Over the past five years, blockchain technology has gone mainstream. More and more investors, businesses and opportunistic hobbyists are filling their cryptocurrency wallets with crypto assets like Bitcoin and Ethereum. In fact, the global user base of all cryptocurrencies increased by an estimated 190 percent between 2018 and 2020. There is undoubtedly money to be made, ushering newcomers into the world of blockchain.
The internet is an incredible tool for education. Unfortunately, not everyone uses it to better themselves or the world around them. There are plenty of opportunities to learn how to defraud, damage, and steal from organizations – so many in fact, that this open source of hacking knowledge is a new technology service industry in its own right: crime-as-a-service.
I built it – and hackers came It’s been an eventful 12 months. With people working from home, there’s been an over 40% surge in machines accessible from the internet running RDP, with RDP attacks up over 400%. 1 This site even has instructions for how to create more than one RDP instance on the same Windows 10 machine. 2 There are also these instructions for Windows 2016, that create a larger attack surface that by allowing multiple RDP connections into the same endpoint.
It has been reported that the hack that took down the largest fuel pipeline in the United States and led to fuel shortages across the whole of the East Coast was the result of a single compromised password that was leaked on the Dark Web through a data breach. On April 29th 2021, hackers gained access to the network of Colonial Pipeline Co. via a Virtual Private Network (VPN) connection that allowed the hacker remote access to the corporate network.
Cybercriminals are running an online competition offering big prizes to anyone who believes they have found an unusual way to help crooks steal cryptocurrency.
We are proud to announce that a Netacea team recently bested 128 other entrants to win the Kafka Summit Hackathon! As part of the online summit, sponsors Confluent challenged teams from all over Europe to create an event streaming application with Confluent Cloud.
STOCKHOLM, SWEDEN – the Detectify Security Research team announced the general availability of Ugly Duckling, a stand-alone application security tool specifically tailored for ethical hackers to make it easier for them to share their latest findings. This new open-source scanner was developed with the Detectify Crowdsource community hackers in mind, and it is available for any security enthusiasts to tinker with as well.
Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, Uber and FedEx.
Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.
