What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-15 05:39:17 | 4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide (lien direct) | Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe.
Collectively called the "Tetrade" by Kaspersky researchers, the malware families - comprising Guildma, Javali, Melcoz, and Grandoreiro - have evolved their capabilities to function as a backdoor and adopt |
Malware | ||
|
2020-07-14 10:47:11 | 17-Year-Old Critical \'Wormable\' RCE Vulnerability Impacts Windows DNS Servers (lien direct) | Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability-carrying a severity score of 10 out of 10 on the CVSS scale-affecting Windows Server versions 2003 to 2019.
The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted |
Vulnerability | ★★ | |
|
2020-07-14 07:45:35 | Adobe Issues July 2020 Critical Security Patches for Multiple Software (lien direct) | Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications.
Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity.
The affected products that received security patches today include:
Adobe Creative Cloud Desktop Application
Adobe Media Encoder
Adobe Genuine Service
Adobe |
|||
|
2020-07-14 02:10:51 | CompTIA Certification Prep Courses – Get Lifetime Access @ 99% Discount (lien direct) | In the world of professional IT, recruiters look for certificates as an important criterion for eligibility. Any résumé that includes CompTIA certificates tends to rise up the pile.
Of course, there are many different CompTIA exams you can choose from based on your interest and already chosen path.
Our educational and industry partners have introduced "Complete 2020 CompTIA Certification |
|||
|
2020-07-14 00:17:22 | New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications.
The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity |
Vulnerability | ||
|
2020-07-11 12:03:58 | Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily (lien direct) | Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos.
The Indian video sharing app, called Chingari, is available for Android and iOS |
Vulnerability | ||
|
2020-07-10 05:35:03 | Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 (lien direct) | A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.
By the way, if someone is still using Windows 7, they deserve to get hacked, including many organizations without extended support, because it's only a matter of time before they'll be a |
Vulnerability | ||
|
2020-07-09 03:01:04 | Joker Malware Apps Once Again Bypass Google\'s Security to Spread via Play Store (lien direct) | Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge.
In a report published by Check Point research today, the malware - infamously called Joker (or Bread) - has found another trick to bypass Google's Play Store protections: |
Malware | ||
|
2020-07-08 02:18:21 | The Incident Response Challenge 2020 - Results and Solutions Announced (lien direct) | In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals.
The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as |
|||
|
2020-07-08 00:43:59 | Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products (lien direct) | Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.
Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the |
|||
|
2020-07-07 02:56:05 | Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service (lien direct) | Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.
The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with |
Malware | ||
|
2020-07-06 04:40:46 | Cato MDR: Managed Threat Detection and Response Made Easy (lien direct) | Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises.
To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 (!) days.
To keep the enterprise protected, IT needs to figure out a way to break this endless cycle without |
Threat | ||
|
2020-07-04 07:26:31 | Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers (lien direct) | Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.
The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers |
Vulnerability | ||
|
2020-07-03 04:56:19 | Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network (lien direct) | In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.
Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized |
|||
|
2020-07-02 02:59:35 | Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking (lien direct) | A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.
The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.
According to a |
|||
|
2020-07-01 05:25:32 | Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws (lien direct) | Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.
To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.
That's likely because both flaws reside in the Windows Codecs |
|||
|
2020-07-01 03:43:24 | Use This Definitive RFP Template to Effectively Evaluate XDR solutions (lien direct) | A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.
Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.
XDR has been referred to as the next step in the evolution of Endpoint |
Threat | ||
|
2020-07-01 02:08:13 | A New Ransomware Targeting Apple macOS Users Through Pirated Apps (lien direct) | Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.
According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's |
Ransomware Malware | ||
|
2020-06-30 00:45:13 | Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware (lien direct) | Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.
The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker |
Threat | ||
|
2020-06-29 04:21:46 | Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards (lien direct) | A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes.
Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud-one count of access |
Guideline | ||
|
2020-06-29 03:27:14 | e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata (lien direct) | In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites.
"We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes |
|||
|
2020-06-26 07:05:03 | \'Satori\' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison (lien direct) | The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.
According to court documents, |
Satori | ||
|
2020-06-25 05:11:58 | WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers (lien direct) | The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups.
The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it |
|||
|
2020-06-25 03:42:20 | Docker Images Containing Cryptojacking Malware Distributed via Docker Hub (lien direct) | With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies.
According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the |
Malware Threat | ||
|
2020-06-25 03:08:22 | Critical Flaws and Backdoor Found in GeoVisions Fingerprint and Card Scanners (lien direct) | GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.
In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the |
|||
|
2020-06-23 08:29:38 | New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur (lien direct) | Unprecedented times call for unprecedented measures.
No, we're not talking about 'coronavirus,' the current global pandemic because of which Apple-for the very first time in history-organized its Worldwide Developer Conference (WWDC) virtually.
Here we're talking about a world in which we are all connected and constantly sharing data, also known as the new oil, with something called "privacy" |
|||
|
2020-06-23 04:03:32 | VirusTotal Adds Cynet\'s Artificial Intelligence-Based Malware Detection (lien direct) | VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm.
VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and automatically shares them with the security community. With the onslaught of new malware types and samples, |
Malware Threat | ||
|
2020-06-23 01:53:35 | Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards (lien direct) | Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites.
According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for |
Threat | ||
|
2020-06-22 07:08:55 | Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online (lien direct) | A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States.
Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal |
|||
|
2020-06-22 03:10:47 | Over 100 New Chrome Browser Extensions Caught Spying On Users (lien direct) | Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors.
Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar, |
|||
|
2020-06-18 02:50:48 | InvisiMole Hackers Target High-Profile Military and Diplomatic Entities (lien direct) | Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage.
The findings are part of a collaborative analysis by cybersecurity firm ESET and the impacted firms, resulting in an extensive look into InvisiMole's operations and the group's tactics, tools, and procedures |
Threat | ||
|
2020-06-17 05:48:14 | Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs (lien direct) | Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money.
The campaign, dubbed "Operation In(ter)ception" because of a reference to "Inception" in the malware sample, took |
Malware | ||
|
2020-06-17 05:37:13 | New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking (lien direct) | The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe.
Dubbed "Ripple20," the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if weaponized, could |
|||
|
2020-06-17 05:22:48 | Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free (lien direct) | The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.
Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security |
|||
|
2020-06-16 05:30:49 | Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations (lien direct) | If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software.
In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in Oracle's E-Business Suite (EBS), |
|||
|
2020-06-15 04:15:29 | WebAuthn Passwordless Authentication Now Available for Atlassian Products (lien direct) | Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.
Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools.
Considering how |
|||
|
2020-06-15 03:53:37 | New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users (lien direct) | High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research.
The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive |
|||
|
2020-06-13 03:54:25 | Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room (lien direct) | You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there-visible from a window-and measuring the amount of light it emits.
A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover |
|||
|
2020-06-11 14:35:49 | A Bug in Facebook Messenger for Windows Could\'ve Helped Malware Gain Persistence (lien direct) | Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.
The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already |
Malware Vulnerability Threat | ||
|
2020-06-10 05:59:04 | Intel CPUs Vulnerable to New \'SGAxe\' and \'CrossTalk\' Side-Channel Attacks (lien direct) | Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE).
Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's |
|||
|
2020-06-10 02:13:52 | MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform (lien direct) | As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense.
To address this demand, managed security services providers (MSSPs) and managed service providers (MSPs) continuously search for the right products that would empower their |
|||
|
2020-06-09 15:56:47 | Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide (lien direct) | A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.
Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.
Hack-for-hire services do not operate as a |
Hack | ||
|
2020-06-09 13:39:32 | SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol (lien direct) | Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks.
Dubbed "SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in |
Vulnerability | ||
|
2020-06-09 11:14:16 | Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities (lien direct) | Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products.
This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management |
|||
|
2020-06-09 07:54:59 | Security Drift – The Silent Killer (lien direct) | Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate (CAGR) at anywhere between 8 to 15%.
It is not surprising to see this growth in spending, which is primarily driven by the evolving sophistication and volume of attacks as well as the |
|||
|
2020-06-09 00:07:13 | Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets (lien direct) | Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns.
In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavor Business Media last month that are still hosting |
|||
|
2020-06-08 03:07:20 | Any Indian DigiLocker Account Could\'ve Been Accessed Without Password (lien direct) | The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass mobile one-time passwords (OTP) and sign in as other users to access their sensitive documents stored on the platform.
"The OTP function lacks authorization which makes it possible to perform OTP validation with |
Vulnerability | ||
|
2020-06-04 01:31:39 | New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers (lien direct) | A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday.
The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom |
Tool Threat | ||
|
2020-06-03 08:53:45 | Two Critical Flaws in Zoom Could\'ve Let Attackers Hack Systems via Chat (lien direct) | If you're using Zoom-especially during this challenging time to cope with your schooling, business, or social engagement-make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.
No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news, |
Hack | ||
|
2020-06-03 05:56:01 | Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers (lien direct) | A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios.
The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards |
Hack |
To see everything:
Our RSS (filtrered)
