.ninja/2024/06/19/restructuring-the-decompiler.html

4 Posts

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html

4 Posts

Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

4 Posts

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

https://www.bleepingcomputer.com/news/security/researchers-exploit-kraken-exchange-bug-steal-3-million-in-crypto/

3 Posts

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - SecurityWeek

https://www.securityweek.com/chrome-126-update-patches-vulnerability-exploited-at-hacking-competition/

3 Posts

I Will Fucking Piledrive You If You Mention AI Again — Ludicity

https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/

3 Posts

2024 Talk Schedule - Google スプレッドシート

https://docs.google.com/spreadsheets/d/1bWoJzp7WP5ATK0X337nZbdZerDcViAaP5qgay0xCdzk/edit?usp=sharing

3 Posts

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

https://thehackernews.com/2024/06/warning-markopolos-scam-targeting.html

3 Posts

Talks | SteelCon

https://www.steelcon.info/the-event/talk-schedule/

3 Posts

AMD investigates breach after data for sale on hacking forum

https://www.bleepingcomputer.com/news/security/amd-investigates-breach-after-data-for-sale-on-hacking-forum/

3 Posts

wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI

https://meterpreter.org/wstunnel-tunnel-all-your-traffic-over-websocket-or-http2-bypass-firewalls-dpi/

3 Posts

Crown Equipment confirms a cyberattack disrupted manufacturing

https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/

3 Posts

Reversing UK mobile rail tickets

https://eta.st/2023/01/31/rail-tickets.html

3 Posts

Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks - SecurityWeek

https://www.securityweek.com/amtrak-says-guest-rewards-accounts-hacked-in-credential-stuffing-attacks/

3 Posts

Tools for Humanity | Report #2515808 - [Meetup][World ID][OIDC] Insufficient Filtering of "state" Parameter in Response Mode form_post leads to XSS and ATO | HackerOne

https://hackerone.com/reports/2515808

3 Posts

Preauth RCE on NVIDIA Triton Server

CDK Global cyberattack impacts thousands of US car dealerships

Scathing report on Medibank cyberattack highlights unenforced MFA

Advance Auto Parts confirms data breach exposed employee information

Binary Ninja - Restructuring the Binary Ninja Decompiler

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - SecurityWeek

I Will Fucking Piledrive You If You Mention AI Again — Ludicity

2024 Talk Schedule - Google スプレッドシート

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Talks | SteelCon

AMD investigates breach after data for sale on hacking forum

wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI

Crown Equipment confirms a cyberattack disrupted manufacturing

Reversing UK mobile rail tickets

Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks - SecurityWeek

Tools for Humanity | Report #2515808 - [Meetup][World ID][OIDC] Insufficient Filtering of "state" Parameter in Response Mode form_post leads to XSS and ATO | HackerOne

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

(Web-)Insecurity Blog | Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode

EU chat control law proposes scanning your messages — even encrypted ones

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

http://redsiege.com/wedoff

Active Directory Methodology in Pentesting: A Comprehensive Guide | by Very Lazy Tech | Jun, 2024 | Medium

AMD investigates a data breach

Unveiling the Highly Evasive Loader Targeting Chinese Organizations

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

AMD Investigating Breach Claims After Hacker Offers to Sell Data - SecurityWeek