Cyber Security News

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Following disquiet over the IEEE’s decision to block Huawei-linked researchers from doing various academic tasks, a Chinese computer research body has reportedly severed ties with the IEEE in retaliation. The China Computer Federation (CCF) declared that it is suspending communications with the US-based Institute of Electrical and Electronic Engineers’ Computer Society (IEEE CS), according to Reuters. This comes hot on the heel of an academic backlash against the IEEE for what amounts to blacklisting of researchers with links to Huawei. The IEEE insisted that as a US-based corporation it is subject to US law and thus has no real choice in the matter, though others disagree with their interpretation of the US sanctions on Huawei. In a post on China’s WeChat platfo...

A recent victim of a security incident turns out to be the Australian tech firm Canva. The hacker(s) with alias Graphic Design Service Canva Suffers Data Breach Affecting 139 Million Users on Latest Hacking News . from Latest Hacking News http://bit.ly/2XiQrP1

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register US government workers may be placing America’s national security at risk as there is no official policy banning them from running their smartphones’ personal and official internet traffic through untrustworthy foreign-hosted VPN services. A letter [PDF] from Homeland Security’s Cybersecurity and Infrastructure Security Agency director Chris Krebs to Senator Ron Wyden (D-OR) concedes that Uncle Sam does not have rules in place to prevent federal employees from routing their work-issued cellphones’ data through VPNs in Russia, China, and so on. As a result, Krebs says, there is a “low to moderate” risk that some US government communications could be intercepted by an overseas VPN service and handed over to a hostile government in, oh, say, Russia or China. “The vulnerabilities ar...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Mozilla has published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form. At its developer conference earlier this month, Google engineers talked up the tech, which consists of several related projects – Signed Exchanges, the web packaging format and changes to the fetch specification – that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access. “With [web] packaging, the model for loading web pages changes from today’s model, which we all understand, where the...

IPFinder CLI (Command Line Interface) - To Locate and Identify Website Visitors by IP Address Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at https://ipfinder.io/auth/signup , for Free IPFinder API access token. The free plan is limited to 4,000 requests a day, and doesn't include some of the data fields To enable all the data fields and additional request volumes see http://bit.ly/2K2K6nc . Documentation Visit IPFinder documentation . System Requirements PHP >= 7.0 JSON PHP Extension CURL PHP Extension official PHP library for IPfinder . Installation Via composer First, download the IPfinder cli using Composer: composer global require ipfinder-io/ip-finder-cli Make sure to place composer's system-wide vendor bin directory in your $PATH so the IPfinder execut...

Cyber criminals seem to be thriving in India’s IT capital; in the last four months alone, Bengalureans lost Rs 32 crore to various online scams. A 39-year-old woman was the biggest victim—a fraudulent suitor who befriended her through a matrimonial website made away with Rs 33 lakh. The cybercrime police station of the Bengaluru city police has recorded a staggering 3,180 cases in four months since mid-January. Last year, Sumathi (name changed) from Jayanagar had registered with a well-known marriage portal to find a match. Little did she know that the prince charming who approached her as a UK-based Indian doctor expressing interest to settle down with her in Bengaluru was an online imposter. He got her into parting her hard-earned money through numerous online transfers. “She was lured by an exciting gift packet the man claimed to have sent from the UK. Then came the false excuse of Indian customs officials seizing the gift for duty. She fell for it and transferred lakhs of r...

Chinese APT Group Emissary Panda Targeting Middle East, Widespread Cryptojacking Campaign, Three Tech Support Scammers Charged By FBI Today’s Agenda Latest Hacking News Podcast #294 on Latest Hacking News . from Latest Hacking News http://bit.ly/2YVLVX9

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a “ghost user” to encrypted messaging services. The point of that “ghost user”, as we reported back in 2018 when this was first floated in its current form, is to apply “virtual crocodile clips” and enable surveillance by spies, police, NHS workers and any others from the long list of state organisations allowed to snoop on your day-to-day life. “Although the GCHQ officials claim that ‘you don’t even have to touch the encryption’ to implement their plan, the ‘ghost’ proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression,” said a l...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register More than 50,000 servers around the world have been infected with malware that installs crypto-coin-mining scripts and advanced rootkits, it is claimed. Known as Nanshou, the software nasty, we’re told, infects machines by brute-forcing Microsoft SQL Server account passwords and using known exploits to elevate its privileges. It then drops onto the compromised Windows systems one of 20 different payloads, each including versions of a coin-mining tool and a kernel-mode rootkit that gives the mining software the ability to run without the threat of being detected or terminated by an administrator or security software. The Guardicore Labs researchers who say they discovered the campaign reckoned this week that Nanshou is particularly noteworthy in its use of rootkit tools and ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register GitHub can now automagically offer security patches for projects’ third-party dependencies. The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project’s dependencies. For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project. These automatic updates will, for now anyway, be limited to dependencies written in Ruby, Python, Java, .N...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Updated  ProtonMail, a provider of encrypted email, has denied claims that it voluntarily provides real-time surveillance to authorities. Earlier this month, Martin Steiger, a lawyer based in Zurich, Switzerland, attended a presentation in which public prosecutor Stephan Walder, who heads the Cybercrime Competence Center in Zurich, mentioned the company. In a live-tweeted account of the event, subsequently written up on German and recently translated into English, Steiger said he learned that ProtonMail “voluntarily offers assistance for real-time surveillance.” But Walder, the source of the revelation, subsequently contacted Steiger to clarify that he had been misquoted and had only described ProtonMail as a potential provider of assistance. Steiger maintains th...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Compsci academics are startled by how the US-based IEEE is complying with American sanctions on Huawei. That includes halting peer review by anyone connected to the Chinese company – and banning them from buying IEEE-branded coffee mugs. The New York-headquartered Institute of Electrical and Electronics Engineers, one of the world’s leading technological academic bodies, issued a statement on 22 May setting out in detail (PDF) what “Listed Persons” (employees of Huawei and its affiliates) can and cannot do under the IEEE’s banner. That has caused academics worldwide to question the institution’s independence of US governmental influence. As the preeminent standards-setting body and professional discussion forum for everything from Wi-Fi to phone networking technologies, the IEEE...

Another firm has fallen victim to a massive data breach. This time, it is the news aggregator app Flipboard that Flipboard Resets Passwords For 145 Million Users Following Data Breach on Latest Hacking News . from Latest Hacking News http://bit.ly/2YZ9uyt

Today, humans aspire to equip their homes with as much smart technology as possible. There are internet-connected kettles, baby monitors Hacking Your Smart Home: How to Prevent Intrusion on Latest Hacking News . from Latest Hacking News http://bit.ly/2YZLJGD

TA505 Attacks Italian Organization, Flipboard Discloses Breach, Austrailian Victorian Auditor General State’s Public Health System Has Weak Cybersecurity Today’s Agenda Latest Hacking News Podcast #293 on Latest Hacking News . from Latest Hacking News http://bit.ly/2QtLDE7

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Analysis  Nearly 90 per cent of hacking prosecutions in the UK last year resulted in convictions, though the odds of dodging prison remain high, an analysis by  The Register  has revealed. Government data from the last 11 years revealed the full extent of police activity against cybercrime, with the number of prosecutions and cautions for hacking and similar offences being relatively low. Figures from HM Courts and Tribunals Service revealed there were a total of 422 prosecutions brought under the Computer Misuse Act 1990 (CMA) over the last decade, with the figure rising to 441 including the year 2007. Criminals convicted of CMA offences were quite likely to avoid prison in 2018, with just nine (including young offenders sent to youth prisons) receiving custodial sentence...

Hello Community! We have just completed first vulnhub machine of DC series by DCAU in my last post. Lets move DC: 2 Hacking Challenge Walkthrough (Vulnhub) on Latest Hacking News . from Latest Hacking News http://bit.ly/2JK2IJf

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register A vulnerability in all versions of Docker can be potentially exploited by miscreants to escape containers’ security protections, and read and write data on host machines, possibly leading to code execution. This is according to senior SUSE software engineer Aleksa Sarai, who said the flaw is a race condition bug in which a file path is changed after it has been checked as valid, and, crucially, before it is used. The flaw, designated CVE-2018-15664, can be, in certain circumstances, abused to read and write arbitrary files on the host with root permissions from within a container, Sarai explained on Tuesday. This is possible provided there are no file system restrictions on the Docker daemon, such as those imposed by AppArmor. And the most likeliest attack scenario requires a m...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register The critical Windows Remote Desktop flaw that emerged this month may have set the stage for the worst malware attack in years. The vulnerability, designated CVE-2019-0708 and dubbed BlueKeep, can be exploited by miscreants to execute malicious code and install malware on vulnerable machines without the need for any user authentication: a hacker simply has to be able to reach the box across the internet or network in order to commandeer it. It is said to be a “wormable” security hole because it is possible to write a worm that spreads automatically, infecting a machine and then attacking others. Two weeks ago, Microsoft released security patches for systems going back to Windows XP to kill off this bug, and everyone is urged to install them. So, a fortnight on, how man...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand. According to Der Spiegel this month, the Euro nation’s Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order. This would expand German law, which right now only allows communications to be gathered from a suspect’s device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the...

The Ministry of Digital Development, Communications and Mass Communications of the Russian Federation reports that Russia is ready to supply Vietnam with e-government technologies, smart and safe city solutions, as well as information security products. Rostelecom, Russia's largest provider of digital services and solutions, and Vietnam's leading provider of telecommunication services and information technology services Vietnam Posts and Telecommunications Group (VNPT) signed a Memorandum of understanding (MOU) aimed at developing cooperation in the field of information and communication technologies. The Memorandum was signed by President and CEO of VNPT Pham Duc Long and President of Rostelecom Mikhail Oseevsky. The signing was attended by Prime Minister of Vietnam Nguyen Xuan Phuk and Prime Minister of the Russian Federation Dmitry Medvedev. In accordance with the text of the Memorandum, the main areas of cooperation are information security, e-government and smart ci...

Friday night, unknown persons tried to hack Telegram and Facebook accounts of famous journalists in Yekaterinburg. The Deputy Editor-in-Chief "URA.RU" Anton Olshannikov, PR specialist Platon Mamatov and the Editor-in-Chief of the site "MSTROK" (mstrok.ru) Natalia Vakhonina suffered from the actions of the unknown hacker. In addition, unknown persons attempted to gain access to the telegram channel of the portal "Momenty" (http://bit.ly/2JJx3I4). It is interesting to note that all of them actively wrote about the protests against the construction of the temple in Yekaterinburg. Hackers tried to log into the accounts of journalists from a desktop computer, the IP-address of which is registered in Spain, namely in Madrid. The two-factor authentication stopped hackers, but they managed to get confirmation codes from SMS. One of the victims asked for clarification to his mobile operator to find out how the attackers were able to enter the code, but he rece...

The United States navy is planning to create a repository of more than 350 billion social media posts from around the world, to research on how people behave online.  The project team has not specified from which social media platform they are intend to collect the data.  However, they will only collect the public posts in between 2014 and 2016, from more than 100 countries and in at least 60 different languages.  The details of the project were revealed in a  tender document from the Naval Postgraduate School for a firm to provide the data. The deadline of the applications have now closed. Additional requirements included: the posts must come from at least 200 million unique users no more than 30% can come from a particular country at least 50% must be in a language other than English location information must be included in at least 20% of the records The collected database must not include private messages and users personal information....

China-linked Cyber-Espionage Group  Adds 2 New Loaders, Singapore To Introduce SG-Verify a User Identification Tool, Joomla And WordPress Hpertext Access Latest Hacking News Podcast #292 on Latest Hacking News . from Latest Hacking News http://bit.ly/2W8RzbN

A recent report revealed a major data leakage incident compromising the security of sensitive records. The victim firm was “First First American Financial Exposed 885 Million Sensitive Files Online on Latest Hacking News . from Latest Hacking News http://bit.ly/2I6Am93

Heads-up smartphones users! A new attack method has surfaced online that can meddle with your Android or iPhone. According to Sensor Calibration Attack Threatens Smartphone Users on Latest Hacking News . from Latest Hacking News http://bit.ly/2WvrV01

Ransomeware Attack On Baltimore Update, UK Reports Russian Cyber Activity To 16 NATO Nations, Transport London To Begin Tracking Commuters, Latest Hacking News Podcast #291 on Latest Hacking News . from Latest Hacking News http://bit.ly/2YNR6Ze

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register The maker of vehicle license plate readers used extensively by the US government and cities to identify and track citizens and immigrants has been hacked. Its internal files were pilfered, and are presently being offered for free on the dark web to download. Tennessee-based Perceptics prides itself as “the sole provider of stationary LPRs [license plate readers] installed at all land border crossing lanes for POV [privately owned vehicle] traffic in the United States, Canada, and for the most critical lanes in Mexico.” In fact, Perceptics recently announced, in a pact with Unisys Federal Systems, it had landed “a key contract by US Customs and Border Protection to replace existing LPR technology, and to install Perceptics next generation License Plate Readers (LPRs) at 43 US Border Patrol...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register A bounty hunter was able to get the live location of a number of different individuals from American cellphone networks through a single phone call, it is claimed. Matthew Marre was charged [PDF] last month with allegedly obtaining “confidential phone record information … by making false and fraudulent statements and representations.” It is claimed he called a hotline run by various mobile networks, and asked for the GPS location of specific cellphones – all of which belonged to people that were wanted for skipping bail. The ruse was apparently extremely successful, according to Colorado federal court documents that have subsequently been restricted from public view. The paperwork, submitted by prosecutors, alleged that, last year, he successfully persuaded T-Mobile USA to hand ...