Cyber Security News

ARPwner is a GUI based tool that can perform tasks like ARP and DNS spoofing. Through ARP and DNS spoofing, ARPwner – A GUI Based ARP and DNS Spoofing Tool on Latest Hacking News . from Latest Hacking News https://ift.tt/2PszygP

A router vulnerability that was  disclosed  4-years ago has returned, now affecting medical devices. The vulnerability has been given a Four Year Old Flaw Returns, Now Affecting Medical Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/2N7Di9C

I’m learning Python and I decided to create a repository where I could put Python script samples with standard Python syntax, structures and statements examples just to be able to quickly recap how to use this or that feature of the language. Here is what I’ve got . This is a  collection of Python scripts  that are split by  topics  and contain code examples with explanations, different use cases and links to further readings. It is a  playground  because you may change or add the code to see how it works and  test it out  using assertions. It also allows you to  lint the code you’ve wrote and check if it fits to Python code style guide. Altogether it might make your learning process to be more interactive and it might help you to keep code quality pretty high from very beginning. It is a  cheatsheet  because you may get back to these code examples once you want to recap the syntax of  standard Python statements and co...

Proof-Of-Concept code has been published for Intel Managment Engine JTAG by a group of security researchers who have since also Vulnerability Exploit Code POC Published for Intel Chipset Vulnerability on Latest Hacking News . from Latest Hacking News https://ift.tt/2MCzzBA

Cybersecurity news including massive malware campaign skimming card data from Magento stores, Cobalt Group/FIN7 targeting Russia and Romania banks and Firefox to block trackers by default on the Latest Hacking News Podcast. Latest Hacking News Podcast #111 on Latest Hacking News . from Latest Hacking News https://ift.tt/2LHh0GY

Newly discovered Loki Bot Malware is spreading as a .iso extension that targets Corporate network and applications to steal passwords from Browsers, Messaging Applications, Mail & FTP Clients. Recently it was observed by Kaspersky researchers that the malware is mainly targeting corporate networks around the world and gaining a large amount of sensitive information. Loki Bot Malware is also capable of stealing cryptocurrency wallets and is sharing the stolen data into attacker via its Command & Control server. Hackers are using email as a primary malware distribution medium that contains an attachment with a .iso extension. ISO images are copies of optical discs that can be mounted in a virtual CD/DVD drive to be used in the same way as the originals. Air Canada is also forcing all users of its Mobile+ app to change their passwords after hackers managed to access the profile information, including names, email addresses, birth dates and passport details of some cust...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: FOX During the final months of the Clinton email investigation, FBI agent Peter Strzok was advised of an irregularity in the metadata of Hillary Clinton’s server that suggested a possible breach, but there was no significant follow up, according to two sources with knowledge of the matter. Sources told Fox News that Strzok, who sent anti-Trump text messages that got him removed from the ongoing Special Counsel Robert Mueller’s Russia probe, was told about the metadata anomaly in 2016, but Strzok did not support a formal damage assessment. One source said: “Nothing happened.” Fox News is told the Justice Department Inspector General, Michael E. Horowitz, is aware of the allegations. According to intelligence community directive 732, damage assessments are done “in response to unauthorized disclosure ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: BBC At the time, Jennifer Lawrence known as the hack an identical to a intercourse crime A person who hacked into the Apple iCloud accounts of Hollywood stars, together with Jennifer Lawrence, has been sentenced to 8 months in jail in the United States. The infamous Celebgate hack ended in nude footage and movies of Lawrence and different celebrities stolen and posted on-line. George Garofano was once one among 4 other people charged within the 2014 hacking scandal. Three others have already been sentenced to phrases of between 9 and 18 months in jail. Garofano, elderly 26, had admitted getting access to usernames and passwords via sending out emails by which he posed as a member of Apple’s safety staff. Other sufferers integrated Kirsten Dunst and Kate Upton in addition to abnormal participa...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: BBC New York City was briefly renamed “Jewtropolis” in mapping software used by social media site Snapchat and others. The company called it an act of “vandalism” and said it worked with its partner Mapbox to “get this fixed immediately”. In a statement, Snap said the defacement was “deeply offensive”. Mapbox called it an act of “hate speech” but added that the issue had been resolved “within an hour”. “Our team deleted and removed that information,” the firm said in a blogpost. It added that the “malicious edit” was made by an unnamed source that attempted “several other hateful edits” which were not successful. The firm explained that its AI system flags more than 7,000 map changes a day, which are sent for human review. A “human error” in the manual part of the review process led to the i...

Advertising through emails has long been a successful marketing strategy. Everyone who has an email address will know what it Yahoo And AOL Read Your Emails To Collect Data For Targeted Ads on Latest Hacking News . from Latest Hacking News https://ift.tt/2wtLoA3

A rootkit called CEIDPageLock is being distributed using an exploit kit in recent weeks and it was first discovered in RIG Exploit Kit Malware Is Hijacking Users Browser Sessions on Latest Hacking News . from Latest Hacking News https://ift.tt/2wAcKnr

TIDoS framework is a python based toolkit that performs a comprehensive audit of the web applications. The toolkit is packed TIDoS – Open Source Reconnaissance and Web Application Audit Framework on Latest Hacking News . from Latest Hacking News https://ift.tt/2NxCyYB

Vba2Graph: A tool for security researchers to Analysis of Malware. Allows for quick analysis of malicious macros, and easy understanding of the execution flow. It Generates a VBA call graph for easier analysis of malicious documents., developed by @MalwareCantFly Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with "_Change" execution triggers Fancy color schemes Pros     ✓ Pretty fast     ✓ Works well on most malicious macros observed in the wild Cons     ✗ Static (dynamicaly resolved calls would not be recognized) Examples Example 1: Trickbot downloader - utilizes object Resize event as initial trigger, followed by TextBox_Change triggers. Example 2: Installation Install oletools: https://ift.tt/2nSvoRX Install Python Requirements pip install -r requirements.txt Install Graphviz For Windows Install Graphviz msi: https://ift.tt/2Nxach6 Add "dot.exe" to PA...

ABBYY – a Russian OCR developer and text recognition firm – has reportedly left exposed a treasure trove of scanned ABBYY Exposed Over 200,000 Scanned Documents On An Open Server on Latest Hacking News . from Latest Hacking News https://ift.tt/2Pl2UO0

After targeting various companies belonging to the telecom, financial, educational, and medical industries, hackers have now turned their attention to Air Canada Data Breach Affects 20,000 Users Of Its Mobile App on Latest Hacking News . from Latest Hacking News https://ift.tt/2wyNKgb

Air Canada breach exposes passport numbers, simple malware displays unique features and an old vulnerability still impacting medical equipment on today's Latest Hacking News Podcast. Latest Hacking News Podcast #110 on Latest Hacking News . from Latest Hacking News https://ift.tt/2MZKyVk

Sick OS is available at VulnHub. This machine is similar to ones you might see in OSCP labs. This is Sick OS 1.1 – VulnHub CTF Challenge Walkthrough on Latest Hacking News . from Latest Hacking News https://ift.tt/2LC4xEK

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits:  theregister Privilege escalation exploit, for which no patch exists, dumped on GitHub It’s not a vulnerability bad enough to force Microsoft to release an out-of-cycle patch – however, CERT/CC has just put out an alert over a newly disclosed privilege escalation bug in Windows. According to the tweet that set the hounds running, it’s a zero-day with a proof-of-concept over on GitHub: Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit. — SandboxEscaper (@SandboxEscaper) August 27, 2018 CERT/CC vulnerability analyst Will Dormann quickly verified the bug, tweeting: “I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!” ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: CBC News Air Canada says the personal information for about 20,000 customers “may potentially have been improperly accessed” via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords. The airline told customers in an email that it “recently detected unusual log‑in behaviour with Air Canada’s mobile App between Aug. 22‑24, 2018.” The company estimates about one per cent of the 1.7 million people who use the app may have been compromised. The app stores basic information such as a user’s name, email address and telephone number, all of which could have been improperly accessed. Any credit card information on file would have been encrypted and as such protected, the company says. But addi...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits:  dailymail A new report claims that a Chinese company was able to insert code into the programming for Hillary Clinton’s private email server and managed to forward her emails to a third party in real time. The claim was made by Texas GOP Rep. Louie Gohmert, who has put forward complex conspiracy theories, as well as by an anonymous former intelligence official who spoke to theDaily Caller, which reported the story. According to the report, two officials with the inspector general for the Intelligence Committee, identified as investigator Frank Rucker and lawyer Janette McMillan, warned FBI officials about the Chinese intrusion, to no avail. A former member of the IG’s office told the publication: ‘When [the ICIG] did a very deep dive, they found in the actual metadata — the data ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits:  Reuters The Bank of Spain’s website has been hit since Sunday by a cyber attack which has temporarily disrupted access to the site, a spokesman for the central bank said on Monday. The spokesman said that the attack has not had any effect on the bank’s services or its communications with the European Central Bank or other institutions and that there was no risk of a data breach. “It is a denial of service attack that intermittently affects access to our website, but it has had no effect on the normal functioning of the entity,” the spokesman said. In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to th...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits:  bcfocus news an American online travel agency, has dropped a message for its customers, letting them know about a major cyber threat that demanded a ransom of almost $10,000 in Bitcoin. The company published a  blog post  for the customers on 28th August, that said: “This past weekend we received a ransom demand, saying that if we don’t send about $10,000 in Bitcoin we can expect a social media smear campaign, engineered to damage our relationship with our followers and customers.” Breaking down the seriousness of the threat, the company stated what the hackers are trying to seek from them. The threat involved posting thousands of negative items on the company’s social media accounts, including negative ratings and replies that will create a negative image of the company in the mar...

Amidst all the chaotic data security issues with Sprint, and EE, two more incidents add to the growing trail. This Security Flaws Exposed Account PINs of T-Mobile and AT&T Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2ohh0o6

Email fraudsters are using personal information to make their threats seem credible. Many people are receiving emails from hackers who are demanding anywhere between $1700 to $3000 in bitcoin or else they will send compromised information—such as pictures sexual in nature, porn-watching history and webcam video—to the victim’s friends, family and co-workers. But the victims don’t need to panic. They haven’t been hacked as the email claims. But this is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and preying off digital-age fears. Sextortion scammers use urgent language to scare their intended targets into paying a ransom. One such "sextortion" scam that threatens to expose porn-viewing habits unless one pays a bitcoin "ransom" has hit New Zealand. The scam is in the form of an email claiming that the sender has installed a malware on t...

Facebook recently disclosed a serious security flaw in the company’s servers which allowed for remote code execution. Security researcher Daniel A Remote Code Execution Vulnerability Patched by Facebook on Latest Hacking News . from Latest Hacking News https://ift.tt/2NumGpP

United States President Donald Trump has accused Google of rigging its search result to show only "Fake News Media" in order to spread negative stories about him. He called it "a very serious situation” that “will be addressed” very soon.  Mr. President took tweeted his frustration on early Tuesday and claims that social media company are bias against him. "Google search results for "Trump News" shows only the viewing/reporting of Fake New Media. In other words, they have it RIGGED, for me & others, so that almost all stories & news is BAD. Fake CNN is prominent." " Republican/Conservative & Fair Media is shut out. Illegal? 96% of results on "Trump News" are from National Left-Wing Media, very dangerous. Google & others are suppressing voices of Conservatives and hiding information and news that is good. They are controlling what we can & cannot see. This is a very serious situation-will be addressed!" ...

This month, we have come across several instances regarding Android vulnerabilities. Not much time has passed since we heard about Android Phones From 11 Vendors Vulnerable To AT Commands Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/2wlSaaO

Microsoft has reacted quickly when a Twitter user disclosed a zero-day vulnerability in the Windows OS. A Twitter user named Microsoft Windows Zero-Day Vulnerability Is Disclosed On Twitter on Latest Hacking News . from Latest Hacking News https://ift.tt/2PK8hai

On this episode of the Latest Hacking News Podcast a Windows zero-day disclosed with no patch, Instagram adds security features and 130 million hotel customers' data for sale on dark web. Latest Hacking News Podcast #109 on Latest Hacking News . from Latest Hacking News https://ift.tt/2LBd1Mj

Every time a crypto exchange is hacked, the outcome turns out to be a financial loss. We already know of Brazil’s Crypto Trading Platform Atlas Suffered Data Breach on Latest Hacking News . from Latest Hacking News https://ift.tt/2PJSlFb

Mozilla has decided to distrust all the certificates by Symantec since Mozilla released its 63rd version of the browser. The Firefox & Chrome Browsers Are Distrusting Symantec TLS Certificates on Latest Hacking News . from Latest Hacking News https://ift.tt/2BWJiOi

Ubuntu and CentOS are disabling a security feature which was added to the GNOME Desktop environment last year. The Security Bubblewrap Security Feature Will Be Removed From Ubuntu and CentOS on Latest Hacking News . from Latest Hacking News https://ift.tt/2MV9Jbr

Raccoon is an offensive security tool known for reconnaissance and information gathering. The tool can extract useful information about the Raccoon – Open Source Enumeration and Information Gathering Tool on Latest Hacking News . from Latest Hacking News https://ift.tt/2PLMzms

Since the  EE two security flaws that were previously reported, it now seems that Sprint are also making the news for Security Vulnerability Found on Sprint Telecom Providers’ Staff Portal on Latest Hacking News . from Latest Hacking News https://ift.tt/2NqHBKf

Google Security Researchers discovered a Man-in-the-Disk (MitD) which allows other applications to Hijack Fortnite app’s installation process and install other Android Application “Fortnite” Vulnerable to Man-in-the-Disk Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/2ohU8VC

Iran's Cobalt Dickens group target universities worldwide, North Korea's Lazarus group blamed for Cosmos Bank hack and OSR software developer exposes sensitive documents. Latest Hacking News Podcast #108 on Latest Hacking News . from Latest Hacking News https://ift.tt/2PNyyoq

WhatsApp has notified its users that all the messages, and media contents; photos, videos, and recordings do not remain encrypted once the data is backed up on Google Drive.   “Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive,”  on WhatsApp's  FAQ section. They labeled it as 'Important' to read. On August 16, WhatsApp has signed a contract with Google to allow users to back-up their chats without counting it on your Drive storage. From November 12, users could be able to store their messages on the  Google's cloud storage without any space limitations. The company has urged its users to manually backup all their messages before  November 12, else all the messages that have not been backed up for last one year would be deleted from the Google Drive. This will be only applicable for Android users, however, Apple uses iCloud as the default for chat back up. Here are some simple steps to back up ...

The personal data of more than 37,000 Eir customers has been exposed includes the names, Email address, phones numbers and Eir’s Customer Data of 37,000 Clients Exposed After a Theft of a Laptop on Latest Hacking News . from Latest Hacking News https://ift.tt/2PcdAyb

Olaf Tan and Dennis Goh of RFID Research Group, Vincent Yiu of SYON Security and Kevin Mitnick have developed a USBHarpoon a Charging Cable That Hacks Your Computer on Latest Hacking News . from Latest Hacking News https://ift.tt/2PJalQ2

Reportedly Iranian hackers have been targeting universities and educational institutions among 14 nations in an attempt to steal intellectual property. Over 70 Universities Targeted by Iranian Hackers on Latest Hacking News . from Latest Hacking News https://ift.tt/2BQITgb

Tplmap is a python tool that can find code injection and Server Side Templates Injection (SSTI) vulnerabilities by using sandbox Tplmap – Open Source Tool to Scan For Server Side Template Injection Vulnerabilities on Latest Hacking News . from Latest Hacking News https://ift.tt/2whzMQr

Google Chrome started showing alerts asking users to remove applications that are considered “not compatible” with the Chrome Browser as Google Chrome’s new Policy Ask to Disable Anti-Virus on Latest Hacking News . from Latest Hacking News https://ift.tt/2MQHwlX

On Latest Hacking News Podcast #107 Fortnite developer unhappy with Google for publishing vulnerability details, Sprint compromised using weak passwords and tech giants focus on election security. Latest Hacking News Podcast #107 on Latest Hacking News . from Latest Hacking News https://ift.tt/2we8QRw

Blacklight is a beginner level CTF challenge. The VM is available at VulnHub. This challenge is very easy and short BlackLight – VulnHub CTF Challenge Walkthrough on Latest Hacking News . from Latest Hacking News https://ift.tt/2P9ur50

Continuing the stream of vulnerabilities in the telecommunication sector, we now hear about another incident after Telstra and Telefonica. This UK-Based Firm EE Affected By Two Security Vulnerabilities In A Week on Latest Hacking News . from Latest Hacking News https://ift.tt/2BX1oQq

The official website of Akhil Bharatiya Hindu Mahasabha (ABHM) was hacked, purportedly by a member of the ‘Team Kerala Cyber Warriors’ on Friday, 24 August. The homepage of the website, which is decorated in saffron along with photos of political leaders and updates on the organization, was replaced with a black page with images of a sliced medium-done beef steak and a detailed recipe for preparing a traditional Kerala Spicy Nadan Beef Curry”. “Hacked by Ghos7_Roo7,” the website read. For almost three hours on Friday, the website displayed the logo of the hackers, a video of the meat being cut and an elaborate recipe. Under the recipe, a message was uploaded by the hackers for the President of the Hindu Mahasabha. “...We respect people for their character and not for their food habits.” The action came shortly after Swami Chakrapani, the chief of the Hindutva outfit, was seen in a video saying “beef-eaters should not be saved” from flood-affected Kerala. He said, Kerala floods, ...

W3af is a GUI based framework that helps in auditing and identifying vulnerabilities in web applications. The tool is loaded W3af – Web Application Attack and Audit Framework on Latest Hacking News . from Latest Hacking News https://ift.tt/2oeI337

The Australian government has issued a GO (General Order) to ban the Huawei 5G network from being deployed within the Huawei 5G Has Been Banned From Australia Due to Security Concerns on Latest Hacking News . from Latest Hacking News https://ift.tt/2Pc7sX1

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: IndianExpress “The cyber attacks from China made up 35% of the total number of cyber attacks on official Indian websites, followed by US (17%), Russia (15%), Pakistan (9%), Canada (7%) and Germany (5%),” the report says. A report sent to the National Security Council Secretariat (NSCS) and other security agencies by a department under the Ministry of Electronics and Information Technology has said that the maximum number of cyber attacks on official Indian websites are from China, US and Russia. It has also flagged the possibility of “malicious actors from Pakistan using German and Canadian cyberspace for intruding into Indian cyberspace and carrying out malicious activities”. The report, prepared by the Indian Computer Emergency Response Team (CERT-In), which comes under the ministry, analysed cyber ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: ABC News Do you have the energy for this?” Prime Minister Benjamin Netanyahu asked him. It was December 2015 and Buky Carmeli was interviewing to become the first director of the National Cyber Security Authority. The answer must have been affirmative, because the institution has turned into a powerhouse that has taken the nation’s cyber sector by storm (or, rather, defended it from destructive cyber storms) since 2016. In an exclusive first interview since recently leaving that profoundly influential office, Carmeli told  The Jerusalem Post  that during his meeting with Netanyahu, he had already been questioned substantially to make sure he had the unique combination of security establishment, academic, and private sector credentials that the prime minister was looking for. The ...