What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-29 03:27:14 | e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata (lien direct) | In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites.
"We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes |
|||
|
2020-06-26 07:05:03 | \'Satori\' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison (lien direct) | The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.
According to court documents, |
Satori | ||
|
2020-06-25 05:11:58 | WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers (lien direct) | The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups.
The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it |
|||
|
2020-06-25 03:42:20 | Docker Images Containing Cryptojacking Malware Distributed via Docker Hub (lien direct) | With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies.
According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the |
Malware Threat | ||
|
2020-06-25 03:08:22 | Critical Flaws and Backdoor Found in GeoVisions Fingerprint and Card Scanners (lien direct) | GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.
In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the |
|||
|
2020-06-23 08:29:38 | New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur (lien direct) | Unprecedented times call for unprecedented measures.
No, we're not talking about 'coronavirus,' the current global pandemic because of which Apple-for the very first time in history-organized its Worldwide Developer Conference (WWDC) virtually.
Here we're talking about a world in which we are all connected and constantly sharing data, also known as the new oil, with something called "privacy" |
|||
|
2020-06-23 04:03:32 | VirusTotal Adds Cynet\'s Artificial Intelligence-Based Malware Detection (lien direct) | VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm.
VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and automatically shares them with the security community. With the onslaught of new malware types and samples, |
Malware Threat | ||
|
2020-06-23 01:53:35 | Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards (lien direct) | Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites.
According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for |
Threat | ||
|
2020-06-22 07:08:55 | Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online (lien direct) | A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States.
Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal |
|||
|
2020-06-22 03:10:47 | Over 100 New Chrome Browser Extensions Caught Spying On Users (lien direct) | Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors.
Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar, |
|||
|
2020-06-18 02:50:48 | InvisiMole Hackers Target High-Profile Military and Diplomatic Entities (lien direct) | Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage.
The findings are part of a collaborative analysis by cybersecurity firm ESET and the impacted firms, resulting in an extensive look into InvisiMole's operations and the group's tactics, tools, and procedures |
Threat | ||
|
2020-06-17 05:48:14 | Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs (lien direct) | Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money.
The campaign, dubbed "Operation In(ter)ception" because of a reference to "Inception" in the malware sample, took |
Malware | ||
|
2020-06-17 05:37:13 | New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking (lien direct) | The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe.
Dubbed "Ripple20," the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if weaponized, could |
|||
|
2020-06-17 05:22:48 | Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free (lien direct) | The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.
Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security |
|||
|
2020-06-16 05:30:49 | Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations (lien direct) | If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software.
In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in Oracle's E-Business Suite (EBS), |
|||
|
2020-06-15 04:15:29 | WebAuthn Passwordless Authentication Now Available for Atlassian Products (lien direct) | Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.
Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools.
Considering how |
|||
|
2020-06-15 03:53:37 | New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users (lien direct) | High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research.
The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive |
|||
|
2020-06-13 03:54:25 | Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room (lien direct) | You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there-visible from a window-and measuring the amount of light it emits.
A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover |
|||
|
2020-06-11 14:35:49 | A Bug in Facebook Messenger for Windows Could\'ve Helped Malware Gain Persistence (lien direct) | Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.
The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already |
Malware Vulnerability Threat | ||
|
2020-06-10 05:59:04 | Intel CPUs Vulnerable to New \'SGAxe\' and \'CrossTalk\' Side-Channel Attacks (lien direct) | Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE).
Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's |
|||
|
2020-06-10 02:13:52 | MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform (lien direct) | As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense.
To address this demand, managed security services providers (MSSPs) and managed service providers (MSPs) continuously search for the right products that would empower their |
|||
|
2020-06-09 15:56:47 | Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide (lien direct) | A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.
Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.
Hack-for-hire services do not operate as a |
Hack | ||
|
2020-06-09 13:39:32 | SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol (lien direct) | Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks.
Dubbed "SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in |
Vulnerability | ||
|
2020-06-09 11:14:16 | Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities (lien direct) | Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products.
This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management |
|||
|
2020-06-09 07:54:59 | Security Drift – The Silent Killer (lien direct) | Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate (CAGR) at anywhere between 8 to 15%.
It is not surprising to see this growth in spending, which is primarily driven by the evolving sophistication and volume of attacks as well as the |
|||
|
2020-06-09 00:07:13 | Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets (lien direct) | Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns.
In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavor Business Media last month that are still hosting |
|||
|
2020-06-08 03:07:20 | Any Indian DigiLocker Account Could\'ve Been Accessed Without Password (lien direct) | The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass mobile one-time passwords (OTP) and sign in as other users to access their sensitive documents stored on the platform.
"The OTP function lacks authorization which makes it possible to perform OTP validation with |
Vulnerability | ||
|
2020-06-04 01:31:39 | New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers (lien direct) | A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday.
The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom |
Tool Threat | ||
|
2020-06-03 08:53:45 | Two Critical Flaws in Zoom Could\'ve Let Attackers Hack Systems via Chat (lien direct) | If you're using Zoom-especially during this challenging time to cope with your schooling, business, or social engagement-make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.
No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news, |
Hack | ||
|
2020-06-03 05:56:01 | Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers (lien direct) | A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios.
The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards |
Hack | ||
|
2020-06-03 04:16:35 | New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs (lien direct) | Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process.
A common practice is for each organization to put together a dedicated set of questions for each role.
Today, Cynet launches the Cybersecurity Skill Tests |
|||
|
2020-06-01 22:37:18 | Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers (lien direct) | Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.
Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to |
Vulnerability | ||
|
2020-06-01 05:06:28 | How to Create a Culture of Kick-Ass DevSecOps Engineers (lien direct) | Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure.
With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities |
|||
|
2020-06-01 04:34:02 | Joomla Resources Directory (JRD) Portal Suffers Data Breach (lien direct) | Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.
The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.
The |
Data Breach | ||
|
2020-05-30 08:43:58 | Critical \'Sign in with Apple\' Bug Could Have Let Attackers Hijack Anyone\'s Account (lien direct) | Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system.
The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple' |
Vulnerability | ||
|
2020-05-30 03:32:55 | New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective (lien direct) | Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed.
The findings are from a paper "DABANGG: Time for Fearless Flush based Cache Attacks" published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian |
|||
|
2020-05-30 00:56:49 | Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds (lien direct) | Mitron (means "friends" in Hindi), you have been fooled again!
Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords.
I am sure many of you already know what TikTok is, and those still unaware, it's a |
Hack Vulnerability | ★★★★★ | |
|
2020-05-28 03:35:40 | A New Free Monitoring Tool to Measure Your Dark Web Exposure (lien direct) | Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web.
To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered |
Tool | ||
|
2020-05-28 02:52:25 | Researchers Uncover Brazilian Hacktivist\'s Identity Who Defaced Over 4800 Sites (lien direct) | It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps.
That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government |
Guideline | ||
|
2020-05-27 03:31:37 | Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs (lien direct) | Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.
The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for |
Malware | ||
|
2020-05-26 07:40:30 | New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps (lien direct) | Remember Strandhogg?
A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.
Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the |
Vulnerability | ||
|
2020-05-26 02:48:01 | New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data (lien direct) | Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data.
"ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with |
Malware | ||
|
2020-05-25 01:02:17 | New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug (lien direct) | The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version.
Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said "every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next |
Tool Guideline | ||
|
2020-05-21 03:55:04 | How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19 (lien direct) | The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work.
There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity.
Tools for Collaboration
There has been a |
|||
|
2020-05-21 01:11:42 | Iranian APT Group Targets Governments in Kuwait and Saudi Arabia (lien direct) | Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal |
Threat Prediction | APT 39 | |
|
2020-05-20 06:11:45 | [Guide] Finding Best Security Outsourcing Alternative for Your Organization (lien direct) | As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form.
Today, Cynet releases the Security Outsourcing Guide (download here), providing IT Security executives with clear and actionable guidance on |
|||
|
2020-05-20 03:33:03 | Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records (lien direct) | The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums.
In an official statement released on Tuesday, the Security Service of Ukraine (SBU) said it identified the hacker behind the pseudonym "Sanix |
|||
|
2020-05-19 09:04:10 | Brazil\'s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users (lien direct) | Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online to anyone without authentication.
SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers-272GB and 1.3TB in size-belonging to Natura that exposed more than 192 million records. |
|||
|
2020-05-19 06:50:41 | British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers\' Data (lien direct) | British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers.
In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their |
Data Breach | ||
|
2020-05-19 04:20:48 | New Bluetooth Vulnerability Exposes Billions of Devices to Hackers (lien direct) | Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.
The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for |
Vulnerability |
To see everything:
Our RSS (filtrered)
