Decrypting’s Complete Content Library
-
Romania’s Election System Suffered 85000 Attacks Approaching Elections!
Documents declassified by Romania’s top security council last Wednesday revealed that the country suffered over 85,000 cyber attacks leading up to and during the course of its most recent elections which resulted in credentials for election-related websites being leaked on Russian cybercrime forums a few days before the presidential election. The attacks were referred to…
-
Hackers Hacking Hackers: Turla Exploits Storm-0156 to Siphon Data
Sometimes hackers don’t even bother doing their own hacking and instead latch on to other hackers who they know have been successful in their attacks. One such Russia-linked Advance Persistent Threat(APT) group Turla(a.k.a Secret Blizzard) has been linked to a campaign that involved infiltrating the command and control(C2) servers of Pakistani hacker group Storm-o156 to…
-
Windows Cyber Attack Warning: Zero-Click Russian Backdoors Confirmed!
Prominent Russia-linked hacker group RomCom has been discovered using a chain of previously unknown Zero-Day vulnerabilities, one with a severity rating of 9.8 and the other of 8.8. The vulnerabilities exist in the Mozilla Firefox browser and Windows itself. They can be exploited in order to install a backdoor capable of executing commands and downloading…
-
HDFC Life Insurance Suffers Data Breach! How to Protect Yourself
HDFC Life disclosed a data breach yesterday, becoming the latest in a series of cyber attacks on Indian insurance companies. Star and Tata AIG both suffered similar breaches in recent times. The company disclosed the breach in a regulatory filing on the 26th of November 2024 and said that it is working with information security…
-
Mailware: Swiss Hackers Using Snail Mail to Distrubute Malware
Swiss hackers are going old-school using snail mail! Switzerland’s National Cyber Security Centre(NCSC) has issued an alert about the country’s postal service being used to spread malware. Hackers have been sending letters to citizens, claiming to be from Meteo-Suisse, the nation’s Federal Office of Meteorology and Climatology. The letters contain a QR code which can…
-
Update: CISA Adds Three Vulnerabilities to its Kown Exploited Vulnerabilities(KEV) Catalog
CISA has added three more vulnerabilities to its Known Exploited Vulnerabilities(KEV) Catalog. CVE-2024-0012: PAN-OS Authentication Bypass CVE-2024-0012 is a critical authentication bypass in the management interface of Palo Alto Networks’s PAN-OS. This vulnerability can enable an unauthenticated attacker to perform administrative actions and tamper with configurations. This issue affects PAN-OS versions 10.2, 11.0, 11.1, and…
-
Indian Cybercrime Bust: Trio Arrested for Laundering Funds to China and Nepal via Cryptocurrency
Three suspects were arrested late last week in Pimpri Chinchwad, Maharashtra, India, following a probe by the city’s cyber police, for links to international cybercriminal organisations. The trio reportedly ran a cybercrime operation, managing mule accounts to funnel cryptocurrency to masterminds based in China and Nepal. The investigators were originally probing a case in which…
-
How Hackers Avoid Detection using ZIP files
A significant part of a cybercriminal’s arsenal of tools and techniques is dedicated to evading detection by security solutions such as firewalls and antiviruses. Depending on the nature of the malware that needs to be delivered, the criminal might pick the most suited method of avoiding detection. ZIP File Concatenation is one such method used…
-
Winos 4.0: How Gaming Apps can be Used to Infect your Computer
Researchers at Fortinet have observed multiple samples of an advanced malware, Winos 4.0, hidden within gaming-related applications such as speed boosters, optimization utilities, and installation tools. Winos is an advanced malware with several components handling distinct functions that collectively give the attacker complete control over the victim’s machine. The malware is similar to CobaltStrike and…
-
The Ultimate Guide to Home Wi-Fi Security
Hello there and welcome to another guide! This one is for those of you who might want your Wi-Fi to be more secure. Here are 5 simple steps to help you cover all the bases of Wi-Fi Security. We’re not just listing the steps here – we’re breaking down what each one can prevent so…
-
ChatGPT Vulnerable to Manipulation using Hex Code
Generative AI such as ChatGPT, Gemini, and Copilot can generate just about anything and although the majority uses these models in constructive ways, there are always bad actors looking to use them for malicious purposes. Therefore, companies that bring us these models must prevent bad actors from using their products for such purposes. Most companies…
-
The Ultimate Guide to Cybersecurity for Remote Workers: Best Practices for Staying Safe Online
In today’s digital age, working remotely is more than a trend—it’s the new normal for many professionals. But whether you’re working remotely for a company or yourself, cybersecurity challenges can quickly become personal. Hackers know that many remote setups lack the robust security of traditional office environments, making them an easier target than an office…
-
CVE-2024-47575: Critical Vulnerability in Fortinet’s Fortimanager
Fortinet has made the news once again with a critical flaw in their software management platform FortiManager which could allow a remote attacker to run code on unpatched systems and, due to the managerial nature of the application, possibly spread further into the network. The vulnerability tracked, as CVE-2024-47575, has a CVSS score of 9.8…
-
Severe Flaws in Cloud Storage Platforms Affecting 22 Million People
Researchers at ETH Zurich have found vulnerabilities in several end-to-end encrypted cloud storage platforms being used by over 22 million people in total. While cloud storage platforms like Google Drive, Dropbox, and OneDrive are household names, these services do not provide End-to-End Encryption, meaning that the provider has access to the data stored on their…
-
Cyprus Thwarts Cyber Attack on Government Sites
The Cyprus government faced a string of attacks over a three-day period targeting state-run utilities and the Cypriot subsidiary of a Greek energy company last week. The latest of these attacks occurred on Sunday, targeting the government’s online portal, and was thwarted by a quick and coordinated response by the authorities. Cyprus’ Ministry of Research,…
-
CISA, FBI, NSA, and International Partners Warn of Iranian Hackers Targeting Critical Infrastructure
Cybersecurity and intelligence agencies from Australia, Canada, and the United States have released a joint advisory warning about a year-long campaign undertaken by Iran-linked cyber-attackers to infiltrate critical infrastructure organisations via attacks aimed at obtaining credentials and other information describing the organisations’ networks. Brute-force attacks: A brute-force attack is a type of cyberattack in which an attacker systematically…
-
Pokémon Developer Breached: Source Code and Personal Information Leaked
In yet another crazy fan leak for this year, multiple gigabytes of information including source code and other confidential data related to multiple incarnations of the Nintendo exclusive Pokémon video game series have been leaked online. The leak, dubbed “Teraleak”, seems to be the biggest in Pokémon history. The leaked information is full of easter…
-
Hacked Robot Vacuums Yell Racial Slurs at Owners
Robot Vacuums made by Ecovacs, one of the largest home robotics companies in the world, have reportedly been roving around people’s homes yelling slurs at their owners through the onboard speakers. A critical vulnerability in the company’s software left the robots susceptible to being hacked from afar, allowing attackers to take control of the devices…
-
Cyber Attacks Hit Iran’s Nuclear Facilities
Iran faced major cyber attacks on Saturday, the 12th of October 2024, targeting various government entities including nuclear facilities. The cyber attack follows Israel’s vow to respond to the 200-missile barrage conducted by Iran on the 1st of October amid the ongoing and intensifying conflicts in Gaza and Lebanon. The former secretary of Iran’s Supreme…
-
CISA Orders US Federal Agencies to Patch this Fortinet Flaw!
On the 9th of October, CISA revealed a critical vulnerability in Fortinet’s FortiOS, tracked as CVE-2024-23113, being actively exploited in the wild by attackers to achieve Remote Code Execution(RCE). CISA has since added it to its Known Exploited Vulnerabilities Catalogue and ordered US Federal agencies to patch it within 3 weeks. The root cause of…
-
Internet Archives Suffers Breach: 31 Million Affected
The Wayback Machine of the Internet Archives has been breached by a threat actor who stole a user authentication database containing 31 million unique records from the website. A javascript alert created by the hacker on the compromised website reads, “Have you ever felt like the Internet Archive runs on sticks and is constantly on…
-
Blind Trust in LLMs: How Hallucinated Packages Can Compromise Open-Source Projects
Large Language Models(LLMs) have become essential tools for software developers, helping them solve complex problems and even implement entire functionalities in some cases. However, while these models can accelerate development and streamline workflows, over-reliance on them comes with its own set of risks. A well-known flaw of LLMs is their tendency to ‘hallucinate’—a phenomenon where…
-
Pro-Ukraine Hackers Attack Russian Media Company on Putin’s Birthday
Russian state media company VGTRK, which owns and operates the country’s main national TV stations, has fallen victim to a targeted cyber attack claimed by the Ukrainian government to be orchestrated by hackers based in Kyiv. The attack, which occurred on the 7th of October, caused the company’s website and its 24-hour news live stream…
-
Crypto Wallets Targetted Using Malicious PyPI Packages
PyPI has long been used as a means of distributing malicious code masquerading as legitimate utilities by bad actors. Yehuda Gelb recently exposed one such operation, targeting users of prominent crypto-wallets such as Atomic, Metamask, Exodus, and many more, by uploading multiple packages within a short timeframe to the repository, presenting them as utilities for…
-
Linux Printing System Vulnerabilities Lead to Remote Code Execution(RCE)
A chain of vulnerabilities in the Common UNIX Printing System(CUPS) was recently discovered by security researcher Simone Margaritelli, allowing attackers to execute code remotely on vulnerable machines provided certain conditions are met. CUPS is the most widely used printing system on Linux and other UNIX-like operating systems. It has a myriad of components that work…
-
Exploding Pagers and Walkie-Talkies in Lebanon – A Hacker’s Analysis
Lebanese militant group Hezbollah has had a rough couple of days with communication devices exploding all around them. Thousands of pagers detonated simultaneously in Hezbollah strongholds on Tuesday, the 17th of September, killing 9 and injuring more than 3,000 Lebanese citizens. Among the affected were several Hezbollah fighters as well as Iran’s envoy to Beirut.…
-
RAMBO: Stealing Secrets from Isolated Computers
Background Prominent researcher Mordechai Guri of the Ben-Gurion University of the Negev, Israel, recently released a research paper detailing a new method that allows attackers to steal sensitive information from air-gapped(isolated) computers. Air-gapped systems are systems that are physically separated from external networks, including the Internet. This is achieved by keeping the system disconnected from any wired…
-
Revival Hijack: A PyPI Supply Chain Attack Technique.
Researchers at JFrog have recently discovered a PyPI supply chain attack technique being exploited in the wild, dubbed “Revival Hijack”. This technique can be used to hijack Python packages hosted on PyPI by manipulating the option to re-register(revive) their names once the owner takes them down. A package repository is a centralized storage location for software packages,…
-
Transport for London(TFL) is Dealing with an ongoing Cyber Attack!
London’s transport authority, Transport for London(TFL), is experiencing an ongoing cyber attack. In a statement released on its website, the TFL stated that it is currently dealing with an ongoing cybersecurity incident. TFL’s services are running as usual for now. The agency has assured its customers that it is working with relevant authorities to respond…
-
Airport Security Screening can be Bypassed?
Security researchers Sam Curry and Ian Carrol discovered a vulnerability in an air transport security system which could allow unauthorized individuals to bypass airport security screenings and even gain access to flight cockpits!
-
Uber Fined 290 Million Euros for GDPR Violations
The Dutch Data Protection Authority(DPA) has imposed a fine of 290 Million euros on transport giant Uber for violations of the General Data Protection Regulation(GDPR) in Europe. Uber was found to be transferring the personal data of European taxi drivers to the United States(US) without safeguarding the data being transferred as mandated by the GDPR.…
-
The Lay(wo)man’s Guide to Online Security
Overview The average individual spends 6 hours and 35 minutes of their day on the internet. At least 1/3rd of this time is spent on social media, peering into other people’s lives and giving them peaks into their own. There is however a limit to how much information you can put online without consequence. In…
-
NIST’s Post Quantum Encryption Standards 2024
The National Institute of Standards and Technology(NIST), on the 13th of August 2024, released its principal set of encryption algorithms, designed to withstand attacks from quantum computers. The development of Quantum computing has caused growing concerns about the ability of current encryption standards to maintain their security. Experts claim that most modern encryption standards will be…
-
GrimResource: Achieving Command Injection on Windows
After Microsoft’s well founded decision to disable office macros on files sourced from the internet, one of the most widely used techniques by attackers to deliver malware was disarmed. Spearphishers were sent scrambling to find alternate techniques to gain footholds on victim PCs. Many new techniques have since surfaced to fill the void left by this development, the latest of…
-
Everything You Need to Know About the Snowflake Breaches
Information stealer leaks over the past several years culminated in a series of breaches starting in May this year, involving 165 companies including Ticketmaster, Santander, AT&T, Advance Auto Parts, Anheuser-Busch, and Lending Tree. We will refer to these as the Snowflake breaches. It all started when a threat actor group by the name of ShinyHunters put the…
-
ClownStrike: CrowdStrike’s Faulty Update that Broke the Internet
Global cybersecurity giant CrowdStrike unintentionally became the reason for a massive Denial-of-Service(DoS) last Friday when a routine update to their endpoint security platform Falcon went horribly wrong. A faulty component pushed with the update triggered a logic error in Windows PCs worldwide causing them to get stuck on Blue Screens of Death(BSOD) and in never-ending boot loops. The update contained newly observed malicious pipes being used by common C2 frameworks for…
-
Ransomware Group DarkAngels and the Largest Payout Ever
The DarkAngels ransomware group is a group of threat actors which emerged in May of 2022 and have since been known to have conducted some of the biggest and most successful ransomware attacks in recent times. What makes this group even more impressive is the fact that they have kept such a low profile all this time, only now catching the limelight due to the record breaking payout they just received. According…
-
About Us
Cybersecurity for Everyone Cybersecurity affects everyone. Our purpose is to empower people with the knowledge they need to stay safe and secure online. Hello There! I am Kaval Joshi a.k.a Kr1pt7c, A cybersecurity consultant, security researcher, darknet prowler, and creator of Decrypting. Welcome! Let’s start with why. Why did I start Decrypting? The field of Cybersecurity has a high knowledge barrier. Most people don’t…
-
The Ransomware Attack on Synnovis that Broke London Healthcare
A ransomware attack on pathology and diagnostic service provider Synnovis on the 3rd of June has shaken London’s healthcare system to its core, causing disruptions at multiple major NHS hospitals in London. The Attack Synnovis went live with a Laboratory Information Management System(LIMS) in October of 2023, which combined multiple separate IT systems set up for the NHS-affiliated trusts…