Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-11-26 22:30:22 |
Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers (lien direct) |
You can relate this:
While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid.
Let's go undercover:
If you're in love with the Kali Linux operating system for hacking and penetration testing, here we have pretty awesome news for you.
Offensive |
|
|
|
|
2019-11-26 06:34:32 |
Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data (lien direct) |
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts.
In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users' personal |
|
|
|
|
2019-11-23 01:21:48 |
Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software (lien direct) |
Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.
VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to |
|
|
|
|
2019-11-22 22:52:54 |
OnePlus Suffers New Data Breach Impacting Its Online Store Customers (lien direct) |
Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident.
According |
Data Breach
Vulnerability
|
|
|
|
2019-11-22 07:06:18 |
Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals (lien direct) |
If you're like most consumers, you're probably looking forward to the upcoming Black Friday and Cyber Monday sale events.
Who wouldn't want to get all sorts of products and services at massive discounts?
But while most consumers are typically eyeing personal gadgets and entertainment appliances, you may want to consider scoring deals on personal security software and devices.
Everyone's |
|
|
|
|
2019-11-22 04:52:31 |
Google offers up to $1.5 million bounty for remotely hacking Titan M chip (lien direct) |
With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million.
Starting today, Google will pay $1 million for a "full chain remote code execution exploit with persistence which compromises the Titan |
|
|
|
|
2019-11-22 00:06:46 |
Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison (lien direct) |
A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York.
Stanislav Vitaliyevich Lisov, 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the |
Malware
|
|
|
|
2019-11-21 22:27:06 |
T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers (lien direct) |
Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection.
The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some of the customers using its prepaid services.
What happened? In a statement posted on its website |
Data Breach
|
|
|
|
2019-11-20 06:51:57 |
The Ultimate 2019 Security Team Assessment Template (lien direct) |
Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead.
'The Ultimate 2019 Security Team Assessment Template' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and |
|
|
|
|
2019-11-20 00:58:38 |
Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware (lien direct) |
What an irony - someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets.
The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the |
Malware
|
|
|
|
2019-11-19 21:48:38 |
New Flaw Lets Rogue Android Apps Access Camera Without Permission (lien direct) |
An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos - even when they don't have specific device permissions to do so.
You must already know that the security model of the Android mobile operating system is primarily based on device |
Vulnerability
|
|
|
|
2019-11-19 05:35:56 |
Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns (lien direct) |
Targeted ransomware attacks on banking and finance, government, healthcare, and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana.
The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email |
Ransomware
|
|
|
|
2019-11-17 01:53:44 |
7 Courses to Land a Lucrative Career in Information Security (lien direct) |
As the world becomes more interconnected by the day, more and more companies of all sizes and industries are finding themselves under attack by fearless cybercriminals who can access their entire server farms from across the globe with only a few lines of code.
And it's not just private corporations that are suffering.
A wide range of government agencies are also constantly under attack, and |
|
|
|
|
2019-11-16 02:46:46 |
New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices (lien direct) |
The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform is in choppy waters once again.
The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on |
Vulnerability
|
|
|
|
2019-11-15 01:32:52 |
Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping (lien direct) |
It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously.
Starting with the country's first-ever conviction for 'SIM Swapping' this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from victims.
In the latest |
Threat
|
|
|
|
2019-11-14 06:01:49 |
Hackers Impersonating Financial Agencies Target German, Italian, US Firms (lien direct) |
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.
Though the new malware campaigns are not customized for each organization, the threat actors appear to be more |
Ransomware
Malware
Threat
|
|
|
|
2019-11-14 03:38:37 |
Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices (lien direct) |
Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities.
According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be the most protected part of a |
|
|
|
|
2019-11-14 01:01:10 |
Company Detected Years-Long Breach Only After Hacker Maxed Out Servers\' Storage (lien direct) |
What could be even worse than getting hacked?
It's the "failure to detect intrusions" that always results in huge losses to the organizations.
Utah-based technology company InfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May 2014 until March 2016.
What's ironic is that the company detected the breach only after it |
|
|
|
|
2019-11-13 23:00:06 |
4 Best Free Online Security Tools for SMEs in 2020 (lien direct) |
Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack.
This article |
|
|
|
|
2019-11-13 07:46:20 |
New ZombieLoad v2 Attack Affects Intel\'s Latest Cascade Lake CPUs (lien direct) |
Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data |
Vulnerability
|
|
|
|
2019-11-13 02:01:07 |
The Comprehensive Compliance Guide (Get Assessment Templates) (lien direct) |
Complying with cyber regulations forms a significant portion of the CISO's responsibility. Compliance is, in fact, one of the major drivers in the purchase and implementation of new security products.
But regulations come in multiple different colors and shapes – some are tailored to a specific vertical, while others are industry-agnostic. Some bare explicit consequences for failing to comply |
|
|
|
|
2019-11-13 01:29:08 |
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices (lien direct) |
A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.
Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect |
|
|
|
|
2019-11-12 10:25:08 |
Is Facebook Secretly Accessing Your iPhone\'s Camera? Some Users Claimed (lien direct) |
It appears that Facebook at the center of yet another issue involving privacy.
Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone's camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network.
As shown in the Twitter videos below, when users click |
|
|
|
|
2019-11-11 07:44:48 |
Hackers Breach ZoneAlarm\'s Forum Site - Outdated vBulletin to Blame (lien direct) |
ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News.
With nearly 100 million downloads, ZoneAlarm offers antivirus software, firewall, and additional virus protection solutions to home PC users, small businesses, and mobile |
Data Breach
|
|
|
|
2019-11-07 06:58:43 |
Amazon\'s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password (lien direct) |
Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.
In case you don't own one of these, Amazon's Ring Video Doorbell is a smart wireless home |
Vulnerability
|
|
|
|
2019-11-07 04:09:58 |
Gartner Says the Future of Network Security Lies with SASE (lien direct) |
Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business.
Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model |
|
|
|
|
2019-11-07 03:58:44 |
Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers (lien direct) |
Do you always uncomfortable trusting companies with your data? If so, you're not alone.
While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data.
Unfortunately, when we say companies can't eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an exception.
Cybersecurity firm |
Threat
|
|
|
|
2019-11-07 02:40:14 |
Two Former Twitter Employees Caught Spying On Users For Saudi Arabia (lien direct) |
Two former employees of Twitter have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government, likely with the purpose of unmasking the identity of dissidents.
According to an indictment filed on November 5 and unsealed just yesterday, one of the charged Twitter employees, American citizen Ahmad Abouammo, left the company in May 2015 and the |
|
|
|
|
2019-11-06 02:16:27 |
Facebook Reveals New Data Leak Incident Involving Groups\' Members (lien direct) |
Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures.
In a blog post published Tuesday, Facebook said the app developers that unauthorizedly access this information were primarily social media management and video streaming apps that |
|
|
|
|
2019-11-06 01:45:08 |
Explained: How New \'Delegated Credentials\' Boosts TLS Protocol Security (lien direct) |
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS."
Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections.
In short, the new TLS protocol extension aims |
|
|
|
|
2019-11-05 03:02:47 |
PPT Template: Build Your 2020 Security Plan (lien direct) |
The end of the year is coming, and it's time for security decision-makers to make plans for 2020 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.
The Definitive2020 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an |
|
|
|
|
2019-11-05 02:11:04 |
Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light (lien direct) |
A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices - all just by shining a laser at the targeted device instead of using spoken words.
Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally |
Hack
Vulnerability
|
|
|
|
2019-11-04 10:55:03 |
Targeted Ransomware Attacks Hit Several Spanish Companies (lien direct) |
Everis, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems and operations until the issue gets resolved completely.
Ransomware is a computer virus that encrypts files on an infected system until a ransom is paid.
According to several local media, Everis informed its employees about |
Ransomware
|
|
|
|
2019-11-03 04:56:39 |
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig (lien direct) |
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.
A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow |
|
|
|
|
2019-11-03 03:34:41 |
First Cyber Attack \'Mass Exploiting\' BlueKeep RDP Flaw Spotted in the Wild (lien direct) |
Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.
In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed BlueKeep, in its Windows Remote Desktop Services |
Vulnerability
|
|
|
|
2019-11-01 02:51:48 |
New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now! (lien direct) |
Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.
With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are |
|
|
|
|
2019-10-31 07:26:14 |
Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages (lien direct) |
A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals.
Dubbed "MessageTap," the backdoor malware is a 64-bit ELF data miner that has recently been discovered installed on a Linux-based Short Message Service Center |
Malware
|
|
|
|
2019-10-31 03:40:27 |
Leading Web Domain Name Registrars Disclose Data Breach (lien direct) |
Another day, another massive data breach-this time affecting a leading web technology company, as well as both of its subsidiaries, from where millions of customers around the world have purchased domain names for their websites.
The world's top domain registrars Web.com, Network Solutions, and Register.com disclosed a security breach that may have resulted in the theft of customers' account |
Data Breach
Guideline
|
|
|
|
2019-10-31 01:08:58 |
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty (lien direct) |
Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016.
In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate |
Guideline
|
Uber
|
|
|
2019-10-31 00:53:58 |
5 Places Where Hackers Are Stealthily Stealing Your Data In 2019 (lien direct) |
Skyrocketing data breaches bring incalculable losses to organizations and can cost cybersecurity executives their jobs.
Here we examine the top five places in 2019 where cybercriminals are stealing corporate and government data without ever getting noticed and then learn how to avoid falling victim to unscrupulous attackers.
1. Misconfigured Cloud Storage
48% of all corporate data is |
|
|
|
|
2019-10-30 12:48:59 |
Hackers Target Indian Nuclear Power Plant – Everything We Know So Far (lien direct) |
A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant.
Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam |
Malware
|
|
|
|
2019-10-29 14:16:31 |
Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users (lien direct) |
Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users.
Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service. |
|
|
|
|
2019-10-29 10:55:32 |
Mysterious malware that re-installs itself infected over 45,000 Android Phones (lien direct) |
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices.
Dubbed Xhelper, the malware has already infected more than 45,000 Android devices in just the last six months and is continuing to spread by |
Malware
|
|
|
|
2019-10-29 06:27:56 |
The Pirate Bay was recently down for over a week due to a DDoS attack (lien direct) |
It seems like the prolonged downtime and technical difficulties faced by The Pirate Bay over the past several weeks were due to a series of distributed denial of service (DDoS) attacks against the widely-popular torrent website by malicious actors.
For those unaware, The Pirate Bay was down for more than a week with most visitors displayed a Cloudflare error mentioning that a "bad gateway" is |
|
|
|
|
2019-10-29 03:38:13 |
How MSPs can become Managed Detection and Response (MDR) Providers (lien direct) |
Managed detection and response (MDR) is one of the fastest-growing segments in the cybersecurity market. ESG research from April 2019 reveals that 27% of organizations are actively pursuing an MDR project, while another 11% plan to pursue an MDR project in the future.
Cynet now enables service providers to add MDR to their portfolio and gain an important competitive advantage over |
|
|
|
|
2019-10-29 00:24:28 |
Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics (lien direct) |
As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers.
Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and |
Hack
|
|
|
|
2019-10-28 10:15:51 |
UniCredit Bank Suffers \'Data Incident\' Exposing 3 Million Italian Customer Records (lien direct) |
UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers.
Officially founded in 1870, UniCredit is Italy's biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 |
Guideline
|
|
|
|
2019-10-26 12:53:02 |
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers (lien direct) |
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could |
Hack
Vulnerability
|
|
|
|
2019-10-26 01:10:57 |
Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users (lien direct) |
The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service.
With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative software for |
|
|
|
|
2019-10-25 04:35:02 |
Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020 (lien direct) |
Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come.
All major United States mobile phone carriers, including AT&T, Verizon, T-Mobile, and Sprint, have joined forces to launch a |
|
|
|