Cyber Security News

Russian Internet giant Yandex reported that hackers working for Western intelligence had access to the company's systems for several weeks. Yandex stated that the hacking attempt was neutralized immediately. Yandex claims that hackers did not get access to user data. Moreover, the attack did not cause any damage. Sana Paritova, the Head of corporate communications of Yandex, stated, "We can assure you that the attackers are unable to access data of users of Yandex services.” Yandex specialists “promptly identified and neutralized at the beginning” the hacking attempt. The company stated, “Yandex, as well as all the major Internet companies,  are regularly confronted with various types of cyber threats. Our corporate policy does not imply the dissemination of detailed information about such cases.” Recall that the Agency Reuters reported that in October or November 2018, hackers working for Western intelligence services hacked the company in order to spy on user accou...

In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers. As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield. The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password. Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites,...

U.S. cyber attacks against Iranian targets have not been successful, Iran's telecoms minister said on Monday, within days of reports that the Pentagon had launched a long-planned cyber attack to disable his country's rocket launch systems. Tension runs high between longtime foes Iran and the United States after U.S. President Donald Trump on Friday said he called off a military strike to retaliate for the Middle East nation's downing of an unmanned U.S. drone. U.S. President Donald Trump said on Saturday he would impose fresh sanctions on Iran but that he wanted to make a deal to bolster its flagging economy, an apparent move to defuse tensions following the shooting down of an unmanned U.S. drone this week. On Thursday, however, the Pentagon launched a long-planned cyber attack, Yahoo News said, citing former intelligence officials. The cyber strike disabled Iranian rocket launch systems, the Washington Post said on Saturday. "They try hard, but have not car...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register The Ministry of Defence has been searching the police national fingerprint database without a “clearly defined lawful basis,” the UK’s biometrics commissioner has said. In his annual report (PDF) filed today, Paul Wiles warned that inter-government searching of databases should be properly regulated. “I continue to be very concerned about the searching by the Ministry of Defence into the police national fingerprint database without an agreed, clearly defined lawful basis.” The MoD has been using the database to check whether fingerprints taken or found during military operations abroad matched to persons known to the UK police or immigration authorities or matched crime scene fingerprints held by the police. Wiles said he has repeatedly challenged the MoD as to the legal basis...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Microsoft’s transformation into a fully paid-up member of the Linux love-train continued this week as the Windows giant sought to join the exclusive club that is the official linux-distros mailing list. The purpose of the  linux-distros  list is used by Linux distributions to privately report, coordinate, and discuss security issues yet to reach the general public;  oss-security  is there for stuff that is already out in the open or cannot wait for things to bounce around for a few days first. Sasha Levin, who describes himself as a “Linux kernel hacker” at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches,...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Comment  Iran claims that recent surges in electricity demand, leading to blackouts and brownouts, were caused by too many cryptocurrency miners’ power-hungry machines being hooked up to the national grid – though all may not be as it seems. Radio Free Europe reported that Iranian energy ministry spokesman Mostafa Rajabi blamed alt-coin miners for making the Middle Eastern nation’s electrical grid “unstable,” blaming them for a seven-per-cent jump in power demand during most of June. “Rajabi said the power for mining each Bitcoin equaled the power used by 24 residential units for an entire year,” reported RFE. The news outlet added that Iran is a hot destination for cryptocurrency mining thanks to cheap electricity and official tolerance for Bitcoin as a way of bypassing US...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them. Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America’s medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps. These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoaci...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Fresh details have emerged revealing just how deeply Chinese government hackers plundered HPE, IBM, DXC, Fujitsu, Tata, and others, stealing corporate secrets and rifling through their customers’ networks. An explosive in-depth report by Reuters today blows the lid off APT10, the infamous Beijing-backed hacking operation that was just accused of hacking mobile carriers around the world. APT10 was previously fingered for raiding corporations and organizations globally, and siphoning off blueprints and databases for President Xi’s regime. This week’s bombshell builds on last year’s revelations that a multi-year operation known as Cloud Hopper had worked its way into the internal networks at HPE and IBM, stealing corporate data and trade secr...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Analysis  The NSA illegally gathered a trove of American citizens’ phone and text message records just four months after it promised it had taken steps to literally not do that again. That’s the upshot of a document [PDF] provided to the American Civil Liberties Union (ACLU) and made public this week. The dossier was supplied by the NSA in response to a long-running legal challenge brought by the civil-rights warriors, who ultimately want Section 215 of the USA Patriot Act, which grants spying powers to Uncle Sam’s snoops via secret courts, ruled as unconstitutional. There are very few details given about the illegal data harvesting, and the vast majority of the document supplied to the ACLU following a Freedom of Information Act (FOIA) request is redacted. The fi...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Updated  Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors. “Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior,” an AMD spokesperson told  The Register  last night. “AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk.” SEV isolates guest VMs from one another and the hypervisor using encryption ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register The criminals behind the Wipro phishing attack from earlier this year also targeted Western Union, Expedia, Rackspace and a whole host of other big companies, according to threat intel outfit RiskIQ. In a report published this morning the firm said the Wipro attackers were running a much larger series of phishing campaigns, aimed at extracting cash from hapless businesses whose files had been forcibly encrypted. Indian outsourcing behemoth Wipro discovered earlier this year that its email systems had been compromised, seemingly for some time, by black hats using it as a jumping-off point to target Wipro customers. RiskIQ said it had “identified at least five distinct attack campaigns based off analysis of the actor-owned infrastructure,” having analysed “both Passive DNS and SSL cer...

New Variant of the Dridex Banking Trojan with new Obfuscation Attacks Underway, Excel Power Query can be Exploited, DHS Warns Latest Hacking News Podcast #315 on Latest Hacking News . from Latest Hacking News https://ift.tt/2NmL3dr

It has been little more than a month since the massive hacking attempt on Binance cryptocurrency exchange. Yet, the hackers Bitrue Crypto Exchange Hacked Losing Over $4.5 Million Worth Of Cryptocurrency on Latest Hacking News . from Latest Hacking News https://ift.tt/2KJwb6J

A few serious security flaws in Electronic Arts’ Origin Games could have allowed potential attackers to hijack millions of accounts. EA Origin Vulnerability Posed Risk Of Account Hijacking of 300 Million Players on Latest Hacking News . from Latest Hacking News https://ift.tt/2XE2Vo2

Government-maintained databases are genuinely alluring for criminal hackers. These resources prove to be a treasure trove of data for the Taiwan Ministry Of Civil Service Suffered Data Breach Affecting 240K Civil Servants on Latest Hacking News . from Latest Hacking News https://ift.tt/2FEwuLN

Microsoft has taken a bold and a much-needed step towards data security for their users. They have introduced a feature Microsoft Launches ‘Personal Vault’ In OneDrive For Encrypted Data Storage on Latest Hacking News . from Latest Hacking News https://ift.tt/2X4Whmt

‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked. Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks. Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies. It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks. Meanwhile, China is denying all involvement in the att...

Some security incidents remain unnoticed for so long that it becomes difficult to assess the extent of damages done as Dominion National Disclosed Data Breach That Lasted For Almost A Decade on Latest Hacking News . from Latest Hacking News https://ift.tt/2X7w9ag

It wasn’t a good day for NASA when an unidentified cyber-attacker was able to steal 500 MB of mission data, through a Raspberry Pi nanocomputer. First introduced by the charity Raspberry Pi Foundation in 2012, the Raspberry Pi is a credit-card sized device intended for the general public, young and old, beginners and amateurs. It is sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries. The Raspberry Pi organization has just announced the release of the fourth generation of its budget desktop PC, the completely re-engineered Raspberry Pi 4. The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit. The hacker infiltrated into NASA’s Jet Propulsion Laboratory network and stole sensitive data and forced the temporary disconnection of space-flight systems, the agency has revealed. Pr...

Cisco Releases Emergency Patches for Data Center Network Manager, Another Florida City Pays Ransom,  Bug in Electronic Arts Gaming Platform Latest Hacking News Podcast #314 on Latest Hacking News . from Latest Hacking News https://ift.tt/2FCTcEb

New Mac Malware OSX/Linker, Iran Says US Cyber Attacks Did Not Succeed, Microsoft Discovers New FlawedAmmyy Rat In Memory Vulnerability Latest Hacking News Podcast #313 on Latest Hacking News . from Latest Hacking News https://ift.tt/2RCdfqU

Once again, an Indian firm serving more than a million customers has inadvertently leaked huge records online. According to researchers, Indian Medicinal Firm “Jiva Ayurveda” Exposed 1.2 Million Personal Records Through an Unsecured Database on Latest Hacking News . from Latest Hacking News https://ift.tt/2X2n4zF

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results. The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps. Counterfeit apps impersonate popular apps and try ...

Spoofing Possible On FEMA US Presidential Alert System, Belgium Police Identify A Member Of Anonymous Belgium Collective, Today’s Agenda is Latest Hacking News Podcast #312 on Latest Hacking News . from Latest Hacking News https://ift.tt/2LgVf4v

Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies and advise to open the file in the attachment, where there are details about a good deal. If the user does this, the computer is infected with the so-called Troldesh virus. This malware encrypts files on the infected device and demands a ransom. Fraudsters claim that they are employees of companies and attach a password-protected archive to the letter, in which, according to them, the details of the order are indicated. But in fact, a malicious virus is attached to this email. When a victim gains access to the archive, important files are blocked in his operating system that can be opened only by paying a ransom to the fraudsters. Of course, the addresses from which the letters were sent are fake. Group-IB found out that in June more than a thousand such messages were sent to different ...

This year, the Bank of Russia checked 75 Banks for compliance with cybersecurity requirements and found all violations of the requirements. The head of the CBR Elvira Nabiullina informed about this, speaking at the II International Cybersecurity Congress (ICC). Nabiullina said, "Since last year, the Central Bank as a regulator has the authority to supervise financial institutions in terms of how they fulfill cyber security requirements. Last year we checked 58 Banks, this year - 75. Problems and violations were found in all of them." The Chairman of the Central Bank added that the problems found in Banks should not be considered critical, but they can become such over time, if not to take measures to prevent possible cybercrime. Nabiullina noted that protection from cyber risks and the level of cybersecurity in the near future will become a competitive advantage for all companies. At the same time, the main drawback is that the business processes of Banks do not incl...

A website that deals with topics of social engineering has been hacked about two week ago, and tens of thousands of data have been leaked and sold online.  The owner of the SocialEngineered.net shared a post in which he admitted that the website had been breached via a security flaw in the  MyBB software. The hacked database contains personal information of more than  55,121 users which includes their usernames, passwords, email addresses, IP addresses, and private messages. The database is available on multiple number of websites from where hackers could get access to them.  However, there is no clarity how much data the hackers were able to retrieve, but it appears that they got hold on more than this data.  One of the rival forum informed that the leak also includes  the website source code, data, and activity. SocialEngineered website moved to another platform XenForo forum to avoid a similar incident in the future.  The comp...

Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers. Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate. A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message. Why it matters: The Wireless Emergency Alert (WEA) system is meant ...

An Indian job portal accidentally leaked a huge chunk of job seekers’ as well as employers’ data publicly. As revealed, Indian Job Portal Talanton AI Exposed 1.6 Million Records With Sensitive Information on Latest Hacking News . from Latest Hacking News http://bit.ly/2Nc5Lg0

Hackers have breached into the systems of more than a dozen global telecommunications companies and have to hold on a large amount of personal as well as corporate data, researchers from a cybersecurity company said on Tuesday. Security researchers from a cybersecurity firm Cybereason, which is a collaboration of US-Israel, said that the attackers compromised companies in more than 30 countries.  The main aim behind this espionage is to gather information about individuals who are working in government, law enforcement and politics. The group is linked to a Chinese cyber-espionage campaign. The tools used by hackers were similar to other attacks which were carried out by Beijing, but the country denied of involvement in any kind of mischievous activity.  Lior Div, chief executive of Cybereason. “For this level of sophistication, it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters. Cybereason sai...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation,  The Register  has learned. This espionage campaign is still ongoing, it is claimed. Cyber-spy hunters at US security firm Cybereason told  El Reg  on Monday the miscreants responsible for the intrusions were, judging from their malware and skills, either part of the infamous Beijing-backed hacking crew dubbed APT10 – or someone operating just like them, perhaps deliberately so. Whoever it was, the snoops apparently spent the past two or more years inside ten-plus cellphone networks dotted around the planet. In some cases, we’re told, the hackers were able to de...