What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-10 03:04:03 | North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data (lien direct) | The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media |
Malware Medical | APT 38 | |
|
2019-05-09 14:46:03 | U.S. Charges Chinese Hacker For 2015 Anthem Data Breach (lien direct) | The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies.
Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases-Deniel Jack, Kim Young, and Zhou Zhihong-are charged with four |
Data Breach | ||
|
2019-05-08 08:47:05 | Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites (lien direct) | Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites.
While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting |
|||
|
2019-05-08 04:19:01 | Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks (lien direct) | A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide. |
Vulnerability | ||
|
2019-05-08 02:49:05 | Google Chrome to Introduce Improved Cookie Controls Against Online Tracking (lien direct) | At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser.
In an attempt to allow users to block online tracking, Google has announced two new features-Improved SameSite Cookies and Fingerprinting Protection-that will be previewed by Google in the Chrome web |
|||
|
2019-05-08 01:08:01 | Baltimore City Shuts Down Most of Its Servers After Ransomware Attack (lien direct) | For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution.
Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in |
Ransomware | ||
|
2019-05-07 22:53:02 | Binance Hacked - Hackers Stole Over $40 Million Worth Of Bitcoin (lien direct) | Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.
In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 |
Hack | ||
|
2019-05-07 11:56:04 | Cynet\'s Free Incident Response Tool - Stop Active Attacks With Greater Visibility (lien direct) | The saying that there are two types of organizations, those that have gotten breached and those who have but just don't know it yet, has never been more relevant, making the sound incident response a required capability in any organization's security stack.
To assist in this critical mission, Cynet is launching a free IR tool offering, applicable to both IR service providers in need of a |
Tool | ||
|
2019-05-07 04:12:01 | Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2 (lien direct) | Yes, you heard me right. Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer. No, that doesn't mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house custom built Linux kernel later this year starting with the Windows 10 Insider builds. | |||
|
2019-05-07 01:41:01 | Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them (lien direct) | In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them.
According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye, was using the |
APT 3 | ||
|
2019-05-06 12:37:03 | Popular Online Tutoring Marketplace \'Wyzant\' Suffers Data Breach (lien direct) | Wyzant-an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects-has suffered a data breach exposing "certain personal identification information" for its customers.
The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals an unknown |
Data Breach | ||
|
2019-05-06 03:56:01 | Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers (lien direct) | The Israel Defense Force (IDF) claims to have neutralized an "attempted" cyber attack by launching airstrikes on a building in Gaza Strip from where it says the attack was originated.
As shown in a video tweeted by IDF, the building in the Gaza Strip, which Israeli fighter drones have now destroyed, was reportedly the headquarters for Palestinian Hamas military intelligence, from where a cyber |
|||
|
2019-05-03 12:30:02 | Europol Shuts Down Two Major Illegal \'Dark Web\' Trading Platforms (lien direct) | Europol announced the shut down of two prolific dark web marketplaces-Wall Street Market and Silkkitie (also known as Valhalla)-in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods.
Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the world's |
|||
|
2019-05-02 03:13:00 | Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking (lien direct) | If you use a Dell computer, then beware - hackers could compromise your system remotely.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer |
Vulnerability | ||
|
2019-05-02 00:45:03 | Google Adds New Option to \'Auto-Delete\' Your Location History and Activity Data (lien direct) | Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data.
Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time.
Google's Location History feature, if |
|||
|
2019-05-01 05:47:03 | WikiLeaks\' Julian Assange Sentenced to 50 Weeks in UK Jail (lien direct) | WikiLeaks founder Julian Assange has been sentenced to 50 weeks-for almost a year-in prison by a London court for breaching his bail conditions in 2012 and taking refuge in the Ecuadorian embassy for nearly 7 years.
The 47-year-old Assange was arrested last month by London's Metropolitan Police Service after the Ecuadorian government suddenly withdrew his political asylum.
Within hours of his |
|||
|
2019-05-01 01:51:01 | DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days (lien direct) | In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations.
The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found |
|||
|
2019-05-01 00:31:02 | Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (lien direct) | Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a |
Ransomware Vulnerability | ||
|
2019-04-30 10:28:03 | Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks (lien direct) | A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.
The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, |
|||
|
2019-04-30 02:04:05 | Rapidly Growing Electrum Botnet Infects Over 152,000 Users; Steals $4.6 Million (lien direct) | An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million.
Electrum has been facing cyber attacks since December last year when a team of cybercriminals exploited a weakness in the Electrum |
|||
|
2019-04-30 00:07:03 | Unprotected Database Exposes Personal Info of 80 Million American Households (lien direct) | A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households-nearly 65 percent of the total number of American households.
Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, |
Guideline | ||
|
2019-04-27 03:39:00 | New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches (lien direct) | Facebook has a lot of problems, then there are a lot of problems for Facebook-and both are not going to end anytime sooner.
Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users |
★★★★ | ||
|
2019-04-26 04:37:03 | Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company-called "Plugin Vulnerabilities"-that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once |
Vulnerability | ★★★★★ | |
|
2019-04-25 08:00:00 | \'Highly Critical\' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic (lien direct) | A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild.
Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services |
Vulnerability | ★★★ | |
|
2019-04-24 23:49:04 | Facebook Could Be Fined Up To $5 Billion Over Privacy Violations (lien direct) | Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies-that's about one month's revenue for the social media giant.
To be clear the amount of fine is not what the FTC has announced or hinted yet; instead, it's an estimated due that Facebook disclosed on Wednesday in its first quarter 2019 |
|||
|
2019-04-24 07:47:02 | Congress Asks Google 10 Questions On Its Location Tracking Database (lien direct) | U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that's reportedly being used by law enforcement agencies to solve crime cases.
Last week, we reported a story based upon NY Times findings that revealed how using a "geofence" warrant, authorities obtain location history of all devices from Google's Sensorvault database |
|||
|
2019-04-24 00:30:05 | \'Karkoff\' Is the New \'DNSpionage\' With Selective Targeting Strategy (lien direct) | The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware.
First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims' computers with DNSpionage-a custom remote administrative |
Malware | ||
|
2019-04-23 12:23:00 | Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress (lien direct) | Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin.
The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social |
|||
|
2019-04-23 01:20:05 | Source Code for CARBANAK Banking Malware Found On VirusTotal (lien direct) | Security researchers have discovered the full source code of the Carbanak malware-yes, this time it's for real.
Carbanak-sometimes referred as FIN7, Anunak or Cobalt-is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks against banks, financial institutions, hospitals, and restaurants.
In July last year, there was a |
Malware | ||
|
2019-04-19 08:35:05 | Hacker Breaks Into French Government\'s New Secure Messaging App (lien direct) | A white-hat hacker found a way to get into the French government's newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities.
Dubbed "Tchap," the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials, |
|||
|
2019-04-18 12:29:05 | Facebook Stored Millions of Instagram Users\' Passwords in Plaintext (lien direct) | Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well.
Now it appears that the incident is far worse than first reported.
Facebook today quietly updated its March press release, adding that the actual number of |
|||
|
2019-04-18 04:00:02 | Facebook Collected Contacts from 1.5 Million Email Accounts Without Users\' Permission (lien direct) | Not a week goes without a new Facebook blunder.
Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity?
At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts.
Now it turns |
|||
|
2019-04-17 14:51:00 | Drupal Releases Core CMS Updates to Patch Several Vulnerabilities (lien direct) | Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites.
According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in |
|||
|
2019-04-17 13:16:01 | Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform (lien direct) | A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft's Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system.
Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen, allowing users to continuously |
|||
|
2019-04-17 01:47:04 | Over 100 Million JustDial Users\' Personal Data Found Exposed On the Internet (lien direct) | An unprotected database belonging to JustDial, India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The Hacker News has learned and independently verified.
Founded over two decades ago, JustDial (JD) is the |
|||
|
2019-04-16 05:05:03 | Google Makes it Tough for Rogue App Developers Get Back on Android Play Store (lien direct) | Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store.
Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe |
Malware | ||
|
2019-04-16 01:45:05 | Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered (lien direct) | A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products.
While the rootkit malware-dubbed Scranos-which was first discovered late last year, still appears to be a work in progress, it is |
Malware | ||
|
2019-04-15 05:06:03 | Google Helps Police Identify Devices Close to Crime Scenes Using Location Data (lien direct) | It's no secret that Google tracks you everywhere, even when you keep Google's Location History feature disabled.
As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude.
According to Google, the company uses this location-tracking |
|||
|
2019-04-13 12:19:02 | Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts (lien direct) | If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News.
Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. |
|||
|
2019-04-12 10:54:02 | Russia Fines Facebook $47 Over Citizens\' Data Privacy Dispute (lien direct) | Yes, you read that right!
Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law.
It's bizarre and unbelievable, but true.
In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that |
|||
|
2019-04-12 07:11:03 | Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack (lien direct) | Matrix-the organization behind an open source project that offers a protocol for secure and decentralized real-time communication-has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data.
Hackers defaced Matrix's website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the |
|||
|
2019-04-11 08:50:05 | Popular Video Editing Software Website Hacked to Spread Banking Trojan (lien direct) | If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.
The official website of the VSDC software - one of the most popular, free video editing and converting app with over 1.3 million monthly visitors - was hacked, unfortunately once |
|||
|
2019-04-11 07:03:03 | WikiLeaks Founder Julian Assange Arrested After Ecuador Withdraws Asylum (lien direct) | WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London-that's almost seven years after he took refuge in the embassy to avoid extradition to Sweden over a sexual assault case.
According to a short note released by London's Metropolitan Police Service, Assange was arrested immediately after the Ecuadorian government today withdraws his political asylum.
Assange |
|||
|
2019-04-10 11:51:05 | Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password (lien direct) | 🔥 Breaking - It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced |
|||
|
2019-04-10 01:20:00 | Sophisticated \'TajMahal APT Framework\' Remained Undetected for 5 Years (lien direct) | Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years-but remained undetected until recently.
Dubbed TajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malware toolkit that not only supports a vast number of malicious plugins for distinct espionage |
Malware | ||
|
2019-04-09 11:15:01 | Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products (lien direct) | Good morning readers, it's Patch Tuesday again-the day of the month when Adobe and Microsoft release security patches for their software.
Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player.
According to an advisory, Adobe Acrobat and Reader |
|||
|
2019-04-09 11:01:02 | (Déjà vu) Microsoft Releases April 2019 Security Updates - Two Flaws Under Active Attack (lien direct) | Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity.
April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, . |
|||
|
2019-04-09 06:17:05 | Researcher Reveals Multiple Flaws in Verizon Fios Routers - PoC Released (lien direct) | A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.
Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable |
|||
|
2019-04-09 00:19:04 | \'Exodus\' Surveillance Malware Found Targeting Apple iOS Users (lien direct) | Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store.
Dubbed Exodus, as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year. |
Malware | ||
|
2019-04-08 11:39:03 | Microsoft Releases First Preview Builds of Chromium-based Edge Browser (lien direct) | Microsoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser.
However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds |
To see everything:
Our RSS (filtrered)
