Cyber Security News

While hardcore cryptocurrency enthusiasts often tout blockchain for its heightened security, the technology is not perfect – and there are often tons of vulnerabilities in the code. Indeed, blockchain companies have received at least 3,000 vulnerability reports in 2018 alone. According to stats from breach disclosure platform HackerOne, blockchain companies awarded $878,504 in bug bounties to hackers this year. The data was compiled in mid-December. By contrast, the total sum of bug bounties awarded by August was $600,000. With $534,500 awarded, EOS creator Block.one accounts for more than 60 percent of all bounties handed out in 2018. Here is the top three all-time chart when it comes to bug bounty rewards (please note this includes bounties from before 2018): Block.one – $534,500 Coinbase – $290,381 TRON – $76,200 While cryptocurrency exchange desk Coinbase comes in second (with $290,381 in bug bounties), it’s been running a disclosure program since 2014. Block.one laun...

Using snippets of voices, Baidu's ‘Deep Voice’ can generate new speech, accents, and tones. With just 3.7 seconds of audio, a new AI algorithm developed by Chinese tech giant Baidu can clone a pretty believable fake voice. Much like the rapid development of machine learning software that democratized the creation of fake videos, this research shows why it's getting harder to believe any piece of media on the internet. Researchers at the tech giant unveiled their latest advancement in Deep Voice, a system developed for cloning voices. A year ago, the technology needed around 30 minutes of audio to create a new, fake audio clip. Now, it can create even better results with just a few seconds of training material. Of course, the more training samples it gets, the better the output: One-source results still sound a bit garbled, but it doesn’t sound much worse than a low-quality audio file might. The system can change a female voice to male, and a British accent to an America...

The European Union (EU) is back with a third edition of its Free and Open Source Software Audit (FOSSA) plan EU Offering Cash Bounty Incentives For Finding Security Flaws in Open Source Tools on Latest Hacking News . from Latest Hacking News http://bit.ly/2QagdRh

Within the framework of International Cooperation, the Cyber Police of Ukraine detained a group of hackers who stole and sold personal information of Users of social networks on one of the most famous in DarkNet online platform. According to published data, hackers for the last five years without problems gained access to accounts of PayPal, Amazon, eBay, WellsFargo, Suntrust, Bank of America, using specially created malicious software. Hackers sold such information as logins, passwords, personal data of Users, phone numbers, Bankcard details and other information necessary for authorization. The cost of one account averaged $ 2.5. Accounts containing the password to the victim's mailbox cost twice as much. During the year of such activity, hackers made a profit of more than $ 22 million. The victims of hackers were citizens of Ukraine, Canada, Great Britain, Spain, and France. Cyber Police officers conducted authorized searches on the territory of three regions of Ukrain...

Sitadel is a python based web application scanner. It’s flexible and has many different scanning options. It can get a Sitadel – An Open Source Tool for Finding Web Application Vulnerabilities on Latest Hacking News . from Latest Hacking News http://bit.ly/2BMVspz

BleepingComputer recently exposed a Ransomware variant called JungleSec which affects Linux servers through the IPMI (Intelligent Platform Management Interface). The threat Hackers Attack IPMI Default Passwords to Deploy Ransomware On Linux Servers on Latest Hacking News . from Latest Hacking News http://bit.ly/2BKGlgt

The scams and the fraudulent activities are increasing with each passing day in the crypto market. Recently, a phishing attack on the Electrum bitcoin wallet has so far netted hackers over 200 bitcoin worth around $750,000. The attack began on December 21, 2018. Though it has victimised some unsuspecting users, it can be avoided. While the attacks seem to have come to a halt, Electrum Devs say the hackers can launch new exploits since the issue hasn’t been permanently fixed. Electrum is a Bitcoin wallet which doesn’t require the user to download the full blockchain. Instead, servers remotely provide users with the blockchain and they access it through their wallet. It is one of the most popular Bitcoin wallet implementations and forks of it for both versions of Bitcoin Cash as well as Litecoin, Dogecoin, and Dash have been created over the years. The method used to cause the damage The hackers added the affected servers to the Electrum wallet network. Later, when any user tri...

Amazon’s highly acclaimed Security System Guardzilla has recently been in news for all the wrong reasons.  The E-Commerce giant’s proprietary Amazon’s Guardzilla Found to Have a Critical Vulnerability on Latest Hacking News . from Latest Hacking News http://bit.ly/2ETAWqs

Howard County Executive Calvin Ball's Constant Contact account was used in a phishing attempt, the county announced Monday. County officials said someone signed into the Constant Contact account at 6:30 p.m. Sunday. The unauthorized user created three phishing campaigns using the various mailing lists associated with the county executive's Constant Contact account, officials said. County officials said emails were sent to approximately 35,000 recipients, of which 4,550, or 13 percent, opened the email and under 2 percent clicked the link. No data was exported from the account, and no confidential data of recipients were stored in the Constant Contact account. County officials said Constant Contact suspended the account around 8:40 p.m. Sunday and disabled the link attached to the phishing emails. The account has been turned back online. "County Executive Ball expresses sincere apologies to those who received the email. He urges, as an extra precaution, to update ...

Kioptrix 1.0 is the first level of the Kioptrix machines CTF challenges. As you can understand this is the easiest Kioptrix 1.0 – Vulnhub CTF Challenge Walkthrough on Latest Hacking News . from Latest Hacking News http://bit.ly/2Vfg5DT

Cyberattacks in the world take place every day, rather every hour and every minute, and many of them are provocations in dirty political games. This time the attack targeted the Website of Cyberberkut after the publication of materials about how Ukraine with “Western partners” is preparing for provocations against Russia. Presumably, the publication of secret materials was the reason for a targeted cyberattack. Hackers from "Cyberberkut" published three scenarios of bloody provocations against Russia, which Ukraine's Armed Forces plan to commit. An interesting fact is that Western countries interested in the defeat of Russia directly manage and supervise the entire military and political life of Ukraine. The anonymous hacker group posted that all operations are planned in advance with a large of human victims and for the period until January 7, when the Orthodox will celebrate Christmas. The hacker Community do not disclose their sources of information. from ...

A Microsoft Edge remote code execution exploit has been published, the FTC issues Netflix phishing scam warning, a home video surveillance system allows users to access other users' videos, and BevMo suffered payment card breach on episode 191 of our daily cybersecurity podcast. Latest Hacking News Podcast #191 on Latest Hacking News . from Latest Hacking News http://bit.ly/2ESBMUj

In November 2018, the Air Force targeted its personnel at bases in Europe with spear-phishing attacks to test their awareness of potential online threats. The tests were coordinated with Air Force leaders in Europe and employed tactics known to be used by adversaries targeting the US and its partners, the Air Force said in a release. The U.S. national security planners are proposing that the 21st century's critical infrastructure - power grids, communications, water utilities, financial networks- be similarly shielded from cyber marauders and other foes. Spear-phishing, which targets specific users, has already been used in the real world with profound effects. Spear-phishing differs from normal phishing attempts in that it targets specific accounts and attempts to mimic trusted sources. Spear-phishing is a "persistent threat" to network integrity, Col. Anthony Thomas, head of Air Force Cyber Operations, said in the release. "Even one user falling for a s...

Cybercriminals are stealing personal information of American children from hospitals and pediatricians, and selling it on different dark web markets. The compromised information on sale includes children's names, addresses, phone numbers, dates of birth, and Social Security Numbers. According to the Motherboard reports, the researchers found out that the hackers are targeting children born between 2000 and 2010. The amount for which the information is being sold varies with a bundle of sets, for individual set you have to pay $10, and for a bundle of set you can get it at $490 or sometimes have to pay as high as $790, it rates depends on the platform it is being sold. Cybersecurity firm Terbium Labs's Vice President of research wing, Emily Wilson,  informed the Motherboard about the scam.  However, most of the stolen information is already available on the various popular dark web market under an advertisement titled “USA KIDS FULLZ”. “For very young children it...

Winpayloads is a python based tool which combines some of the Powershell Empire features along with the metasploit framework to Winpayloads – An Open Source Tool for Generating Windows Payloads on Latest Hacking News . from Latest Hacking News http://bit.ly/2EOZf90

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system. Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier). The vulnerability (CVE-2018-7800) is one of three fixes issued by Schneider last week (PDF) impacting the electric charging stations. The company also issued warnings and fixes for a code injection vulnerability (CVE-2018-7801) and SQL injection bug (CVE-2018-7802). The code injection bug is rated high (CVSS 8.8) and “could enable access with maximum privileges when a remote code execution is performed,” according to the security bulletin. The SQL Injection vulnerability “could give access to the web interface with full privileges,” the company said of the bug rated medium (CVSS...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: India Today Wherever the internet is, cyber crooks are there. With almost everyone in every family having a laptop, tablet or at least a smartphone, playing online games is a quite common pastime. Innovative cyber fraudsters are now targeting online gamers by way of cheating, cyber bullying, sharing inappropriate content and so on. With more children getting access to the internet and playing online games on mobiles, consoles, computers, portable gaming devices and social networks too, young minds are where the fraudsters see their pastures. According to Cyber Dost, the recently released cyber security booklet by the Ministry of Home Affairs says that online games can be fun but they also bring associated risks with crores of players playing online at any given point of time. +++ On the risks, Cyber ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: Dialy Pioneer Prime Minister Narendra Modi on Sunday launched the website of the Cyber Coordination Centre as a one-stop shop on all cyber related issues, whether it is cyber crime or cyber security. The portal launched at the conclusion of the DGPs conference would also act as a bridge between law enforcement agencies on the one hand, and academia and private cyber security professionals on the other. The PM also announced the institution of a new national honour for National Unity on the pattern of Padma Awards, the Government said in a statement. The annual award would be given to any Indian who has contributed to national unity in any manner, it said, adding that the PM drew inspiration from iconic Congress leader Sardar Patel’s contribution towards unification of the country. The three-day Confe...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: ABC News With cyber threats becoming more lethal by the day, experts call for automated responses to ward off cyber attacks in organisations. The IT departments in corporates and organisations need to keep tabs on cyber-criminals, who launch stealth attacks on their networks to find weak links. “The focus can no longer be on protection and detection, but also intelligent and automated response to isolate an attack moving through the network,” said Ross McKercher, Chief Information Security Officer of cyber security solutions firm Sophos. With improvement in endpoint protection, cyber-criminals have started looking for alternative weak or vulnerable entry points, in order to sneak into systems and networks. Engineering skills He argues that IT departments will need more development and engineering sk...

One of Stoke-on-Trent's best-known companies has fallen victim to a 'heinous' cyber attack which left its workers fearing they would not be paid on time. A pottery firm has been targeted by cyber criminals in an attack, encrypting its servers to cause “maximum disruption” to its payroll systems extorting money from the business. Company bosses wrote to all hourly-paid staff following Saturday's attack and warned them that they may not be paid this week. However, Steelite International, Stoke-on-Trent, said the IT team rebuilt its servers just in time to ensure staff would still receive their weekly wages, BBC News reported. The firm said its IT team noticed suspicious activity and began to address it when a ransom request came through from the hacker. During the attack, a hacker from a remote computer outside of the UK infiltrated a weakness in the company's system and began encrypting key files, Jon Cameron, group finance director, said. The hacker deman...

Personal information of over half a million students, teachers, staff members, and parents might have been exposed in a data breach incident that shook California's second-largest school district. An official from the San Diego Unified School District (SDUSD) has sent a message to everyone one is affiliated with the school, informing them about a breach.  The data that could have been compromised include social security numbers, birth dates, and payroll, benefits. The breach was first discovered more than two months ago.  According to the preliminary investigation report, it is thought that data breach happened through a phishing attack, in which an unauthorized user accessed data from as far back as the 2008-2009 school year. It is believed that the hack may have also affected 50 district employees.  “We sincerely regret that, after completing a thorough forensic investigation, we have reason to believe personal data may have been compromised through the acce...

The Crime Branch received a complaint from some people that a representative of a company, GainBitcoin, approached them and asked them to invest their Bitcoins in the company, promising a 180% return in 18 months. On Saturday, a case was filed against the private firm in Jammu & Kashmir for allegedly duping people of their bitcoins worth lakhs of rupee. The people were asked to invest the cryptocurrency they had in the company, so that they could fraudulently grab their hard earned money, a CBI spokesperson said. An initial investigation revealed that the complainants, as advised by the firm, opened a digital wallet account and credited the amount asked. During the course of an enquiry, it came to fore that complainants had purchased bitcoins from ZEBPAY by investing their hard earned money. Thereafter one Manjeet Singh Saho representative of Gainbitcoin induced them to invest their Bitcoins in the said company with the assurance that the company will return 1.8 Bitcoins in l...

Hollywood actress Hayley Atwell is the latest victim of nude picture leak onto an X-rated website, hackers are threatening her to release some more.  The 36-year-old  actress is apparently shown in a nude "selfie" which was downloaded onto a website which claims to "specializes in explicit celebrity leaks.' According to The Sun On Sunday, the hackers captioned the leaked nude image: "Busty British actress Hayley Atwell appears to have just had the nude photo above leaked to the Web as part of a preview for the upcoming leaking of her full set." The publication cites ‘other comments on the sick site are too graphic to print’. A close source told The Daily Star: ‘This is a nightmare for Hayley.' ‘In recent years she has hit the big time in Hollywood, so this is the last thing she will have wanted to happen.’ This is not the first time when private pictures of Hollywood actors and actresses have been leaked and featured on an X-rated websit...

Latest Hacking News Podcast interview with Karl Sigler, Security Research Manager for Trustwave SpiderLabs, regarding Trustwave's recent disclosure of a Zero-Day vulnerability impacting IBM Trusteer Rapport for MacOS. Latest Hacking News Podcast #190 – Interview with Karl Sigler of Trustwave on Latest Hacking News . from Latest Hacking News http://bit.ly/2BARksD

Scammers are out with phishing and malspam campaigns in this last-minute rush to make the Christmas deadline. A new campaign that pretends to be a legitimate email from Amazon or Apple about the order confirmation is hitting hard the shoppers around the world. The malspam campaign was discovered by an email security company EdgeWave. The fake order confirmations are being sent through emails with subject lines that include "Your Amazon.com order", "Amazon order details", and "Your order 162-2672000-0034071 has shipped". Once you click on the email, it will show you an order confirmation of your item and says that it has been shipped, but without any details of the ordered item or its tracking information. To see more information you have to click on order details button. After clicking on the order button, it downloads Word document named order_details.doc. Once the file is opened, it will tell you to Enable Content in order to properly vie...

Cmsmap is a python based CMS scanner for automating the process of vulnerability assessment in most popular CMS’s. It can CMSmap – An Open Source CMS Scanner on Latest Hacking News . from Latest Hacking News http://bit.ly/2LBIbF2

The UK government’s Justice Department and its allies are holding responsible two Chinese of wide hacking. This is first time UK has publicly named elements of Chinese government as being responsible for cyber campaign of industrial espionage through cyberwarfare. The accused Chinese nationals have been identified as Zhu Hua and Zhang Shilong. They have allegedly infiltrated 45 US companies and government agencies, as well as other firms in more than a dozen countries. China urges US to withdraw prosecution of its citizens. Along with its allies, the UK has announced that a group known as APT 10 acted on behalf of the Chinese Ministry of State Security to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data from dozens of companies in Europe, Asia and the US. US Attorney General Rod Rosenstein discussed hacking charges against Chinese nationals. The National Cyber Security Centre (NCSC) assessed that the hacking group almost cer...

Facebook has confessed that they gave access to millions of users private messages, and other sensitive information to big companies like Microsoft, Spotify, and Netflix, but denies doing it without consent. The company responded to an investigative report in  New York Times that alleged Facebook of breaching the trust of users by sharing their messages and personal informations to other big companies. The company wrote in a blog post: "Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner's messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify's desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person's messages in order to power this type of feature." According to the Times report, citing hundreds of Facebook internal documents and interviewing   more than 50 former emplo...

What was a theoretical possibility became a reality on Friday as the government authorised 10 central agencies, including the Intelligence Bureau, the Narcotics Control Bureau, the Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, Cabinet Secretariat (R&AW), Directorate of Signal Intelligence (For service areas of Jammu & Kashmir, North-East and Assam only) and Commissioner of Police, Delhi to intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer in the country. The order to the effect was issued by the Ministry of Home Affairs on December 20. The ministry has vested the authority on the agencies under Section 69 (1) of the Information Technology Act, 2000 and Rule 4 of the Information Technology Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 which says that the centra...

Many times when you want to perform an exploitation to a windows target, you need a payload that is undetectable Avet – Open Source Tool for Anti-Virus Evasion on Latest Hacking News . from Latest Hacking News http://bit.ly/2EIQluv

Hackers from the Digital Revolution group reported about hacking the server of the research institute "Kvant" owned by the FSB. In the server, they found a document containing a description of a system for analyzing publications in social networks. We are talking about the neural network algorithm, which tracks publications in popular social networks in Russia such as Facebook, VKontakte, Odnoklassniki and Instagram. Its goal is to track public opinion and search for protest moods. In short, the search should be performed using neural networks. It’s interesting that among the stop words is the name of Alexei Navalny (Russian politician). “Guess the stop word in the Kremlin's Internet monitoring system with three times,” Navalny himself responded to this news. According to the document, the system can explore “extreme virtual groups” in social networks, for example, the community “Putin go away”, look for violations of the laws, and also deal with information s...

Interview with Nadir Izreal and Michael Parker of Armis on their discovery of the BLEEDINGBIT vulnerabilities. Latest Hacking News Podcast #189 – Interview with Nadir Izrael and Michael Parker of Armis on Latest Hacking News . from Latest Hacking News http://bit.ly/2ByNfVU

When it is about memes, people usually download them right away on their devices to share further. Posting memes on Hackers Exploit Malware Attacks Through Twitter Memes on Latest Hacking News . from Latest Hacking News https://ift.tt/2BxKnsh

Brosec is an open source terminal based tool to help all the security professionals generate the right payloads and commands. Brosec – An Open Source Interactive Tool to Utilize Payloads and Commands on Latest Hacking News . from Latest Hacking News https://ift.tt/2rMvUnX

Continuing the trail of data breaches, now NASA joins the list. NASA confirmed the data breach to its employees since NASA Confirmed Data Breach After an Internal Server Was Hacked on Latest Hacking News . from Latest Hacking News https://ift.tt/2CpTgpO

Microsoft issues emergency patch for Internet Explorer, attack campaign uses tried-and-true tricks, and Click2Gov breaches continue despite patch on episode Latest Hacking News Podcast #188 on Latest Hacking News . from Latest Hacking News https://ift.tt/2rJ3OKk

On December 12, elections of Deputies of Youth Parliament in the Saratov region were held, during which the system of online voting Polys was used. This is one of the projects of Kaspersky Lab. In total, more than 40 thousand voters took part in the elections, which made them the largest in the history of online voting using blockchain technology. It was possible to vote on personal mobile or on special devices installed at 110 polling stations. The average voter turnout was 36% (14,932 people). According to the Head of the Polys project, Roman Aleshkin, the project has a lot of advantages. The main thing is that cheating of votes and falsification of election results are excluded due to the blockchain. In addition, the votes are encrypted. It is impossible to find out who voted for whom. Even the organizer of the vote or the hacker will not be able to get this information. The Chairman of the Youth Election Commission of the Saratov region Victoria Belikova noted that Polys ha...

Twitter has recently reported a suspected State-sponsored attack through its contact form, possibly connected with Saudi Arabia and China. Although Twitter Suspects China & Saudi Arabia Over Recent Hack on Latest Hacking News . from Latest Hacking News https://ift.tt/2Cme0yC

A real-estate agent in Arizona was stun when he heard a voice addressing him directly was coming from his Nest security camera. Andy Gregg was in his backyard when he noticed that an unrecognizable is addressing him, at first he thought that someone had broken into his home. However, the man speaking to him claimed that he was  "white hat hacker" in Canada.  He told him that his private information had been compromised Gregg recorded the whole conversation with him. The hacker said that although he could not see images of him through the camera, it's not very difficult to do so. "I'm really sorry if I startled you or anything. I realize this is super unprofessional, and I'm sorry that it's a little late in the day to do this," audio recording of the interaction provided by Gregg to The Arizona Republic/azcentral. “We don’t have any malicious intent, but I’m just here to kind of let you know so that no one else, like any black-hat hackers,...

NASA reveals a data breach that compromised staff social security numbers and Trend Micro warns that HolaVPN is unsafe on episode 187 of our daily cybersecurity podcast. Latest Hacking News Podcast #187 on Latest Hacking News . from Latest Hacking News https://ift.tt/2Cmthzi

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targe...

In a recent disclosure, Arne Schoenbohm, who heads Germany’s Federal Office of Information Security (BSI), made an alarming revelation.  According No Proof Against Huawei Says BSI Chief on Latest Hacking News . from Latest Hacking News https://ift.tt/2R8xUp6

SpiderFoot- An Open Source Intelligence (OSINT) Automation Tool Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person's name. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you. What is SpiderFoot? SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other. What is OSINT? OSINT (Open Source Intelligence) is data available in the public domain which mi...

Researchers found out that hackers have come up with an interesting and unique way to spread a malware. They are now using internet memes for communicating with malware for various malicious operations.    A hacker has been found using the "What if I told you" meme on Twitter to grab screenshots from an infected Windows PCs, according to researchers at security firm Trend Micro. The memes containing the malware would appear same as an ordinary digital image, but it contains commands in the file's metadata which is hidden.  "The messages used for this malware are very small (typically one word) meaning that they can be hidden between the metadata and actual pixel layout without changing the image itself," Nunnikhoven said in an email interview with PCMag.  The hackers used a technique called steganography, which conceals messages in nontext files such as images or video. It is one of the best methods to sneak malicious code onto someone's computer...

New malware pulls commands from memes on Twitter, yet another Twitter bug, and Signal can't comply with new Australian encryption law on episode 186 of our daily cybersecurity podcast. Latest Hacking News Podcast #186 on Latest Hacking News . from Latest Hacking News https://ift.tt/2QEYqH8

The founder of the hacker group "Humpty Dumpty"( Shaltai-Boltai) Vladimir Anikeev creates a consulting company that will deal with information security. "Humpty Dumpty" hacked the correspondence of famous people, partially published it in their blog and sold to interested parties. In 2016, the leader of the group Anikeev was sentenced to two years because he pleaded guilty and testified against his accomplices. In August of this year, he was released. Now Anikeev will be a co-owner of the consulting company. He keeps in secret names of his partners and the volume of investments. Anikeev said that the company will protect against hacking on several levels. They don't plan to release its software — it is too expensive. In addition, Anikeev decided to launch several anonymous Telegram channels, but he won't "publish anything illegal." It is important to note that market participants are skeptical of hackers who start working in companies en...

Facebook has revealed that the latest security lapse has exposed the photos of 6.8 million users, including the pictures which were not even posted on the website.  The security bug gave permission to up to 1,500 third-party apps to access the personal photos of the users, from September 13 to September 25, 2018. However, the company says that the bug has been fixed. “Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” the company said in a blog post. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.” Meanwhile, the company will notify all its affected users. “We're sorry this happened,” he added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app...

Cryptojacking, the unauthorized use of another’s hardware to mine cryptocurrency, has become the biggest cyber threat in many parts of the world, Bloomberg reported December 14. According to research from cyber security research firm Kaspersky Lab, cryptojacking overtook ransomware as the biggest cybersecurity threat particularly in the Middle East, Turkey, and Africa. In Afghanistan and Ethiopia over one out of four detected malware are cryptocurrency miners, according to Kaspersky’s data. As cited by the Bloomberg, Kaspersky’s research “shows crypto mining attacks have risen almost fourfold in the region, from 3.5 million in 2017 to 13 million this year.” The cybersecurity firm reportedly also claimed that cryptojacking incidents are “likely to continue given the increased use of digital currencies.” A report released by Kaspersky in November declares that the reason for the rise of cryptojacking malware compared to ransomware may “be due to the fact that people from developi...

Facebook Twitter Google+ LinkedIn As the IT environment becomes increasingly complex and risk-prone, it is unsurprising that enterprises are choosing to outsource their IT management to the cloud. After all, managed service providers (MSPs) are staffed with the top technical minds, have access to enterprise-grade security tools and can even save the company a lot of money when compared to the overhead of a fully staffed IT team. However, that doesn’t mean that a company can neglect its responsibility for data security. On the contrary, great care should be taken when sharing data with any third party because the wrong choice can easily lead to sensitive information ending up in the wrong hands. MSPs come in many guises and this article looks at six of the most common outsourced services and where the risks lie. Patching and Updating Server Software – Server Management Outsourcing server management is popular due to the complexity of monitoring and maintaining server software...