Cyber Security News

The personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available. A few hours later, the site administrator who published the data closed access to it, but this did not prevent their further distribution. The Russian Railways announced the beginning of the inspection. Note that according to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people, thus, in the public domain were full names, addresses, Individual insurance account number (SNILS), phones and even photos of 96% of employees. However, the representative of Russian Railways assured that the personal data of the passengers were not stolen: "The Ticket Sales System has the protection of personal data of a high degree of reliability.” The founder and technical director of the company DeviceLock, specializing in the prevention of data leakage from corporate computers, Ashot Hovhannisyan on Tuesday, August...

A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on trends including SIM-swapping attacks. The UK's Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced at Norwich Crown Court on Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order. In April 2018, a routine visit was conducted to Gunton's home with respect to the Sexual Harm Prevention Order that was imposed in 2016 for past offenses. During the inspection, law enforcement found software which indicated the teenager may be involved in cybercrime, and the further investigation of a laptop belonging to Gunton and seized by police revealed that he had been offering himself as a provider of hacking services. Specifically, Gunton offered to supply stolen personal information to those that hired him. This information, whic...

Apple has never shied away from boasting about how secure its systems are, but researchers have found that contacts saved on iPhones are vulnerable to an SQLite hack attack which could infect the devices with malware. SQLite - the most widespread database engine in the world - is available in every operating system (OS), desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite. Security firm Check Point has demonstrated a technique being used to manipulate Apple's iOS Contacts app. Searching the Contacts app under these circumstances triggers the device to run malicious codes, Apple Insider reported on Saturday. The vulnerability has been identified in the industry-standard SQLite database. Documented in a 4,000-word report, the company's hack involved replacing one part of Apple's Contacts app and while apps and any executable code has to go through Apple's startup checks, an SQLite database is not exe...

Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites. The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands. Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits. The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner. The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users. The particular series of attack stands out as m...

A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency. Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos. A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier". The confiscation order was made during a hearing at Southwark Crown Court. West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers. He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts. West, of Ashcroft Caravan Park, was jailed in May at Southwark Crown Court for 10 years and eight months. Detectives had discovered evidence of West conducting cyber attacks on the websites of ...

An old Android app stealthily targeted a Millions of Android users. As discovered by the researchers, CamScanner, an app that Old Android App CamScanner With 100M Downloads Starts Delivering Malware on Latest Hacking News . from Latest Hacking News https://ift.tt/2L7vEKP

Reportedly, a VM escape vulnerability exists in QEMU – an open source hardware virtualization emulator. The flaw, upon exploit, could VM Escape Vulnerability Discovered In QEMU (Quick Emulator) Which Allowed For Code Execution on Latest Hacking News . from Latest Hacking News https://ift.tt/2L7npyo

Over the last few days, a video of a cautious user who spotted a device to read debit card data at a Canara Bank ATM in New Delhi is being circulated widely. The video was shared by a Twitter user @rose_k01. Canara Bank was quick to address the issue, as it responded by ensuring there was no breach of sensitive user data. "It has come to our notice that a video is being circulated on an attempted fraud on one of our ATMs by installing a skimming device. This attempt, which was made in one of our ATMs in Delhi, was found out immediately and the devices were removed expeditiously. Thus no data compromise has happened. We have closed down this particular ATM pending completion of police investigation," Canara Bank said in a tweet. “We, at Canara Bank take strict measures to safeguard our customers. We immediately located and removed the skimmer from Gowtami Nagar, Delhi ATM," the public sector bank added. The bank further informed through the same tweet that no data has...

A serious vulnerability was discovered in the Check Point Software that could allow an attacker elevate privileges and execute arbitrary A Privilege Escalation Vulnerability Discovered In Check Point’s Endpoint Security on Latest Hacking News . from Latest Hacking News https://ift.tt/2MLIgsT

Imperva, a leading security vendor, disclosed a security breach which exposed API keys, SSL certificates, scrambled passwords and email addresses for a subset of its customers using the Cloud Web Application Firewall (WAF) product. Previously known as, Incapsula, the Cloud WAF examines the incoming requests into applications and obstructs any kind of malicious activity. The breach was made known to the California based firm by a third party on August 20 and the details of the disclosure and yet to be made public. In conversation with the Threatpost, Chris Morales, Head of Security Analytics at Vectra, said, “Losing SSL certificates and API access to an enterprise network is concerning. Secure web gateways, firewalls, intrusion detection, and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI,” “While we often point to lack of maturity of security operations or misconfiguration of cloud systems as ...

One former senior foreign policy official in the Obama administration received messages from someone on LinkedIn offering to fly him to China and connect him with “well paid” opportunities. A former Danish Foreign Ministry official got LinkedIn messages from someone appearing to be a woman at a Chinese headhunting firm wanting to meet in Beijing. Three middle-aged men showed up instead and said they could help the former official gain “great access to the Chinese system.” A former Obama White House official and career diplomat was befriended on LinkedIn by a person who claimed to be a research fellow at the California Institute of Technology, with a profile page showing connections to White House aides and ambassadors. No such fellow exists. Foreign agents are exploiting social media to try to recruit assets, with LinkedIn as a prime hunting ground, Western counterintelligence officials say. Intelligence agencies in the United States, Britain, Germany and France have issued wa...

The company is totally out of line and distributes its malicious scripts through CDN, which allows it to receive information about any customer actions. In the 21st century, it is becoming increasingly difficult to keep your personal data safe. Now providers began to get into the personal territory of Internet users. Earlier, another Russian Telecom company Beeline was noticed in violation of confidentiality, which distributed spam ads directly on websites using the virus. Recently it was found out that Tele2 is monitoring subscribers using a dangerous script. The company gets access to the data due to the mass implementation of scripts via CDN. Clients of the operator did not even suspect that they were being watched The script, which Tele2 worked hard to distribute. It was designed to display additional advertising on the site, and also with its help, it is possible to calculate keywords for the formation of targeted advertising. The provider managed to do this using HTTP l...

Whilst you would expect cybersecurity and IT firms to serve customers with adequate online security measures. However, these firms themselves Imperva Disclosed Security Breach That Affected Cloud WAF Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2UfgQN1

Owners of older Lenovo laptops need to uninstall the Lenovo Solution Center as soon as possible.  Security researchers at Pen Test Partners found a critical vulnerability in the Lenovo Solution Center that could hand admin privileges over to hackers or malware. According to Pen Test Partners, the flaw is a discretionary access control list (DACL) overwrite, which means a low-privileged user can sneak into a sensitive file by exploiting a high-privileged process. This is an example of a "privileged escalation" attack in which a bug can be used to gain access to resources that are normally only accessible to admins. In this case, an attacker could write a pseudo-file (called a hard link file) that, when run by Lenovo Solution Center, would access sensitive files it otherwise shouldn't be allowed to reach. From there, damaging code could be executed on the system with administrator or system privileges, which is basically game over, as Pen Test Partners notes. Leno...

Last week, a researcher discovered a jailbreaking vulnerability in iOS 12.4 that Apple accidentally unpatched. The vulnerability allowed jailbreaking many Apple Released iOS 12.4.1 and Fixed An iPhone Jailbreak Vulnerability on Latest Hacking News . from Latest Hacking News https://ift.tt/2L31DMg

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Brit retailer Dixons has lashed back at McAfee’s £30m High Court broadside, saying it was entitled to promote rival antivirus (AV) tech from Symantec if McAfee’s software wouldn’t work on Windows 10S devices. Not only was McAfee trying to punt AV onto devices it simply wouldn’t run on, Dixons argued in legal filings seen by  The Register , but it also suggested making Dixons’ “Team Knowhow” staff manually install “numerous free apps (including Truekey and Web Advisor)” on customers’ new hardware while it raced to build something that would work with Windows 10S. This was “not viable”, said Dixons. Although the two companies had been in talks since late 2018 about how “the lack of a McAfee Security Software product compatible with 10S” meant that Dixons’ customers were “generally bein...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register An Android PDF maker with more than 100 million downloads from the official Play Store has been caught silently installing malware on victims’ phones. Kaspersky’s eggheads Igor Golovin and Anton Kivva claim CamScanner, an application that turns images into PDFs to share and edit, contains a library that quietly fetches and runs spyware and other software nasties. According to the pair on Tuesday, the trojan, known as Necro.n, was most likely snuck into the app under the guise of an advertising package. Golovin and Kivva suggested the developers of CamScanner may not even be aware of the lurking nasty, though the duo say that the malicious code has been present and doing its thing long enough to draw a number of complaints in the reviews section of the Play store. “After analyzi...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register NATO’s secretary-general has once again declared that members of the alliance will respond with force to cyber-attacks, in line with Article 5 of its founding treaty. Jens Stoltenberg, the North American and western/northern Europe alliance’s main man, wrote in the latest issue of Prospect magazine that “an attack against one ally” would trigger action from every member of the collective-defence grouping. “For NATO, a serious cyberattack could trigger Article 5 of our founding treaty,” wrote the secretary-general. “We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea. This means we will deter and defend against any aggression towards allies, whether it takes place in the physical w...

Last month, a researcher elaborated how exploiting a flaw could allow hacking any Instagram account within 10 minutes. Once again, Instagram Vulnerability Discovered That Could Allow Hacking of Over 1 Million Users Accounts on Latest Hacking News . from Latest Hacking News https://ift.tt/2Pj5IA7

Here comes a problem for job seekers and recruiters. The attackers are now targeting organizations by impersonating job seeker applications. Attackers Target Company Recruitment Processes With Phoney Job Applications Loaded With Quasar RAT on Latest Hacking News . from Latest Hacking News https://ift.tt/2ND5f99

Continuing the trail of data breaches now joins the web hosting company Hostinger. As revealed by the firm itself, Hostinger Hostinger Warns Security Breach Might Have Affected 14 Million Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2UamiRy

WordPress plugins have once again made it on the hitlist for cybercriminals. These attacks are clearly using plugins to execute Numerous WordPress Plugins Under Exploit To Direct Traffic To Malicious Websites on Latest Hacking News . from Latest Hacking News https://ift.tt/2L0w6dy

An astronaut in NASA has been accused of alleged hacking from space. According to the reports NASA is investigating an accusation that an astronaut has accessed a bank account that belonged to estranged spouse, If the reports are found to be true it will be the first case of cybercrime from  home planet. The New York Times reports, Anne McClain, is a former U.S army pilot who flew around 800combat hours during Iraq war has been accused of stealing identity and accessing private financial funds. According to the details Summer Worden, estranged spouse of Anne , accused Anne of accessing her bank credentials.After Summer contacted the bank for details of the location used to login into the account, bank found out that the credentials that were used was registered with NASA. During the hacking event McClain was at the International Space Station, due to be part of the ill-fated all female spacewalk, putting all the clues together Worden concluded that Anne McClain was the hac...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register With Windows 7’s official retirement less than five months away, Redmond is offering some business customers a way to squeeze a bit more life out of the beloved OS. A recently unearthed provision in the Windows 7 and Office 2010 end of support FAQ notes that companies running Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, and Government E5 plans will be able to receive their first year of patch support for Windows 7 free of charge. The idea, says Microsoft, is to allow businesses a bit more time to iron out their plans for migrating to Windows 10 from Windows 7 when official support for the later ends on January 14th, 2020. “Starting June 1st, EA and EAS customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microso...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Apple has issued an update to address a potentially serious security flaw it re-opened in the latest version of iOS. Monday’s iOS 12.4.1 update contains a single fix: a patch to address CVE-2019-8605. The use-after-free vulnerability would let an application gain the ability to execute arbitrary code with system privileges. Credit for discovering the flaw was given to Ned Williamson from Google’s Project Zero team, who reported the flaw to Cupertino back in March. This is not the first time Apple has had to patch CVE-2019-8605. The vulnerability was first addressed with the iOS 12.3 update in May of this year. Users running iOS 12.2 had been using the vulnerability as the catalyst for jailbreak procedures that allow users to install and run non-approved software on their iPhones...

The Estonian Information System Authority (RIA) signed a cyber security cooperation agreement with India last Wednesday. In accordance with the new Agreement, the parties will provide security in the field of cyberspace with doubled efficiency. The Ministry of Electronics and Information Technology of India agreed on the Agreement and Margus Noormaa, the Head of Estonian RIA (Information System Authority), endorsed it. The contract involves the exchange of operational information, conducting special consultations, as well as providing extensive assistance to the parties and communication with experts and specialists in addressing the complex issues. It is worth noting that on August 21, Vice-President of India Muppavarapu Venkaiah Naidu, who is visiting Estonia, met with the Head of the Estonian Government Juri Ratas. "I am very pleased that the relations between Estonia and India have become closer in recent years. For example, interest in Estonia has been noticeably...

Heads up Fortnite players! Here’s some ransomware coming your way! Disguised as a Fortnite hack tool, the Syrk ransomware is Fortnite Users Targeted With Syrk Ransomware With Guise Of A Hack Tool on Latest Hacking News . from Latest Hacking News https://ift.tt/2zt1mvb

Phishing scams are not always aimed at stealing users’ credentials. Rather the attackers also phish users to deliver malware and IRS Issues Alert For Phishing Scam Targeting Taxpayers on Latest Hacking News . from Latest Hacking News https://ift.tt/33WV6dk

Frequent data breaches have made it a mess for users to set up unique login credentials for an account. However, Google Chrome To Alert Users Of Breached Passwords Via Built-In Browser Feature on Latest Hacking News . from Latest Hacking News https://ift.tt/2LcQ9nY

The cybercriminals who attacked multiple Texas local governments with file-encrypting malware via compromising service provider's network. The attackers demanded a ransom of $2.5 million for decrypting the entire local government files, the mayor of a municipality says. The Department of Information Resources (DIR) has announced that a total of 22 victims has been established, while all of them were attacked by a single party. However, the names of all the victim municipalities have not been disclosed, whereas two municipalities have announced the hit publicly. In a statement released by the city of Borger, "Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack. No further information about the origins of the attack will be released until the completion of the investigation," Keene is another city affected by this ra...

Lenovo devices have a years-old security flaw that remained unpatched until recently. As revealed, the preinstalled Lenovo software ‘Lenovo Solutions High-Severity Vulnerability Discovered In Pre-Installed Software on Lenovo Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/2ZsTzMx

GitHub has taken another step towards enhancing its security features. As announced recently, the popular developers’ platform GitHub is now GitHub Revamps 2FA With WebAuthn Support For Security Keys on Latest Hacking News . from Latest Hacking News https://ift.tt/2NxVcCh

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Crown Sterling, a Newport Beach, California-based biz that calls itself “a leading digital cryptographic firm,” is suing UBM, the UK-based owner of the Black Hat USA conference, in America for allegedly violating its sponsorship agreement. The complaint [PDF], filed late last week in a New York district court, blames the conference organizers for allowing Black Hat attendees to disrupt Crown Sterling’s talk about supposedly disruptive cryptographic technology – a presentation Crown Sterling paid $115,000 to present to hackers. The heckling then spilled online. “This small group of detractors used this staged ‘event’ to initiate a smear campaign on social media during the conference and immediately after,” the complaint stated. “In that campaign, these detractors defamed Crown St...

European unit of MasterCard Inc.’ has formally informed  Belgian and German's Data Protection regulators about a data breach from the company's Priceless Specials loyalty program. Customers data are available on the internet include, names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. The card company alerted the watchdog about the breach on Aug. 19 and said the episode would have affected thousands of people, “a significant portion” of them would be from Germany. After the discovery of data leak, Mastercard suspended Priceless Specials Germany and took down its website. The message posted on the website says:  "This issue has no connection to MasterCard's payment network." "We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely t...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL’d the vulnerable monitoring software before its final version was released. The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufacturer’s laptops and other devices, and requires Windows to run. If you removed the app, or blew it away with a Linux install, say, you’re safe right now. “The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register A hacker from Kent, England, has handed over almost a million quid in Bitcoin following a lengthy police investigation. Grant West, 27, of Ashcroft Caravan Park, Sheerness, made most of the money through phishing scams targeting companies and individuals around the world since 2015. He sold financial details on and stashed the resulting Bitcoin in a variety of accounts and wallets. West used the pseudonym Courvoisier and scammed more than 100 companies. The Bitcoin will be sold and the proceeds returned to victims, the Metropolitan Police Service (MPS) said in a statement. West was jailed on 25 May for 10 years and eight months, having been arrested and charged in September 2017. The confiscation order for £922,978.14 was granted today and was not contested by West. The lengthy inv...