Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ethical Hacking. Show all posts
Hacking
Cyber Crime cybercriminals data security Ethical Hacking Hackers Hacking

Unveiling the New Era of Hacking Ethics: Profit Over Principles

 

Hacking, once a realm of curiosity-driven exploration, has morphed into a complex ecosystem of profit-driven cybercrime. Originating in the 1960s, hacking was fueled by the insatiable curiosity of a brilliant community known as "hackers." These early pioneers sought to push the boundaries of computing and digital technology, driven by a passion for discovery rather than malicious intent. 

However, the perception of hacking has since undergone a dramatic transformation. Today, the term "hacking" often conjures images of lone individuals in hoodies, exploiting vulnerabilities to steal data or wreak havoc from the safety of dimly lit rooms. While this stereotype may be exaggerated, it reflects a disturbing reality: the rise of cybercriminals who exploit technology for personal gain. 

In recent years, there has been a notable shift in the attitudes and behaviours of hackers, particularly within criminal cyber rings. Once governed by unwritten codes of ethics, these groups are now redefining the rules of engagement, prioritizing profit above all else. What was once considered off-limits—such as targeting hospitals or critical infrastructure—is now fair game for profit-driven hackers, posing significant risks to public safety and national security. 

One of the most alarming trends is the rise of ransomware attacks, where hackers encrypt sensitive data and demand payment for its release. These attacks have become increasingly brazen and aggressive, targeting organizations of all sizes and industries. The Colonial Pipeline attack, while technically not disrupting deliveries, sent shockwaves through the cybersecurity community, highlighting the audacity and impunity of modern cybercriminals. 

Moreover, hackers are no longer content with targeting individuals or businesses just once. Exploiting vulnerabilities multiple times has become commonplace, reflecting a growing sophistication and ruthlessness among cyber criminals. Several factors have contributed to this evolution of hacking ethics. Global tensions, technological advancements, and the proliferation of online platforms have all played a role in shaping the behaviour of modern hackers. 

The accessibility of hacking tools and information has lowered the barrier to entry, attracting individuals of all ages and skill levels to the world of cybercrime. Despite efforts by law enforcement and cybersecurity professionals, the threat of cybercrime continues to loom large. 

Businesses and individuals must remain vigilant, investing in robust cybersecurity measures and staying informed about evolving threats. By understanding the changing landscape of hacking ethics, we can better defend against cyber attacks and protect our digital assets and identities in an increasingly connected world.
Read more »
IT
Cloud Computing cloud storage Cyber Attacks Ethical Hacking IT

An In-Depth Exploration Of Cloud Hacking And Its Methods

 


Regardless of the size of a business or industry, cloud computing practices are becoming an increasingly popular IT practice among companies. It is a technological process that provides different services through the Internet on an on-demand basis. The resources involved in this process are various kinds of tools and applications, including software, servers, databases, networking, and data storage. It has become the most common threat in the industry because cloud hacking has become more popular due to its growing popularity.

Cloud computing, by using the Internet to store files, offers the possibility of saving files to a remote database instead of a proprietary hard drive or a local storage device. If an electronic device has access to the internet, it can access the data on the web and the software program that runs the data. This is as long as it has internet access.

It has therefore become the preferred option for both people and businesses for several reasons, including cost savings, increased productivity, speed and efficiency, performance, and security. 

As cloud computing is growing more and more popular, it is hardly surprising that the cloud is a target for hackers, the threat of cyber-hacking has seen a rapid increase following the widespread adoption of cloud computing. 

Cloud computing resources must be integrated into a company's cybersecurity strategy as an integral part of the defense against cybercrime to bolster the company's defenses. Using ethical hackers to scan cloud computing environments for vulnerabilities will allow businesses to maintain the highest degree of security. This will enable them to patch any security flaws before the attackers can exploit them.

How Does Ethical Hacking Work in Cloud Computing?


Because the choices for cloud computing are so diverse, cloud computing is now being used in some form or another by 98 percent of companies. Cloud services are often perceived as more secure than their counterparts, although they have their own set of problems when it comes to cloud hacking. 

In the wake of the exponential rise of cyberattacks on cloud-based applications, businesses need to find trusted security experts who can fix vulnerabilities and close any holes that could lead to attackers entering their systems through these channels.

It is important to protect cloud computing resources from security vulnerabilities in ethical hacking, just as it is essential to protect any other part of the information technology system. In terms of ethical hacking, there are many hats that ethical hackers wear when it comes to cloud computing. A major part of what ethical hackers do in cloud computing is identify security weaknesses and vulnerabilities in the computing infrastructure for organizations. This is being done to strengthen the security of the cloud service.


The Types of Cloud Computing: What Are They?


It is imperative to know that there are several different types of cloud computing that you can select according to your requirements. As a first step to classifying cloud services, you should start by determining where the cloud services are physically located:

Cloud services that are available to the general public are often called public cloud services because they are hosted and provided by third parties.

Private clouds are the cloud services available only to private individuals who want to use them for personal purposes.  Depending on their needs, they can either be hosted by the company itself or by a third-party service provider.

Alternatively, we can say that the customer uses a hybrid cloud strategy, in which the customer uses both public and private cloud services, for e.g., he uses a public cloud application and a private cloud database to store sensitive data.

Ethical hackers should familiarize themselves with the following cloud computing offerings as examples of how they can make use of the internet:

There is a common misconception regarding what Software as a Service means. Software as a service (SaaS) means that the cloud provider is responsible for updating and maintaining the software applications for the customer. The use of SaaS for business purposes includes the use of productivity applications such as Microsoft Office 365 as a common example.

'PaaS' stands for the platform as a service, and it provides customers with the ability to develop and run applications on a platform to that they have access. There are several examples of cloud computing services available, such as Microsoft Azure and Google App Engine.

As the name suggests, Infrastructure as a Service (IaaS) offers its customers access to hardware resources, such as computing, memory, storage, and networks through a subscription-based service. It should be noted, however, that customers have to provide their software that runs on the infrastructure.

Cloud hacking methodology: Essentials


Following the explanation of “What is cloud hacking?” and “What is cloud exploitation?" we will examine the methodology of cloud hacking. These are some examples of the kinds of attacks that ethical hackers must be aware of in the world of cloud computing to protect themselves.

Attacks using brute force, a brute-force attack is the easiest way to break into a cloud-based service, which involves trying several different combinations of usernames and passwords to see which one works. After gaining access to the system, adversaries can proceed to wreak havoc on the system and exfiltrate data from the cloud the same way they can do with any other kind of attacker.

Phishing is a different strategy than brute force attacks. This is because it impersonates a trusted third party to steal credentials from users by impersonating that third party. This is a more sophisticated kind of attack where the message is tailored to a particular individual consisting of data that is very specific.

A credential stuffing attack is one in which employees at an organization reuse their usernames and passwords across multiple services within their company. This puts the company at risk of being the victim of a credential-stuffing attack. An adversary can verify whether or not a list of user credentials stolen from a previous attack is a valid account on a different IT system. This is done by browsing through its database containing the stolen credentials.

As the cloud computing industry moves further towards the advancement of cloud computing, ethical hackers play an active role in the process. There have been an increasing number of cyberattacks on cloud infrastructure over the past few years. Ethical hacking is a key factor in making sure all businesses of any size and in any sector have appropriate defenses in place.
Read more »
Vulnerability and Exploits
Bounty Ethical Hacking Facebook Microsoft Vulnerability and Exploits

Indian Origin Woman Rewarded with Rs 22 Lakh Bounty by Microsoft

 

Aditi Singh, a 20-year-old Delhi-based ethical hacker, was awarded $30,000 (Rs 22 lakh roughly) for detecting a bug in the Microsoft Azure cloud system. Just two months ago, Aditi uncovered an issue in Facebook and got a $7500 (around Rs 5.5 lakh) bounty. 

She further claims that both these firms have a relatively new remote RCE problem, but that is something new and is not paid much attention comparatively. With such weaknesses, hackers can access and maintain information on their internal systems. 

Aditi points out that it isn't simple to locate vulnerabilities and that ethical hackers need to keep up with new bugs in their game, report them, and still be eligible for pay-outs. She does not only emphasize getting money but also stresses gaining knowledge and learning about ethical hacking first. 

“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” claimed Aditi, the first one to notice the flaw on the RCE. She added that the tech giant had taken almost two months to answer as they checked whether anybody had downloaded its faulty version or not. Aditi believes that individuals must ask the company's support team to host a bonus scheme before they even begin to uncover a bug. And, if the company confirms such a scheme, bounty hunters must yield results. 

Bug bounty hunters are mainly trained and certified cybersecurity professionals or security researchers who scan the web for bugs or loopholes via which hackers can sneak in and notify the company. Individuals are awarded cash when they succeed. 

Aditi explained that developers wrote the code immediately when a Node Package Manager was first downloaded –which is an affiliate of GitHub, where anyone can view the codes of these enterprises as they are open sources. 

For the last two years, Aditi has been ethically hacking. She first broke into the Wi-Fi password of her neighbor (which she sees as a personal triumph) and she hasn't looked back since.

In addition, she has earned letters of appreciation from Harvard University, Columbia University, Stanford University, and the Google Hall of Fame. 

“I took an interest in ethical hacking when I was preparing for NEET, my medical entrance in Kota,” Aditi says. “I didn’t get through in medical school but have found bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum, HP, among others." 

She immediately knew after reporting an OTP bypass bug in the TikTok Forgot password section, she intended to go to ethical hacking and also received a bounty of 1100 dollars. 

“There are multiple resources and Google, Twitter, and Hacker One that have write-ups with explanations about ethical hacking,” Aditi says. 

Aditi emphasizes that if individuals want to learn more about hacking, they need to know Python or JavaScript, a computer language. She also proposes OSCP, a credential program designed to help ethical hackers in bussing. She also says that most of her bounty goes into buying certified hacking courses and tools.
Read more »
Internet
Cybersecurity Ethical Hacker Ethical Hacking Hacking Internet

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.
Read more »
white hat hacking
Amazon Ethical Hacking Samsung Vulnerabilities and Exploits white hat hacking

Amazon, Sony, Xiaomi, Samsung Devices Hacked at Pwn2Own Hacking Contest at Tokyo


In a hacking contest held at Tokyo, a duo of white-hat hackers known as Fluoroacetate breached pass devices of some of the most popular tech companies namely Amazon, Samsung, Sony, Xiaomi and others. On the first day itself, the team won prize money of $145,000 (around 1.02 crore) and 15 Master of Pwn points which secured them a dominant lead ahead of others in the competition. The contestants receive a bounty for each successful breach and points that add on to the total ranking. However, the overall winner obtains the grand title 'Master of Pwn'.

The leading team, Fluoroacetate which comprises Hacker Amat Cama and Richard Zhu, amassed a lot of success early on as they managed to bypass five devices. Making history, the duo cracked down Sony X800G, first-ever Television exploited in the contesting history of Pwn2Own. Moving onto their next targets, Amazon Echo Show and Samsung Q60 television, the hackers employed an integer overflow in JavaScript to compromise both the devices. While hacking Xiaomi Mi 9, the duo used a JavaScript exploit to extract a picture from the smartphone. Next up on their list was Samsung Galaxy S10, which the remarkable duo slashed down by pushing a file on the phone via a stock overflow. The last contributor for the team's winning streak was Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface).

Points and bounty distribution 

Team Fluoroacetate piled up a total bounty of $145,000 and 15 Master of Pwn points at the end of the first day at Pwn2Own, in the following order.

Sony X800G smart TV: $15,000 and 2 Master of Pwn points.
Amazon Echo Show 5: $60,000 and 6 Master of Pwn points.
Samsung Q60 smart TV: $15,000 and 2 Master of Pwn points.
Xiaomi Mi9 smartphone: $20,000 and 2 Master of Pwn points.
Samsung Galaxy S10: $30,000 and 3 Master of Pwn points.

Pwn2Own is the top computer hacking contest that was first conducted in 2007 with the purpose of demonstrating the security flaws present in widely used software and devices. The hackers gather at the contest to demonstrate vulnerabilities for a pre-set list of software and devices, to earn points on successful discoveries the hackers must ensure that all the exploits put forth at the contest are new. After the contest, the event organizers take charge of all the bugs and vulnerabilities discovered throughout the competition and subsequently hand them over to the respective companies.

After the final day of the tournament, Fluoroacetate, accumulating total prize money of $195,000, 18.5 Master of Pwn points along with a shining trophy and other goodies, has emerged victorious and as the rightful owner of the title 'Master of Pwn'. Notably, the team's most striking accomplishment has to be the bypassing of Samsung Galaxy S10 that won the duo a whopping sum of $50,000 and 5 valuable Master of Pwn points.
Read more »
IT Security News
Ethical Hacking hacker news Information Security News IT Security News

Cyber Society of India wants to Ban Ethical Hacking course in India- Compares hackers to rapists


I was totally shocked when i heard the words came out from the President of Cyber Society of India(cysi.in) on local channel "Puthiya Thalaimurai'. The local channel covered a story about Ethical Hacking.

He told in the Puthiya Thalaimurai's interview that "Ethical hacking" is like ethical rape.  He asked "how one can claim it is legal by adding 'Ethical' word in front of Hacking".

He also added that "We are not doing rape in order to prevent rapes. Then, why we should do ethical hacking to prevent hacking?". 
  
It is ridiculous to compare ethical hackers with rapists. 

Here is Puthiya Thalaimurai's video covering Ethical Hacking (Tamil):


"I will say ban Internet, no Internet no Hacking we all will be safe. Even Pollution is increasing so shall we stop breathing????? " One hacker commented . " What I understand from my side is you should increase Cyber Forensics Courses so that we get good investigators."

"If you have good Cyber Forensics Investigators the crime rate will go down, and only those people will get enrolled to even Ethical Hacking Course who have good ethics as they know that if thet go wrong they will be arrested."

Yes, i agree with what hacker said.  An Ethical Hacking course with a cyber laws always produce a good ethical hackers.  We can't just simply ban ethical hacking course as India need more Ethical Hackers/PenTesters.  We just need to teach them cyber laws as well.

 "This is one of the most ridiculous discussions I have ever seen. Now guys will come and say don’t teach programming they will write virus" One cyber security expert comment.

"There is a great demand for “ethical” hackers all over the world and they are required to make cyber world secure. As its said in movie Spiderman “with great powers come great responsibilities” and should make kids understand the responsibilities associated with this great art."
Read more »
PenTesting
Ethical Hacking Ethical Hacking Training hacker news IT Security PenTesting

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81
Read more »
Hacking Challenge
Ethical Hacking Hacking Challenge

The Global CyberLympics Ethical Hacking Challenge

The Global CyberLympics (www.cyberlympics.org) - the world’s first international team ethical hacking championships - will be held from September across six continents.

It is endorsed by the U.N.’s cybersecurity executing arm – IMPACT - and the EC-Council is sponsoring over $400,000 worth of prizes.

Regional championships will be held in various locations across different continents, and co-hosted with reputable IT/information security conferences and tradeshows, as follows:

  • North America (Eastern) | Hacker Halted USA – Miami, USA
  • North America (Western) | TakeDownCon – Las Vegas, USA
  • South America | H2HC – Sao Paolo, Brazil
  • Europe | Hacktivity – Budapest, Hungary
  • Middle East & India | GITEX – Dubai, UAE
  • Asia Pacific | Hacker Halted APAC – Kuala Lumpur, Malaysia
  • Africa | TakeDownCon – Johannesburg, South Africa

The CyberLympics world finals is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

To compete at the games, simply form a team of between 4-6 players, ensure that all the players attempt and pass the proficiency test to earn a players code. These codes can then be used to register a team to compete against others in the region.

Registration team is waived for a limited time period. To find out how to participate in this groundbreaking event, please visit -> http://www.cyberlympics.org/TheGames/HowtoEnter.aspx

[source]

Read more »
Security Experts
Computer Security Ethical Hackers News Ethical Hacking Hackers News Security Experts

Apple Mac Book vulnerable to hack using Battery

Ethical Hacker Charlie Miller has find a way to hack the MacBook using the battery.

"Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off." Digitizor report reads.


He identified the battery chips are shipped with default password.  It means the hacker who finds the default password and learns to control the firmware is able to control them to do anything he wants.

 "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Digitizor quoted as Miller saying.
Read more »
Subscribe to: Posts (Atom)