Cyber Security News

Car owners – particularly those who own a Toyota are in serious trouble. The latest report reveals a Toyota security Toyota Security Breach Affects Millions Of Toyota Car Owners on Latest Hacking News . from Latest Hacking News https://ift.tt/2V77Qt9

The Chinese UC browser has become immensely popular among Android users. Almost every other Android phone has this browser installed Hackers May Exploit UC Browser Design Flaw To Deliver Malware on Latest Hacking News . from Latest Hacking News https://ift.tt/2CKrt2Y

Photon is a relatively fast crawler designed for automating OSINT (Open Source Intelligence) with a simple interface and tons of Photon – A Very Handy Open Source OSINT Tool on Latest Hacking News . from Latest Hacking News https://ift.tt/2U8eCCf

Personal data of nearly one billion people have been hacked by a caliginous company that is untraceable since the incident has happened.  The database contains email addresses of around 982 million people. According to researchers, this could be the ‘biggest and most comprehensive email database' breaches ever. The pieces of information that have been compromised includes names, gender, date of birth, employer, details of social media accounts and home addresses.  The database was created by Verifications.io , and it did not have any kind of security measure.  The firm was a marketing company, that offered a service of email validation to another marketing firm. The service includes authentication of email addresses.  The company took down its website after the leak was uncovered and they have refused requests for a comment on the situation. The motive behind the hack is not clear as the backers are maintaining their anonymity because of dubious ...

In a first-of-its-kind ransomware attack in Lucknow, cybercriminals breached and blocked the computer system of The Piccadily, a five-star hotel in the capital of Uttar Pradesh, and demanded a ransom to allow data access. Ransomware is a malware unleashed into the system by a hacker that blocks access to owners till ransom is paid. The hotel management lodged an FIR with the cyber cell of police and also roped in private cyber detectives to probe the crime and suggest a remedy. The hotel’s finance controller in Alambagh, Jitendra Kumar Singh, lodged an FIR on March 9, stating the staff at the hotel was unable to access the computer system on February 27 around 11:45 pm when they were updating monthly business data. This was followed by screen pop-ups which read — Oops, your important files are encrypted. The staff initially ignored the pop-ups and rebooted the system following which it crashed. Later, the hotel management engaged a software engineer to track down the malfunct...

Androwarn- Static Code Analyzer For Malicious Android Applications Description Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis leads to the generation of a report, according to a technical detail level chosen from the user. Features Structural and data flow analysis of the bytecode targeting different malicious behaviours categories Telephony identifiers exfiltration: IMEI, IMSI, MCC, MNC, LAC, CID, operator's name... Device settings exfiltration: software version, usage statistics, system settings, logs... Geolocation information leakage: GPS/WiFi geolocation... Connection interfaces information exfiltration: WiFi credentials, Bluetooth MAC adress... Telephony services abuse: premium SMS sending, phone call compos...

Roskomnadzor for the first time demanded that the owners of VPN services connect to the register of banned sites in Russia. According to the law, VPN providers and Anonymizers connected to it are obliged to filter traffic. The requirements for connecting to the State Information System (FGIS) were sent to the operators of 10 VPN services NordVPN, Hide My Ass!, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection and VPN Unlimited. FGIS contains a single register of banned Internet resources in the Russian Federation. According to the law, VPN services and Anonymizers are obliged to restrict access to Internet resources prohibited in Russia. So, services are required to connect to this system to gain access to the registry. According to the current legislation, VPN services are required to connect to FGIS within 30 working days from the date of sending the requirements. Otherwise, FGIS may decide to restrict access to the VPN service. It turned...

Facebook’s bug bounty program seems an integral requirement in view of the plethora of bugs and glitches found in its Facebook Introduces Whitehat Settings To Facilitate Security Researchers on Latest Hacking News . from Latest Hacking News https://ift.tt/2I1rPG2

A group of hackers won $35000 and a Tesla model 3 car after they managed to crack into security systems at a hacking event held last week. During the hacking competition Pwn2Own 2019 organized by  Trend Micro's "Zero Day Initiative (ZDI)", two hackers Amat Cama and Richard Zhu of team Fluoroacetate exposed a vulnerability in Tesla model 3. According to a report by  Electrek on Saturday, the hackers attacked the infotainment system of the Tesla model 3 and exploited "JIT bug in the renderer" to take control of the system. "Since launching our bug bounty programme in 2014, we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community," said David Lau, who is vice-president of vehicle software at Tesla. So many bounty programs have been organized by the Tesla over the last four years to expose the vulnerabilities in the Tesl...

There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'. It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages. The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past,  what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them. Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 n...

Given that there is such a thing as World Password Day, it makes a lot of sense for businesses to How to Create a Strong Password and Beat the Hackers on Latest Hacking News . from Latest Hacking News https://ift.tt/2UhPKqZ

Cybercriminals have found a new way to exploit stolen payment cards. Allegedly, they now abuse the payment systems of Magento Criminal Hackers Exploit Magento Online Shops To Check Stolen Payment Cards on Latest Hacking News . from Latest Hacking News https://ift.tt/2JPPEDa

Apple has launched iOS 12.2 introducing many new features. But, what’s different with this release is the number of security Apple Released iOS 12.2 With Multiple Critical Bug Fixes on Latest Hacking News . from Latest Hacking News https://ift.tt/2THx8N1

A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened Critical Vulnerability Patched In NVIDIA GeForce Experience on Latest Hacking News . from Latest Hacking News https://ift.tt/2UkkhVa

US Senate proposes Cybersecurity Protection Act, malware-laced Christchurch Shooter Manifesto, ransomware demands Amazon gift cards, and Android trojan targets over 125 band and crypte apps on episode 250 of our daily cybersecurity podcast. Latest Hacking News Podcast #250 on Latest Hacking News . from Latest Hacking News https://ift.tt/2JNx0Mg

hhmToday we something special in store for you, a Capture the Flag (CTF) from Vulnhub designed by Luke, specially for Rickdiculously – A CTF Designed for Rick And Morty Fans on Latest Hacking News . from Latest Hacking News https://ift.tt/2FBejpH

There are tons of hoaxes constantly doing the rounds on Twitter, including the recent Bitcoin scam. Today, I want to warn you about one that’s taken over the platform over the past couple of days: the “birth year hoax“. It’s as simple as it is stupid: it encourages you to head into your settings and change your birth year to 2007, in order to unlock a colourful feed or a ‘retro’ theme across the site. Instead, users who fall for the scam will be locked out of their accounts because Twitter prohibits anyone under the age of 13 from using the site. So, as soon as you change your birth year, Twitter thinks that you’re only 12 years old, and blocks your account. Twitter has automatically prevented users under 13 from using the social network since May last year and its terms of use state that the social network is "not directed to children." You were promised a new timeline of colour options. You ended up getting blocked from the social networking site. Earlier this w...

Recent studies have provided evidence as to the role the pre-installed android application play in the breach of privacy of users. Google doesn't seem to be paying enough attention on the issue which concerns security. Heavy security checks are required of them as similar to the checks done for play store versions of the applications. According to an independent study led by a group in Spain, personal information could be harvested by these pre-installed applications. A well-known institute of Madrid IMDEA Institute and Stony Brook University checked out the pre-installed apps on the android devices from over 2700 users, over 1700 devices from around 200 vendors all across 130 countries. The study didn't go deeper about the EU's General Data Protection Regulation laws and the difference they would make. Android is a highly customized operating system despite its being owned by Google. This includes the packaging of other applications with the operating ...

WebTech- Identify Technologies Used on Websites - Written in Python WebTech is a Python software that can identify web technologies by visiting a given website, parsing a single response file or replaying a request described in a text file. This way you can have reproducible results and minimize the requests you need to make to a target website. The RECON phase in a Penetration Test is one among the most important ones. By being able to detect which software runs on the target it’s easier to search for vulnerabilities in a specific module or version. WebTech scans websites and detect software and versions in use and can report data in a structured format like JSON or in a grepable text for later analysis. CLI Installation WebTech is available on pip: pip install webtech It can be also installed via setup.py: python setup.py install --user Burp Integration Download Jython 2.7.0 standalone and install it into Burp. In "Extender" > "Options" ...

Ransomware costs Norsk Hydro millions, one cryptocurrency exchange suffers breach while confusion surrounds another, and Microsoft seizes 99 APT35 domains on episode 249 of our daily cybersecurity podcast. Latest Hacking News Podcast #249 on Latest Hacking News . from Latest Hacking News https://ift.tt/2U5klJ5

The Ministry of Foreign Affairs (MFA) of Russia believes that American journalists, who for two years unreasonably accused Russia of interfering in the US presidential election in 2016, should apologize to Russia. The representative of the MFA Maria Zakharova announced this it in the program "60 minutes" on the main Russian Federal channel. In addition, Zakharova harshly criticized in her Facebook page the American journalist and political scientist Fareed Zakaria. We are talking about a speech devoted to the conclusions of Special Prosecutor Muller, where Zakaria points to a number of facts showing the existence of a connection between Trump and the Kremlin. Maria Zakharova believes that Zakaria profaned the Russian, and the Americans once again faced with one-sided propaganda. Therefore, he must apologize to the two nations, not only to Trump. According to the Russian diplomat, Zakaria and other journalists should first apologize to the Russians before again conductin...

KillShot is a penetration testing tool that can be used to gather useful information and scan vulnerabilities in target host KillShot – An Information Gathering and Vulnerability Scanning Tool on Latest Hacking News . from Latest Hacking News https://ift.tt/2UVaC4x

ASUS Live Update Utility, the online update driver used by ASUS users worldwide, was recently compromised. Hackers added a backdoor ASUS Hack May Be Biggest Supply-Chain Incident Ever As Backdoor Leaves 1 Million Users Exposed on Latest Hacking News . from Latest Hacking News https://ift.tt/2uwQIRH

Asus addresses ShadowHammer attack, NVIDEO patches GeForce Experience vulnerability, and bank robbery shifts to cyberspace in a recent report on episode 248 of our daily cybersecurity podcast. Latest Hacking News Podcast #248 on Latest Hacking News . from Latest Hacking News https://ift.tt/2OrKGLu

It is not the first time when the Ukrainian cyber police declared about declassifying a group of Russian hackers. According to police officers, hackers created a mailbox, using the Anonymizer and worked from the territory of Russia. It turned out that they sent fake emails on behalf of Interior Minister Arsen Avakov. Emails contained rules of conduct for police officers during the elections. In addition, the police were required to take certain actions in favor of one of the candidates. On the Internet, there is an opinion that the news is fake. Many people know that real hackers do not even need to create a mail to send messages. They can go to the server of the police and send emails directly. And can do it from any other host on which the port number 25 is open, intended for the SMTP protocol. Perhaps citizens of Ukraine decided to joke this way. They just installed a browser with VPN and created mail. That's enough to hide location. Moreover, this incident was another r...

Every reconnaissance phase has a standard checklist that is to be followed. If you’ve ever conducted or been a part Gobuster – An Elegant CLI Utility for Brute Forcing URI Directories on Latest Hacking News . from Latest Hacking News https://ift.tt/2JFLpdh

Instantbox - Get a clean, ready-to-go Linux box in seconds. What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? Provides a clean Linux environment for a presentation Let students experience the charm of Linux at your school or your next LUG meet Run with an inspiration in a clean environment Manage servers from any device Experiment with an open source project Test software performance under resource constraints Which Linux distributions are available? It currently supports various versions of Ubuntu, CentOS, Arch Linux, Debian, Fedora and Alpine. Quickstart Deploy Prerequisite: docker [More Information ] mkdir instantbox && cd $_ bash <(curl -sSL https://ift.tt/2OoNfxX) Download Instantbox from Hackers Online Club (HOC) https://ift.tt/2TVOo62

Needle- Open Source iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent. Needle is the MWR's iOS Security Testing Framework, released at Black Hat USA in August 2016. It is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas co...

Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1. An attacker could exploit these vulnerabilities to take complete control over the target system of the process. CVE-2019-9810: Incorrect alias information Incorrect alias information with IonMonkey JIT compiler for Array.prototype.slice leads to missing bounds check and a buffer overflow. The bounds checking is a method used for detecting the variable is present within the bounds, a failed bound check would through the exception and results in security vulnerabilities. CVE-2019-9813: Ionmonkey type confusion with proto mutations Mishandling of proto mutations leads to the type of confusion vulnerability in IonMonkey JIT code. The type confusion vulnerability occurs, when the code doesn’t verify what objects it is passed to, and blindly uses it without type-checking. By exploiti...

Asus software updates were used to install backdoors and Google has patched a bug in Chrome that was being actively exploited by tech support scammers on episode 247 of our daily cybersecurity podcast. Latest Hacking News Podcast #247 on Latest Hacking News . from Latest Hacking News https://ift.tt/2TW0ZpM

Researchers at cybersecurity firm Kaspersky Lab found out that recent Asus’ software update system was hacked and used to distribute malware to millions of its customers. The malware was masked as a  “critical” software update, which was distributed from the Asus’ servers. The malicious malware file was signed with legitimate ASUS digital certificates that made it look an authentic software update from the company, Kaspersky Lab says.  The report of the hack was first reported by Motherboard, and Kaspersky Lab plans to release more details as soon as possible at an upcoming conference. The intentions of hackers behind doing this is not clear. However, from the early investigation, it is reported that the hackers seem to target a bunch of specific Asus customers as it contains special instructions for 600 systems, which is identified by specific MAC addresses. Till now, Asus has not contacted any of its affected customers or taken any step to stop the malware. In a...

The Krasnoyarsk court imprisoned a resident of Krasnoyarsk who tried to hack the State procurement site of the Vladimir region but was caught by the FSB. According to the Prosecutor, in February 2016 hacker installed on his computer a special program for illegally copying files from other electronic devices. Further, he tried to hack the State procurement site of the administration of the Vladimir region and get logins and passwords to some data. However, the attempt to hack the State resource was identified and stopped by the FSB officers. It should be noted that the defendant was an information security officer at a large Russian bank. The court found the man guilty and sentenced him to 2 years of imprisonment with a fine of 50 thousand rubles. The hacker disagreed with the decision of the court and tried to appeal the verdict, but the regional court rejected his arguments and left the decision of the court of the first instance unchanged. from E Hacking News - Latest Ha...

During the past week, a security researcher discovered a flaw in an Australian based app, Family Locator by ReactApps. The Weak Security In Family Locator App Causes Location Data Leakage Of Their Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2CxvHdZ

Once again, a Facebook blunder has surfaced online. This time, the disclosure comes from Facebook itself! As revealed, Facebook inadvertently Facebook Passwords Stored In Plain Text Exposed To Employees on Latest Hacking News . from Latest Hacking News https://ift.tt/2UVX34G

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. Beagle Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or DGraph, or they can be kept locally as Python NetworkX objects. Beagle can be used directly as a python library, or through a provided web interface. The library can be used either as a sequence of functional calls. >>> from beagle.datasources import SysmonEVTX >>> graph = SysmonEVTX("malicious.evtx").to_graph() >>> graph <networkx.classes.multidigraph.MultiDiGraph at 0x12700ee10> Or by strictly calling each intermediate step of the data source to graph process. >>> from beagle.backends import NetworkX >>> from beagle.datasources import SysmonEVTX >>> from beagle.transformers import SysmonTransformer ...