What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-08-26 23:06:04 | Apple Releases iOS 12.4.1 Emergency Update to Patch \'Jailbreak\' Flaw (lien direct) | Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently - did I confuse you?
Let's try it again...
Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update.
For those unaware, |
|||
|
2019-08-26 04:41:05 | Hostinger Suffers Data Breach – Resets Password For 14 Million Users (lien direct) | Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure.
In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers and gained access to "hashed passwords and other non-financial data" associated with its millions of |
Data Breach | ||
|
2019-08-26 04:01:03 | Binance Confirms Hacker Obtained Its Users\' KYC Data from 3rd-Party Vendor (lien direct) | As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed.
For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a "Potential KYC leak" earlier this month, with an unknown hacker distributing |
|||
|
2019-08-23 11:57:03 | Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims (lien direct) | A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims.
Grant West, a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold |
|||
|
2019-08-23 00:55:04 | Google Proposes \'Privacy Sandbox\' to Develop Privacy-Focused Ads (lien direct) | Google today announced a new initiative-called Privacy Sandbox-in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements.
A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their primary source of funding to |
|||
|
2019-08-21 03:52:02 | Google and Mozilla Block Kazakhstan\'s Root CA Certificates to Prevent Spying (lien direct) | In a move to protect its users based in Kazakhstan from government surveillance, Google and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software.
Starting today, Firefox and Chrome users in Kazakhstan will see an error message stating that the certificate should not be trusted when attempting to access |
|||
|
2019-08-21 00:03:02 | Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics (lien direct) | Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia.
Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla |
|||
|
2019-08-20 12:29:05 | Use This Privacy Tool to View and Clear Your \'Off-Facebook Activity\' Data (lien direct) | Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations.
Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social |
Tool | ||
|
2019-08-20 05:59:01 | How Activity Logs Help WordPress Admins Better Manage Website Security (lien direct) | Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business.
If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or your customers, you need a WordPress activity log plugin.
This post explains how to use the WP |
|||
|
2019-08-20 01:40:03 | Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers (lien direct) | Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.
Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure-that surprisingly persisted into |
Vulnerability | ||
|
2019-08-16 02:19:01 | Patches for 2 Severe LibreOffice Flaws Bypassed - Update to Patch Again (lien direct) | If you are using LibreOffice, you need to update it once again.
LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities.
LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available |
|||
|
2019-08-16 00:49:02 | Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps (lien direct) | In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation.
The media has also reported several recent crimes surrounding credit card skimmers, including:
Gas pump skimmer found at a 7-Eleven in Pinellas County
Credit |
|||
|
2019-08-15 03:47:00 | Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online (lien direct) | In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads.
Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint |
|||
|
2019-08-14 09:47:01 | New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections (lien direct) | Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.
The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices |
Vulnerability | ||
|
2019-08-14 01:55:00 | 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks (lien direct) | Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX.
Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of |
|||
|
2019-08-13 11:52:01 | 4 New BlueKeep-like \'Wormable\' Windows Remote Desktop Flaws Discovered (lien direct) | If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately.
Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability.
Discovered by Microsoft's security team itself, |
|||
|
2019-08-13 09:37:04 | Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows (lien direct) | A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.
The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher |
Vulnerability | ||
|
2019-08-13 05:19:00 | Cerberus: A New Android \'Banking Malware For Rent\' Emerges (lien direct) | After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses.
Dubbed "Cerberus," the new remote access Trojan allows remote attackers to take total control over the infected Android devices and |
Malware | ||
|
2019-08-13 01:54:03 | Let Experts Do Their Job – Managed WAF by Indusface (lien direct) | WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption.
But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has |
|||
|
2019-08-13 00:57:04 | Epic Games Hit With Class Action Lawsuit Over Hacked \'Fortnite\' Accounts (lien direct) | Epic Games, the creator of the popular 'Fortnite' video game, is facing a class-action lawsuit from gamers over hacked Fortnite accounts, accusing the company of failing to maintain adequate security measures and notify users of the security breach in a timely manner.
The lawsuit, filed by 'Franklin D. Azar and Associates' in the United States District Court in North Carolina on behalf of |
|||
|
2019-08-12 10:25:01 | Android Users Can Now Log in to Google Services Using Fingerprint (lien direct) | If you're using Chrome on Android, you can now sign-in to your Google account and some of the other Google services by simply using your fingerprint, instead of typing in your password every time.
Google is rolling out a new feature, called "local user verification," that allows you to log in to both native applications and web services by registering your fingerprint or any other method |
|||
|
2019-08-12 01:25:02 | Canon DSLR Cameras Can Be Hacked With Ransomware Remotely (lien direct) | The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices.
In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage |
Ransomware Threat | ||
|
2019-08-11 04:45:03 | Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs (lien direct) | If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed.
A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware |
|||
|
2019-08-09 00:54:01 | Apple will now pay hackers up to $1 million for reporting vulnerabilities (lien direct) | Apple has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday.
One of the most attractive updates is…
Apple has enormously increased the maximum reward for its bug bounty program from $200,000 to $1 million-that's by far the biggest bug bounty offered by any major tech company for reporting |
|||
|
2019-08-08 03:27:01 | (Déjà vu) Facebook Sues Two Android App Developers for Click Injection Fraud (lien direct) | Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users' smartphones to fraudulently click on Facebook ads.
According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as "click injection |
|||
|
2019-08-07 16:00:00 | Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V (lien direct) | Remember the reverse RDP attack?
Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.
(You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP |
|||
|
2019-08-07 04:14:03 | Binance KYC Data Leak - Crypto Exchange Sets $290,000 Bounty On Blackmailer (lien direct) | Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers.
The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC information of 10,000 users if the company did not pay 300 Bitcoins-that's equivalent to almost $3.5 |
|||
|
2019-08-07 00:26:05 | KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files (lien direct) | If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's |
Vulnerability | ||
|
2019-08-06 13:23:01 | SWAPGS Attack - New Speculative Execution Flaw Affects All Modern Intel CPUs (lien direct) | A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, |
Vulnerability | ||
|
2019-08-06 11:01:00 | Pakistani Man Bribed AT&T Insiders to Plant Malware and Unlock 2 Million Phones (lien direct) | United States federal government has charged a Pakistani national for bribing employees at AT&T telecommunication company over a period of five years to help unlock more than 2 million phones and plant malware on the company's network.
Muhammad Fahd, a 34-year-old man from Pakistan, was arrested in Hong Kong last year in February at the request of the U.S. government and just extradited to the |
Malware | ||
|
2019-08-06 01:16:02 | New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking (lien direct) | A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction.
Discovered by security researchers from Tencent's Blade team, the vulnerabilities, collectively known as QualPwn, reside in the WLAN and modem firmware of Qualcomm chipsets that |
|||
|
2019-08-03 02:23:04 | Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords (lien direct) | The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.
WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using |
Hack | ||
|
2019-08-01 02:13:03 | Cisco \'Knowingly\' Sold Hackable Video Surveillance System to U.S. Government (lien direct) | Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.
It's believed to be the first payout on a 'False Claims Act' case over failure to meet cybersecurity standards.
The lawsuit began eight years ago, in the year 2011, |
|||
|
2019-07-31 03:37:01 | DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks (lien direct) | What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?
Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with |
Vulnerability | ||
|
2019-07-30 09:37:00 | Critical Flaws in \'OXID eShop\' Software Expose eCommerce Sites to Hacking (lien direct) | If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.
Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.
OXID |
|||
|
2019-07-30 04:21:04 | Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws (lien direct) | Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage.
All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich |
|||
|
2019-07-29 21:59:04 | Capital One Data Breach Affects 106 Million Customers; Hacker Arrested (lien direct) | Another week, another massive data breach.
Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada.
The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of |
Data Breach | ||
|
2019-07-29 08:44:04 | Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices (lien direct) | Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.
According to a new report Armis researchers shared with The |
|||
|
2019-07-29 01:02:03 | Viral FaceApp Unnecessarily Requests Access to Users\' Facebook Friends List (lien direct) | FaceApp-the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy-has been found collecting the list of your Facebook friends for no reason.
The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the |
|||
|
2019-07-26 11:55:00 | Judge Rules No Jail Time for WannaCry \'Killer\' Marcus Hutchins, a.k.a. MalwareTech (lien direct) | Marcus Hutchins, better known as MalwareTech, has been sentenced to "time served" and one year of supervised release for developing and selling the Kronos banking malware.
Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court.
In response to today's sentencing Hutchins said: "Sentenced to time served! Incredibly thankful for |
Wannacry | ||
|
2019-07-26 07:31:01 | Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched) (lien direct) | Are you using LibreOffice?
You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.
LibreOffice is one of the most popular and open source |
Malware Hack Vulnerability | ||
|
2019-07-26 02:56:03 | (Déjà vu) Ransomware Attack Caused Power Outages in the Biggest South African City (lien direct) | Yesterday, some residents of Johannesburg, the largest city in South Africa, were left without electricity after the city's power company got attacked by a ransomware virus.
City Power, the company responsible for powering South Africa's financial capital Johannesburg, confirmed Thursday on Twitter that it had been hit by a Ransomware virus that had encrypted all of its databases, applications |
Ransomware | ||
|
2019-07-26 01:17:00 | Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges (lien direct) | An Irish national has been jailed for six-and-a-half years for his role as one of the administrators and forum moderators who helped run now-defunct dark web marketplace "Silk Road."
Gary Davis, 31, of Wicklow, Ireland, was known as 'Libertas' on the Silk Road website, then-largest underground black marketplace on the Internet used by thousands of people to buy and sell drugs and other |
|||
|
2019-07-25 11:43:04 | Your Android Phone Can Get Hacked Just By Playing This Video (lien direct) | Are you using an Android device?
Beware! You should be more careful while playing a video on your smartphone-downloaded anywhere from the Internet or received through email.
That's because, a specially crafted innocuous-looking video file can compromise your Android smartphone-thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS |
Vulnerability | ||
|
2019-07-25 06:45:04 | Popular Malware Families Using \'Process Doppelgänging\' to Evade Detection (lien direct) | The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed.
Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and |
Malware | ||
|
2019-07-25 02:38:03 | Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List (lien direct) | Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote |
Malware Vulnerability | ||
|
2019-07-25 00:16:01 | New Android Spyware Created by Russian Defense Contractor Found in the Wild (lien direct) | Cybersecurity researchers have uncovered a new piece of mobile surveillance malware believed to be developed by a Russian defense contractor that has been sanctioned for interfering with the 2016 U.S. presidential election.
Dubbed Monokle, the mobile remote-access trojan has been actively targeting Android phones since at least March 2016 and is primarily being used in highly targeted attacks on |
Malware | ||
|
2019-07-24 09:03:02 | Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years (lien direct) | The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal.
Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy |
|||
|
2019-07-24 02:28:04 | Siemens Contractor Pleads Guilty to Planting \'Logic Bomb\' in Spreadsheets (lien direct) | A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years.
David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to |
|||
|
2019-07-23 11:31:05 | A New \'Arbitrary File Copy\' Flaw Affects ProFTPD Powered FTP Servers (lien direct) | A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide.
The vulnerable software in question is ProFTPD, an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and |
Vulnerability |
To see everything:
Our RSS (filtrered)
