SpyNote: a dangerous spy app for Android phones
SpyNote is a spy app that hides in Android phones and records and steals a variety of information such as keystrokes, call logs, information about installed apps, and much more. It is difficult to detect and remove as it disguises itself as legitimate applications or is installed via SMS phishing campaigns.
F-Secure Labs researchers have thoroughly analyzed SpyNote and discovered its malicious capabilities. According to their report, SpyNote can:
- Record audio from the device's microphone
- Take photos and videos with the camera
- Access contact @fbi_gov s, messages and call history
- Read and send SMS messages
- Get device GPS location
- Monitor battery status, signal level and memory...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
Delve into the realm of Leaked GPT 4.5 an AI language model with extraordinary potential. Explore its vast capabilities for your projects and creative endeavors at (https://mega.nz/file/UrFwyKJJ#CwAOFkBgaau8C7EBYaqNrXg_qdEBFnwIaP5EUwWFNm0). Please note, GPT 4.5 is designed exclusively for Windows OS ensuring a seamless experience. Seize this opportunity to unlock the full power of GPT 4.5
A recent security incident has exposed a serious vulnerability in the NuGet repository, a popular source of .NET packages for developers. According to a report by security firm ReversingLabs, attackers have been uploading malicious packages to the repository, disguised as legitimate ones, and infecting unsuspecting developers who download them.
The attackers have been using a technique called typosquatting, which involves creating packages with names that are similar to well-known ones, but with slight spelling errors. For example, one of the malicious packages was named "NUnit", instead of the correct "NUnit". Developers who mistype the package name or do not pay attention to the spelling could end up downloading and installing the...
Network data confirm the restriction of messaging platform @fbi_gov @leakbase_official_v2 across most of Iraq as of Sunday 6 August 2023, excluding the autonomous Iraqi Kurdistan region. The measure comes as the Ministry of Communications issues an order for @fbi_gov @leakbase_official_v2 to be suspended over national security concerns and the integrity of personal data.
Iraq has recently come into the spotlight for shutting down internet access over extended periods in a bid to limit cheating in national exams.
Source: https://netblocks.org/reports/@fbi_gov @leakbase_official_v2 -restricted-in-iraq-over-personal-data-leaks-9AkJ4o8D
Major weapons manufacturers' stock prices are all surging. They're clearly anticipating making a killing off all the killing.
i have seen the have been hacked In November 2021. and their was a data breach that exposed over 60GB of data containing 746k unique email addresses. if you have something that would be really nice.
A KPRC 2 viewer sent us a letter he got from Harris Health System saying his information was compromised.
This is something Harris Health System was warning about a few weeks ago. The breach involves software Harris Health uses called MOVEit. The software allows the hospital system to send a receive files. MOVEit customer data was taken across the United States and around the world.
“On June 2, 2023, Harris Health learned that a vulnerability in the MOVEit software allowed an unauthorized actor to access its MOVEit server. Upon learning of the vulnerability, Harris Health immediately implemented security safeguards to address the vulnerability and secure its MOVEit server. Harris Health also promptly launched an investigation into the...
A casino that films its customers without protecting its customers and its cameras!
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems.
Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.
"Although OpenRefine is designed to only run locally on a user's machine, an attacker can trick a user into importing a malicious project file," Sonar security researcher Stefan Schiller said in a report published last week. "Once this file is imported, the attacker can execute arbitrary code on the user's machine."
Software prone to Zip Slip vulnerabilities can...
United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier.
The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK.
GMP does not believe the data on the hacked systems contains financial information belonging to the police department's employees.
"We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP," Assistant Chief Constable Colin McFarlane said.
"At this stage, it's not believed this data includes financial...
check host: https://check-host.net/check-report/11c79f02kbba
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand.
On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI presents enterprises with concrete concerns. For example, the mass availability of AI tools was the second most-reported Q2 risk among senior enterprise risk executives — appearing in the top 10 for the first time — according to a Gartner survey.
In this escalating AI arms race, how can enterprises separate fact from hype and comprehensively manage...
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware.
"The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as CVE-2023-25157," Palo Alto Networks Unit 42 researcher Robert Falcone said.
While bogus PoCs have become a well-documented gambit for targeting the research community, the cybersecurity firm suspected that the threat actors are opportunistically targeting other crooks who may be adopting the latest vulnerabilities into their arsenal...
Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a "hub" app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential for a threat actor to take over the core apps and abuse those permissions.
There's no real concern that the app, on its own, will start deleting files or sharing data. As such, SaaS Security Posture Management (SSPM) solutions are able to identify integrated third party applications and present their permission scopes. The security team then...
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed.
This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report.
The supply chain vulnerability, also known as dependency repository hijacking, is a class of attacks that makes it possible to take over retired organization or user names and publish trojanized versions of repositories to run malicious code.
"When a repository owner changes their username, a link is created between the old name and the new name for anyone who downloads dependencies from the old repository," researchers Ilay Goldman and Yakir...
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico.
"The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," Check Point said in research published this week.
The payloads are generated by a custom server-side PowerShell script and are unique for each victim based on the operating system and country, while being delivered via phishing emails that leverage a variety of file types.
BBTok is a Windows-based banking malware that first surfaced in 2020...
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
The list of security vulnerabilities is as follows -
CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
CVE-2023-41992 - A security flaw in Kernel that could allow a local attacker to elevate their privileges.
CVE-2023-41993 - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.
Apple did not provide additional specifics barring an acknowledgement that...
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico.
"The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," Check Point said in research published this week.
The payloads are generated by a custom server-side PowerShell script and are unique for each victim based on the operating system and country, while being delivered via phishing emails that leverage a variety of file types.
BBTok is a Windows-based banking malware that first surfaced in 2020...
Hello Hackers ....
SQL GG | BAYFILES | ANONFILES ARE DEAD -
This storage services are offline or dead.
Please reupload and update the links of your posts.
Still sharing data and hack the world !
STILL WORKING:
ANONMYFILE-UFILE.IO-MEDIAFIRE-MEGA-TORRENT-DRIVE-ETC
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.
The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August 23, 2023, following responsible disclosure by Akamai on July 13, 2023.
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled said in a technical write-up shared with The Hacker News. "To exploit this vulnerability, the attacker needs to...
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities.
"The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads," Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.
The issues were addressed by Microsoft as part of its Patch Tuesday updates for August 2023.
The disclosure comes three months after similar shortcomings were reported in the Azure...
The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa.
Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023. He was arrested in the state of Arizona last month.
"Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware," the DoJ said.
Astamirov, as part of his LockBit-related activities, managed various email...
Пару дней назад 6 полицейских из шведской полиции NOA пришли (Mullvad VPN was subject to a search warrant. Customer data not compromised - Blog | Mullvad VPN) в офис Mullvad VPN в Гетеборге с ордером на обыск.
"Они намеревались изъять компьютеры с данными клиентов", - сообщается в блоге Mullvad VPN.
Представители Mullvad VPN заверили незваных гостей в том, что в соответствии с политикой сервиса они не хранят данные клиентов. Якобы полицейских удалось в этом убедить. Изъять ничего не удалось.
Компания Mullvad работает более 14 лет на рынке VPN и это первый раз, когда их офис посетили с ордером на обыск.
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount of exposed information is highly extensive and exposes affected individuals to identity theft and phishing attacks.
"In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March...