Cyber Security News

Despite facing criticism and a heavy fine, Facebook does not seem to be backing off of its annoying steps. Recently, Facebook Ad Targeting Exploits Users’ 2FA Phone Numbers on Latest Hacking News . from Latest Hacking News https://ift.tt/2Iw0r12

Researchers discovered a vulnerability in the Apple’s Device Enrollment Program (DEP). This Apple DEP authentication flaw could allow potential attackers Apple DEP Authentication Flaw Leaves Devices Vulnerable To Malicious MDM Enrolling on Latest Hacking News . from Latest Hacking News https://ift.tt/2xN88Mb

Mozilla has finally launched Firefox Monitor a website that connects to the TroyHun’s Have I Been Pwned? (HIBP) one of Firefox Monitor Has Begun To Track Breached Email Addresses on Latest Hacking News . from Latest Hacking News https://ift.tt/2DGTAmz

For almost a month, the customers of the online food delivery company, DoorDash, flooded social media platforms with reports of DoorDash Customers Possibly Suffered Credential Stuffing Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/2xNUb0h

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits:  HuffingtonPost As companies, and government departments move more and more sensitive data of employees and citizens online, India is facing an acute shortage of trained cybersecurity professionals, Tata Communication’s Chief Technology Officer, Srinivasan CR warned. “People with the right cyber security skills are in short supply,” Srinivasan said. “That is why we are working with universities, and have been collaborating with the Sastra university to set up a cyber security lab.” Srinivasan made his comments on the sides of an press event to launch Tata Communications’ new Cyber Security Response Centre (CSRC) in Chennai, the fourth for the company with other centres operating in Pune, Dubai, and Singapore. Srinivasan’s comments echoed Andhra Pradesh’s chief cyber security officer’s observatio...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: First Post After Facebook admitted that hackers broke into nearly  50 million users’  accounts by stealing their “access tokens” or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login. Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to “View As” look-up in the last year. “For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms,” Chester Wisniewski, Prin...

Right after the launch of the latest MacOS Mojave, researchers have begun discovering various security vulnerabilities. Amidst the claims of Mojave Flaws Allow An Attacker To Bypass Full Disk Access Requirement on Latest Hacking News . from Latest Hacking News https://ift.tt/2NQegxg

The Ride Sharing Company Uber has agreed to pay $148 million dollars to settle the massive data breach in 2016 Uber has agreed to pay more than $140 Million for a data breach settlement on Latest Hacking News . from Latest Hacking News https://ift.tt/2NPuoih

A security researcher discovered a zero-day vulnerability in the MacOS Mojave that allows hackers to access secured system files. This Zero-Day MacOS Mojave Privacy Bypass Bug Exposes Protected Files on Latest Hacking News . from Latest Hacking News https://ift.tt/2DFzwRF

Pranav Hiverekar, one of the top Facebook bug bounty hunters/hackers, shares his insights on the Facebook breach What is your A Top Facebook Bug Bounty Hunter Shares Their Insights on the Facebook Breach on Latest Hacking News . from Latest Hacking News https://ift.tt/2NaK9vg

Ukrainian users of different versions of Microsoft Windows software will face the new strongest hacker attack of the cyber group PowerPool. Company ESET from Slovakia, which develops anti-virus and security software, warned that hacker group will probably use some vulnerability not closed by the manufacturer for the first time. Representatives of the company said hackers are going to increase privileges (Local Privilege Escalation), through which the dangerous code will be executed with the maximum permissible rights. It should be noted that the information about the 0-day vulnerability was newly disclosed on August 27, 2018. The security updates were not available at the time of publication. At the same time, just two days after the publication, hackers changed the system update code and began to attack users. Experts explained that at the first stage the hackers will send dangerous spam e-mail with a temporary access to computers. Further, if hackers are interested in the c...

Facebook recently released a press update about a critical security flaw affecting its application, which they promptly fixed after it Critical Security Vulnerability in Facebook Affects 50 million Users! on Latest Hacking News . from Latest Hacking News https://ift.tt/2xNgMKr

Cloud Software and Service Company Zoho was down when its domain Registrar has blocked the domain name consequently disrupting services Zoho Was Blacklisted by Domain Registrar TierraNet on Latest Hacking News . from Latest Hacking News https://ift.tt/2OfqQFF

A former Employee of NSA has got fives years of jail for holding classified data. The Department of Justice (DoJ) Former NSA Employee Gets 5 Years in Jail For Holding Classified Data on Latest Hacking News . from Latest Hacking News https://ift.tt/2ImSxqG

For all students out there using EasyBib, it’s time to reset your account passwords at Chegg. Reportedly, Chegg reset the Chegg Resets Passwords After Data Breach That Affected 40 Million Users on Latest Hacking News . from Latest Hacking News https://ift.tt/2zCXhFK

Microsoft are quietly trying to eliminate passwords, the company has made an announcement that users of Windows 10 and Office Microsoft is trying to kill passwords in Azure AD application on Latest Hacking News . from Latest Hacking News https://ift.tt/2QgwN2m

UEFI Rootkit spotted in the wild for the first time, Port of San Diego suffers ransomware attack and new Apple Mobile Device Management vulnerability on episode 131 of the Latest Hacking News Podcast. Latest Hacking News Podcast #131 on Latest Hacking News . from Latest Hacking News https://ift.tt/2Om1PZe

   Ride-hailing company Uber Technologies Inc. will pay $148m (£113m) to Washington state to settle a lawsuit over a 2016 data breach that exposed the personal information of 57 million customers and drivers. The company reached the settlement deal with all 50 states and the District of Columbia and is the biggest data-breach agreement in the history. Instead of reporting the matter, Uber paid a hefty sum of  $100,000 to hackers who were behind the intrusion to delete the data and ensure that it wouldn’t be misused. However, in November 2017, the company admitted that data breach happened, and they should have reported the matter instead of sweeping it under the carpet. “The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers, as exemplified by our recent announcement of a host of safety and security improvements and our recent hiring of experts like Ruby Zefo as Chief Privacy Officer and...

Last week, a security researcher pointed out how a CSS-based attack could crash iPhones, iPads, and Mac devices. The same researcher has now come up with another interesting finding. He demonstrates how a new Firefox bug called Browser Reaper crashes a browser allowing for a denial of service. In fact, the same bug can crash Windows PCs as well. Exploit also 'occasionally' freezes entire OS on Windows. But he gave Mozilla short notice of the flaw. Sabri Haddouche, a software engineer and a security researcher at encrypted instant messaging app Wire, said that the bug resides in the Firefox API that prompts automatic download and it can cause Firefox to crash on all major desktop operating systems - Mac, Linux and Windows. Haddouche created the proof-of-concept (POC) exploit and published it this week on GitHub. Haddouche previously created and released several denial-of-service POCs that cause Chrome, Firefox and Safari web browsers to crash or freeze. As explained, upo...

Security issues in cloud computing is a very hot topic these days. The cloud technology is relatively new and keeps evolving. Nevertheless, it’s already surrounded by myths and facts which makes it even more interesting. The advantages of cloud computing services can bring to a business are very promising but we keep hearing about new data breaches and hacked service providers. These obstacles make it hard for businesses to decide whether this is the solution they need. Meanwhile, other modern technologies like IoT, VR and Big Data are using the cloud. To get to know more about cloud security challenges, let’s find out how do companies get hacked and what measures they take to avoid such a threat. How the Cloud can be hacked Attacking cloud services, hackers aim to either steal valuable information or overload access to servers so that they become inaccessible. As mentioned above, cloud technology is constantly evolving but it also means that cybercriminals constantly exploit new v...

Dirhunt is a python tool that can quickly search directories on target domains to find interesting directories and file locations. Dirhunt – Search and Analyze Target Domain Directories on Latest Hacking News . from Latest Hacking News https://ift.tt/2NKbc5C

After so many private and government organizations suffering data breaches, a US-based fashion retailer now enters the list. Reportedly, the SheIn Data Breach Exposed Personal Details 6.4 Million Customers To Hackers on Latest Hacking News . from Latest Hacking News https://ift.tt/2N5xkSB

Uber agrees to pay $148m in data breach settlement, VPNFilter gains more capabilities and another banking trojan found on Google Play on today's Latest Hacking News Podcast. Latest Hacking News Podcast #130 on Latest Hacking News . from Latest Hacking News https://ift.tt/2OUIziv

Facebook is having a tough time handling the hate speech. Recently, a user informed the Facebook official about a hateful anti-Muslim post on the social media website, the company sent her a message thanking her for helping them, the BBC reported. "We removed both the group and all its posts, including the one you reported," the Facebook official told her. However, the post and the group remained intact. Now, Facebook is blaming technical glitch in its system that moderate harmful content on its network. "We are investigating this issue, and will share more information as soon as we can," the company told the BBC. According to the Facebook, it appears that the glitch sends a message automatically once the user reports them about a hate. There are several posts and groups which were reported by the user, but stayed up, one of them was a group, named: "LARGEST GROUP EVER! We need 10000000 members to Make America Great Again." This group has...

Last week, a security researcher pointed out how a CSS-based attack could crash iPhones, iPads, and Mac devices. The same Firefox DoS Proven to Crash Browsers and Sometimes Even Users PC’s on Latest Hacking News . from Latest Hacking News https://ift.tt/2zweWz7

INTRODUCTION History: Computer systems are designed for the use of multiple activities and multiple users. Privileges mean what a user is permitted to do on the system. Privileges include read and write files, execute, or modifying system files. Privilege escalation means a user receives privileges they are not entitled to do. These privileges can be used to delete files, view private information, install unwanted programs such as viruses, Trojan, malware, etc. When a system has a bug that allows security to be bypassed, alternatively, it has flawed design assumptions about how it will be used to leverage the access to gain major root access. Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system and software and misconfigurations to gain elevated access to resources that are normally protected from an application side or end user. An application with more privileges than intended by the application developer and system adm...

We recently interviewed security engineer Scott Arciszewski, and asked him a few questions about security and weak cryptography issues in Your Privacy is at Risk From Using a VPN: An Interview With Scott Arciszewski on Latest Hacking News . from Latest Hacking News https://ift.tt/2N3bv6q

Moscow Football Club CSKA faced for the first time with the problem of selling tickets for the upcoming Derby with another Moscow Football Club Spartak. Online Ticket Sale Service was not available just a few days before the Premier League. Competition are scheduled for September 23. On the official website of FC CSKA Moskva reported that hackers attacked the system. Fans were warned that paid tickets may be temporarily unavailable, as the system will be restored in the evening. As a result of the incident, the purchased tickets really appeared in the private offices of the customers. So, there are no victims in the accident. General Director of the Moscow Football Club Roman Babayev said that about 35 thousand packages were, despite the fact that the ticket service was attacked by hackers. Because of accident, football club temporarily suspended sales. But customers were active both before and after the attack. It is interesting to note that the Club sells tickets only in pack...

A new version of GandCrab ransomware released, as like the previous version it was not distributed through exploit kits. The distribution method of GandCrab v5 is currently unknown. Gandcrab Ransomware is a widespread ransomware, nowadays it evolves with newly updated features under constant development to target various countries. GandCrab v5 has been released with a few noticeable changes. The most noticeable changes are that the ransomware now appends a random 5 character extension on the encrypted files and creates HTML ransom note. Security researcher nao_sec has discovered that the GandCrab v5 ransomware is currently being distributed via malvertising that redirects to sites hosting the Fallout exploit kit. As the exploit kit utilizes vulnerabilities in the visitor's software to install the software, a victim will become infected without knowing about it until they find the encrypted files and ransom note. Like previous versions, there is no way to decrypt victims o...

The launch of Google Chrome 69 kept everyone enthralled with a trail of reports for some new features. In one Google Chrome Secretly Logs Users Activity On Google Sites on Latest Hacking News . from Latest Hacking News https://ift.tt/2OQBLm5

As far as we have come with technological innovations, the one force that we as humans are still unable to reckon with is nature. On one side of the world, Hurricane Harvey, and Hurricane Irma have left thousands devastated. Whereas on the other side of the world, in the golden hills of Africa wildfires have become commonplace. Natural disasters is a global crisis. The question you need to ask is If disaster were to strike – how much would your business lose? The benefit of the latest technological leaps such as secure online cloud storage, remote internet access, and convenient backup solutions – businesses are able to safeguard themselves and mitigate the risk that a natural disaster poses to their business. Even if the physical location is ravaged. When Disaster Strikes – Protect Your Employees Protecting your staff should be your first-priority as a business. They are your forerunners, ensuring that your business runs smoothly – and generally, they do a good job. In order to mi...

After a lot of organizations and spy firms confessing accidental exposure of their data, the recent incident lists an even United Nations Mistakenly Exposed Sensitive Data to The Public on Latest Hacking News . from Latest Hacking News https://ift.tt/2xDNFt7

The US Dept. of Commerce issues request for comments on new online privacy rules, two United Nations data leaks reported and Mozilla launches a free data breach notification service. Latest Hacking News Podcast #129 on Latest Hacking News . from Latest Hacking News https://ift.tt/2xzakGX

Attending video meetings from home turns up an embarrassing moment for some of us, but now there won't be more such awkward situations.  The tech giant Microsoft launched a new Artificial Intelligence powered feature called Background Blur for its video calls. The feature is AI driven and it will use facial recognition to detect your face. Once the face is detected successfully, it will automatically blur out your background.  The feature has been made available in preview at the Ignite 2018 developer conference in Orlando. The Microsoft said that the feature will now be available to all Microsoft Office 365 commercial customers. “With Teams, we’re using AI to help people before, during, and after a meeting,” Ron Markezich, corporate vice president of Microsoft 365, said Quartz. “Teams delivers a new, more inclusive way of working that keeps people engaged with their teams, whether they’re in the same building or in different cities.” To blur your background whil...

The telecom department has put Aadhaar-based face authentication on hold and in a letter sent to the UIDAI, the telecom department said that the Supreme Court judgement is pending on petitions challenging issuance of new mobile connections and re-verification through the use of the unique identity. The Department of Telecom (DoT) in a letter dated September 19, 2018, to the UIDAI CEO said that the judgement on a petition filed in the apex court challenging Aadhaar based e-KYC process is expected to be delivered this month. The mobile operators sought more time to implement the UIDAI-mandated face authentication feature, citing non-preparedness of biometric device makers. UIDAI is expected to rollout face recognition feature as an additional mode of authentication for Aadhaar on Saturday, starting with telecom service providers. "...it has been decided by the department that the instructions for implementation of face authentication in Aadhaar based e-KYC (know your custom...

Bloodhound is an open source application used for analyzing security of active directory domains.  The tool is inspired by graph Bloodhound – A Tool For Exploring Active Directory Domain Security on Latest Hacking News . from Latest Hacking News https://ift.tt/2Q20XpZ

October 8-11, the international cybersecurity forum HackIT 4.0 will be held in Kiev, Ukraine. The annual forum aims to be Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe on Latest Hacking News . from Latest Hacking News https://ift.tt/2pCyUSF

Temple of Doom is a Boot2Root CTF Challenge and is available at Vulnhub. This machine is intended for “Intermediates” and Temple of Doom – Vulnhub CTF Challenge Walkthrough on Latest Hacking News . from Latest Hacking News https://ift.tt/2pxd1Es

Confused between choices? What to do, OSCP or, CEH or, CISSP? If you have decided to focus on becoming an Q&A with 17 year old OSCP, Kunal Khubchandani : His Thoughts on OSCP on Latest Hacking News . from Latest Hacking News https://ift.tt/2QUT4nB

Microsoft Ignite 2018 security announcements, new Mozilla Firefox browser attack and a recent Adwind RAT campaign on episode 128 of the Latest Hacking News Podcast. Latest Hacking News Podcast #128 on Latest Hacking News . from Latest Hacking News https://ift.tt/2pAEhBU

Micro-blogging site Twitter announced they have patched a bug that affected one of its "Account Activity Application Programming Interface"  (AAAPI) which sent user's private direct messages to third-party developers who were not authorized to receive them. The bug ran from May 2017 but was fixed on September 10, 2018, after the company found it.  It is estimated that it has affected less than  1 percent of Twitter's account holders, it means that more than 3 million people are potentially impacted.  The company has started notifying individuals via an in-app notice and on Twitter.com. "A bug affecting one of our APIs On Monday, September 10, we identified a bug that may have sent one or more of your Direct Messages or protected Tweets (if your account was protected at the time) to Twitter developers who were not authorized to receive them. The issue has persisted since May 2017, but we resolved it immediately upon discovering it. Our investigation in...