Cyber Security News

Foreign hackers are constantly attacking the website of Russian President Vladimir Putin. Intelligence agencies record a large number of attacks from Europe and the United States said the Kremlin. As the Press Secretary of the Russian leader, Dmitry Peskov, noted, Western countries like to talk about" Russian hackers", but foreign partners themselves are waging an information war against Russia. "A huge number of cyber attacks on Russian organizations, individuals and legal entities are constantly organized from the territory of the United States," he said. According to him, hackers from Europe and North America regularly try to commit hacks. He noted that a new draft law on Autonomous RUnet is aimed at countering this. The draft law on the Autonomous operation of the Russian Internet segment, if it is disconnected from the global network infrastructure, was submitted to the State Duma on December 14, 2018. The document is aimed at protecting the stable o...

A team of Indian students from Indraprastha Institute of Information Technology (IIIT), Delhi has developed an app WhatsFarzi for verifying a piece of fake news by using a custom logarithm. The app is capable of scanning all the internet content, authenticate the images that could have been tampered.  “One of my students started researching on the rapid spread of fake content on Twitter and Facebook, which inspired him to develop a Google Chrome browser extension for both the platforms. The continuous research by the team gradually gave birth to WhatsFarzi, which is now helping the vexed Indians to fight back such terrors”, said Ponnurangam Kumaraguru, associate professor at IIIT-Delhi. WhatsFarzi is the concept of three students studying B.Tech computer science at the IIIT Delhi. The team includes  Madhur Tandon (22), Suryatej Reddy Vyalla (20) and Dhruv Kuchhal (23). Suryatej Reddy, a third-year student, said, “We use a knowledge graph to extract relevant infor...

Coinhive to shut down on March 8th, a new free hacking toolkit, and Thunderclap Thunderbolt vulnerabilities on episode 229 of our daily cybersecurity podcast. Latest Hacking News Podcast #229 on Latest Hacking News . from Latest Hacking News https://ift.tt/2GR06bc

MassBleed is an open source tool used for scanning SSL vulnerabilities in web applications. The tool can scan Heartbleed, CCS, MassBleed – An Open Source SSL Vulnerability Scanner on Latest Hacking News . from Latest Hacking News https://ift.tt/2IHJUe8

A new malware has been discovered by security experts, they observed that it is constantly altering its behavioral patterns in an attempt to bypass the email security protection. As dissemination of malware through email campaigns is becoming common day by day, email security providers are devising new ways to battle and terminate such malicious activities. However, cybercriminals are employing subtle and sophisticated methods to bypass all the layers of security, which has led to a massive upsurge in successful malware campaigns. In the aforementioned case, the infected emails are sent to the potential victims, which on being accessed leads to the downloading of a word template with a .doc extension. Notably, the attack is configured quite differently than most of the attacks which make use of a single pattern with little customizations. In this attack, a number of different email addresses, subject headings, display name spoofs, body content, and URLs are used. The att...

Google has made some significant changes to Google Play Protect for protecting Android users from unwanted and malicious apps. The company has launched the Google Play Protect feature in 2017, it performs the following functions:  It does a safety check for apps before users download it from the Google Play Store.  It  also checks for potential harmful apps available from the other sources   It warns and detect potentially harmful apps, and removes malicious apps from your device.  It warns about apps that violate our Unwanted Software Policy by hiding or misrepresenting important information. In a blog post, Google said that Google Play Protect has protected over 2 billion devices every day. "Google Play Protect is the technology we use to ensure that any device shipping with the Google Play Store is secured against potentially harmful applications (PHA)," stated Google's blog post. "It is made up of a giant backend scanning engine to aid...

A few days ago, we reported a WinRAR ACE vulnerability that existed for 19 years. While the vendors got rid Hackers Begin Exploiting WinRAR ACE Vulnerability To Install Backdoor on Latest Hacking News . from Latest Hacking News https://ift.tt/2VoXBAc

Researchers have come across a peculiar phishing campaign delivering Trojans to target machines. While this sounds similar to any other The Phishing Campaign That Uses Variations of Attack Patterns To Evade Detection on Latest Hacking News . from Latest Hacking News https://ift.tt/2BW2zgq

Security researchers have found three new security flaws in 4G and 5G, which could be exploited to intercept the phone calls and track the location of a cell phone. Discovery of the flaws is said to be a huge set back for both 4G and the new 5G technology, which is much more faster, and has better security, it is particularly against the enforcement law of cell site simulators, known as “stingrays.” “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, said in an Email interview with TechCrunch. The team includes Syed Rafiul Hussain, Ninghui Li and Elisa Bertino from the Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa. They have revealed their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday. The paper includes details of the attacks that could be implemented.  The first is "Torpedo, which...

The firmware of a cloud server is one of the latest vulnerabilities hackers can exploit granting them unauthorised access to Vulnerability in IBM SoftLayer Technology Allows Old Customers to Access New Customer Data on Latest Hacking News . from Latest Hacking News https://ift.tt/2EAhONA

Security researchers have found nearly 40.8% of smart homes have at least one device that could be easily breached by hackers as one-third of them have outdated software with unpatched security issues, while two-thirds of them are exposed due to their weak credentials. The team of researchers at Avast said that all these vulnerable devices are connected to the internet directly, and routers are the ones most targeted. "59.7% of routers have weak credentials or some vulnerabilities" and "59.1% of users worldwide have never logged into their router or have never updated its firmware," says Avast. In their report, Avast says that "a router that is vulnerable to attack poses a risk for the whole home, much like leaving your front door unlocked. Cybercriminals can redirect compromised routers to access exactly what they want, including phones, computers or any other connected device." Printers lead the list of types of devices which are most vulner...

YAWAST is a web application penetration testing toolkit that can perform information gathering and basic vulnerabilities (misconfiguration) assessment tasks related YAWAST – Open Source Web Application Information Gathering Toolkit on Latest Hacking News . from Latest Hacking News https://ift.tt/2U72WMg

Facebook has taken a bold yet appreciable voluntary step that may provide a hint to their concern towards users’ privacy. Facebook Removed Onavo Protect From Google Play Store Voluntarily on Latest Hacking News . from Latest Hacking News https://ift.tt/2H5grIu

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected. This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (crypto jacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said. The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the Puppetnets research paper 12 years ago, in 2007. The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code. This is possible because modern web browsers now support a new API called Service Workers. This m...

Over the last three years, the use of AI in cybersecurity has been an increasingly hot topic. Every new company that enters the market touts its AI as the best and most effective. Existing vendors, especially those in the enterprise space, are deploying AI  to reinforce their existing security solutions. Use of artificial intelligence (AI) in cybersecurity is enabling IT professionals to predict and react to emerging cyber threats quicker and more effectively than ever before. So how can they expect to respond when AI falls into the wrong hands? Imagine a constantly evolving and evasive cyberthreat that could target individuals and organisations remorselessly. This is the reality of cybersecurity in an era of artificial intelligence (AI). There has been no reduction in the number of breaches and incidents despite the focus on AI. Rajashri Gupta, Head of AI, Avast sat down with Enterprise Times to talk about AI and cyber security and explained that part of the challenge was no...

On episode 228 of our daily cybersecurity podcast we look at new research out of NDSS Symposium 2019 including a browser-based botnet attack and ExSpectre, which hides malware using speculative execution. Latest Hacking News Podcast #228 on Latest Hacking News . from Latest Hacking News https://ift.tt/2Nu0CfA

Yahoo Mail has already made it into the news many times regarding cybersecurity issues. Once again, the service provider comes Yahoo Mail Vulnerability Nets Researcher $10,000 Bounty on Latest Hacking News . from Latest Hacking News https://ift.tt/2IDD2ym

Point-of-Sale (POS) attacks always entice criminal hackers due to the considerable financial gains they achieve. Nonetheless, such attacks always frighten Point-of-Sale Firm Suffered Malware Attack Affecting More Than 130 Outlets on Latest Hacking News . from Latest Hacking News https://ift.tt/2ICsdfV

Facebook and Google – both firms do not really hold a good reputation when it comes to users’ privacy. Both Facebook Launches Better Background Control Privacy For Android Users on Latest Hacking News . from Latest Hacking News https://ift.tt/2BNOzoX

Xfinity is a fantastic tool that is hugely popular all over the world. But it isn’t without its flaws. While The Xfinity Hacks You Need To Know on Latest Hacking News . from Latest Hacking News https://ift.tt/2U3OLr8

When it comes to working with people and using services, it can be a bit of a nightmare for a How To Ensure Your Tech Business Uses Only The Cleanest Of Services on Latest Hacking News . from Latest Hacking News https://ift.tt/2H3hlVU

What is Cato announcing today? We are announcing two new additions to Cato’s cloud security offering: Cato Managed Threat Detection and Response (MDR) service is a managed service for detecting threats in our customer’s networks and working with them towards remediation. Cato MDR is zero-footprint, requiring no additional hardware or software, making adoption remarkably simple. Cato also announced the integration of an additional, zero-day malware prevention engine from SentinelOne.The SentinelOne engine uses machine learning algorithms to identify malware without signatures (i.e, not seen before malware where a specific signature is used for detection). Why is MDR important and what is special about Cato’s MDR? Security and IT leaders today know that no matter how many layers of prevention are in place, hackers always find their way in. We also know today that all sizes and types of organizations are targeted; security experts advise organizations to assume their networks a...

Phishing attacks have now become something of a daily occurrence for many. Yet, the reason why these malicious campaigns remain Office 365 Phishing Strategy Tricks Users With Live Chat Support on Latest Hacking News . from Latest Hacking News https://ift.tt/2XmK1io

Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes. Features network topology multi-hop socks5 proxy multi-hop port forward port reuse (apache/mysql/...) ssh tunnel interactive shell upload and download file supports multiple platforms(Linux/Windows/MacOS) and multiple architectures(x86/x64/arm/mips) Installation You can directly download the executable files from https://ift.tt/2E5MEfM If you want to compile the project from source, you need to install go >= 1.11 , then execute the following commands. go get -u github.com/Dliv3/Venom/... # $GOPATH is the environment variable configured when Go is installed. It can be viewed by the 'go env' command. cd $GOPATH/src/github.com/Dliv3/Venom # Compiled binary files are stored in the release folder in the current directory. ./build.sh Usage 1. admin/agent command line ...

Andrian Candu, Speaker of the Moldovan Parliament, Vice-Chairman of the Democratic Party, said that Russia tried to interfere in the electoral process in Moldova. As previously stated by the official representative of the Russian Foreign Ministry, Maria Zakharova, Russia does not interfere in the elections in Moldova. Moscow has repeatedly denied accusations of trying to influence the elections in different countries and stressed that there is no evidence to confirm this. Candu told reporters that the Russian authorities used a number of tools to influence the election campaign. "This includes the Amnesty for migrants, and the removal of customs duties, and the situation with the pilots rescued from Afghanistan," the politician said. However, the President of Moldova, Igor Dodon, denied the allegations Andrian Candu. "Russia does not interfere in our elections, and the speaker's statements are blasphemous," Dodon said after visiting the polling statio...

Apex Legends players targeted by malware and scam campaigns, WinRAR ACE vulnerability exploited, and Adobe patches critical Reader flaw twice on episode 227 of our daily cybersecurity podcast. Latest Hacking News Podcast #227 on Latest Hacking News . from Latest Hacking News https://ift.tt/2H2PJQK

It hasn’t been that long since we reported phishing campaigns targeting Facebook users. Now, however researchers have discovered another such campaign. LinkedIn Direct Messages Exploited Via “more_eggs” Backdoor on Latest Hacking News . from Latest Hacking News https://ift.tt/2VcJoGe

The Russian Embassy in Austria reported a recorded hacker attack aimed at creating obstacles the normal operation of the Consular Department of the Diplomatic Mission. The Embassy explained that since the beginning of 2019, employees of the Department began to notice a systematic non-appearance of a large number of applicants who registered on the website through the electronic queue system. Also, citizens began to complain that the appointment was only possible in the months in advance. It is noted that since the beginning of 2019, some days no one who registered for an appointment came to the reception. "Special technical services, at our request, checked the situation for possible manipulation of information networks from outside, as a result, more than 300 applications were found, processed in an automated mode from IP addresses from Iraq, Thailand, Indonesia and several other countries," said the representative of the Embassy. According to the Diplomatic Mission, i...

Microsoft has recently rolled-out updates for addressing a vulnerability in its Internet Information Services (IIS). Allegedly, this Microsoft IIS bug IIS Vulnerability Triggers a Denial-of-Service on Latest Hacking News . from Latest Hacking News https://ift.tt/2tE5eXw

A fake Google reCAPTCHA is one of the latest email campaigns to target a Polish bank. Sucuri researchers reported their Banking Malware uses Fake reCAPTCHA page to target banking customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2SWLu0c

Facebook Twitter Google+ LinkedIn Hi everyone! The other day, I visited D-Wave Systems in Vancouver, Canada. It’s a company that makes cutting-edge quantum computers.  I got to learn a lot about quantum computers there, so I’d like to share some of what I learned there with you in this article.  The goal of this article is to give you an accurate intuition of what a quantum computer is using a simple example.  This article will not require you to have prior knowledge of either quantum physics or computer science to be able to understand it. Okay, let’s get started. What is a quantum computer? Here is a one-sentence summary of what a quantum computer is: A quantum computer is a type of computer that uses quantum mechanics so that it can perform certain kinds of computation more efficiently than a regular computer can. There is a lot to unpack in this sentence, so let me walk you through what it is exactly using a simple example. To explain what a quantum co...