Cyber Security News

The popular video platform Vimeo is now in hot water for breaching users’ privacy. Vimeo faces a class-action lawsuit for Vimeo Faces Class-Action Lawsuit Over Unconsented Storage Of Users’ Biometric Data on Latest Hacking News . from Latest Hacking News https://ift.tt/2mpF3nu

Once again, Google’s Play Store has made it into the news following the existence of apps that overcharge users for Researchers Highlight “Fleeceware” Android Apps That Aim to Overcharge Users on Latest Hacking News . from Latest Hacking News https://ift.tt/2miHZlF

Using third-party keyboards on your iPhone is something of a normality for many iOS users. However, it could be troublesome Apple Patched An iOS 13.1 Bug That Granted ‘Full Access’ To Third-Party Keyboards on Latest Hacking News . from Latest Hacking News https://ift.tt/2mZ0GLD

The Russian Banking Community has found a way to legalise cryptocurrencies. To do this, it is necessary to legally recognise the mining of digital money as an analogy of the occupation of property or treasure. "Legally, it could be argued that the first owner of the cryptocurrency "found them", because the receipt from an anonymous system can be conditionally considered a finding,”— EhakingNews quoted the ARB report on «The Concept of Decentralized Cryptocurrency Turnover». Discussion of this document is scheduled for 8 October. However, the acquirer of digital money does not just seize or find them as a ready-made object. Cryptocurrency arises as a result of mining, that is, human activity. In fact, he creates it himself, explained Anatoly Kozlachkov, the author of the report, Vice-President of ARB. Based on this, cryptocurrency can be introduced into Russian law as “newly created” (includes property independently produced by a citizen). Then it can be used i...

The online food delivery service DoorDash has recently confessed to a data breach targeting millions. As revealed, the company  suffered DoorDash Confirmed Data Breach Affecting 4.9 Million Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/2mSuDwG

Last week, around 46 apps by a Chinese developer, iHandy were taken down by Google from its Play Store. Initially, Google declined to provide reasons for the sudden removal of various security, horoscope, selfie, health and antivirus related apps which were downloaded over millions of times. However, a total of eight apps were still present on Google’s Play Store, until three more were taken down, as per a Buzzfeed report. The Chinese company, established in the year 2008, claims to have almost 180 million monthly active users in more than 200 countries across the globe. Currently going through investigations, iHandy is one of the world’s largest mobile application developers. In a conversation with Buzzfeed, iHandy VP Simon Zhu, while expressing how they found Google’s takedown quite unexpected, said “It is an unexpected action from our point of view. We are trying to find out the reasons. Hope the apps will be back to Play Store as soon as possible.” Notably, Google has take...

Telecom major Airtel exposes a major SIM-swapping racket that could hijack users' premium numbers and enable the hackers to commit online banking fraud via fake Aadhaar cards. The complaint filed by Stanely Agenlo, head of facilities, Bharti Airtel, on September 19 reads, ""It has come to Airtel's notice that the Point of Sale have (sic) involved in fraudulent SIM swap of the mobile numbers by forging Proof of Address/Proof of Identity documents of the original customers..." 18 mobile numbers were identified by Airtel in a complaint to the Cyber Crime Police, CID, Bengaluru, where SIM cards were swapped by its retail agents utilizing the 'forged' Aadhaar papers from January 1 to September 19 this year. The sham was exposed when customers called Airtel helplines saying their numbers had ceased to working all of a sudden and their SIM cards referred to be related to certain 'fancy' numbers ending with digits like 12345, 77777, 33333 and 000...

Previously, E Hacking News reported on the Simjacker vulnerability, which allows to monitor the owners of the phones. Simjacker is the first real attack where the malicious instructions are sent directly in the SMS message. Interestingly, messages are not stored in either inbox or outbox, so everything happens completely unnoticed by the victim. According to the researchers, attackers can exploit the vulnerability regardless of the brand of the user's device. A similar vulnerability was recorded on devices of many manufacturers, including Apple, Samsung, Google, HUAWEI and others. According to Adaptive Mobile Security experts, the vulnerability has been exploited for at least two years by highly sophisticated cyber criminals (most likely working for the government) to spy on users. Ginno Security Lab experts claim they identified similar kind of vulnerabilities in 2015 and this is the first time they are publishing the details. Adaptive Mobile Security said that every...

Cybercriminals have recently been targeting U.S. Veterans. As discovered by researchers, the hackers tend to entice U.S Veterans with a Hackers Target U.S Veterans With Malicious Employment Website on Latest Hacking News . from Latest Hacking News https://ift.tt/2m61VIu

Smart home products designed by Nest such as smart cameras, smart displays, smart thermostats, and smart doorbells to make our lives more comfortable and safe, may not be all that safe according to a horrifying incident reported by a Milwaukee, Wisconsin based couple, Samantha and Lamont Westmoreland.  After a hacker hacked into the couple’s home and took control of their gadgets, Samantha said, "It's (installation of gadgets) supposed to make me feel safe, and I didn't feel safe", "My heart was racing, I felt so violated at that point." As per a report by Fox 6 News, on September 17th, Samantha returned home in which she has Nest camera, a doorbell and a thermostat installed, and found the atmosphere unreasonably warmer, she immediately noticed that her smart thermostat has risen up to 32 degrees Celsius (90 degrees Fahrenheit). Initially, she assumed it to be a glitch and set it back to the room temperature, but it kept on going up after every tim...

Heads up Instagram users! Here is another scam preying on your accounts. As discovered by researchers, a new Instagram phishing New Instagram Phishing Attack Tricks Users With Fake Copyright Infringement Alerts on Latest Hacking News . from Latest Hacking News https://ift.tt/2lR4eiB

We already have witnessed the innovativeness of criminal hackers in exploiting various services to bait users. From regular email phishing Scammers Exploit Google Alerts To Trick Users on Latest Hacking News . from Latest Hacking News https://ift.tt/2llWpkw

Rosh HaAyin, ISRAEL — Cybersecurity firm odix recently secured a €2 million grant from the European Commission (EC) to bring European Commission Awards Odix €2M to Deliver their proven ransomware protection technology to SMEs on Latest Hacking News . from Latest Hacking News https://ift.tt/2ny7bFb

SOX — the Sarbanes–Oxley Act — is public legislation in the US that helps “to protect investors by improving the How does SOX Compliance Benefit your Organization? on Latest Hacking News . from Latest Hacking News https://ift.tt/2nvuDD0

The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roscomnadzor) started testing the equipment for implementation of the law on the isolation of Runet. The pilot project is planned to be completed by mid-October. According to the head of Roskomnadzor Alexander Zharov, all major mobile operators in Russia have joined the Roskomnadzor project for testing the equipment and now the equipment is being installed. Zharov said that the experiment will be carried out on the equipment of the manufacturer that has already passed all the tests. Now there is an experiment with two more manufacturers, he added. According to Zharov, among them is company RDP.ru. It is interesting to note that the development of the company RDP.ru was recognized as the most effective in the tests of blocking the Telegram messenger . "We will be testing it for several weeks from the end of September," Zharov said. According to him, the experiment will not b...

With the Saudi government and U.S. intelligence authorities accusing Iran, and Iran accusing the Yemeni rebels, the most recent attack against Saudi Aramco has damaged the world's biggest oil producer and deferred oil production, roiling oil and gas markets. As of late, Iran has indeed deployed dangerous computer viruses against Saudi Arabia and these attacks have now marked a somewhat "real-world" continuation of this long-stewing cyber war between the two nations, by and by overflowed into other global powers. Nicholas Hayden, the global head of threat intelligence for cyber intelligence company Anomali, who has served as a cyber-security operator in the electrical sector says that, “There hasn’t been a discernible increase in cyber-attack activity in the region yet but while nothing is standing out right now in the region, there’s a good chance that there are nation-state actors involved, ” Iran has been notably known for increasing cyber-attacks when it clas...

Although, the existence of malicious applications on the Android Play Store isn’t anything new. Researchers have now discovered how these Malicious Android Apps Reach Play Store As They Evade Google Play Protect on Latest Hacking News . from Latest Hacking News https://ift.tt/2mBs0ij

Microsoft has urgently patched two security vulnerabilities, one of which is an actively exploited zero-day. Urgently Patched Microsoft Zero-Day Microsoft Microsoft Urgently Patched Two Vulnerabilities Including A Zero-Day on Latest Hacking News . from Latest Hacking News https://ift.tt/2lkZG3P

A serious security bug has been discovered in Forcepoint VPN Client for Windows. According to researchers, the bug, upon an Bug In Forcepoint VPN Client Could Trigger Privilege Escalation Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/2luzELo

The existence of malicious apps on the Android Play Store is now becoming the new normal. Though, not desirable. Still, Google Removed Numerous Android Apps Delivering Adware From The Play Store on Latest Hacking News . from Latest Hacking News https://ift.tt/2lsYrPY

Abusing Microsofts login page is becoming increasingly popular among scammers. We have recently heard of numerous phishing scams exploiting Microsoft This Microsoft Phishing Campaign Is Easy To Fend Off As Attackers Steal Credentials Via Email on Latest Hacking News . from Latest Hacking News https://ift.tt/2mqrpQy

Following Google, the other tech giant Microsoft also seems busy making privacy updates in its browser. As revealed recently, Microsoft Microsoft Edge Will Soon Allow Users to Block ‘Potentially Unwanted Apps’ on Latest Hacking News . from Latest Hacking News https://ift.tt/2mQOD2t

According to statistics, WordPress accounted for 90% of hacked CMS sites in 2018. WordPress is a favorite for website owners, Top Reasons Why WordPress Sites Get Hacked on Latest Hacking News . from Latest Hacking News https://ift.tt/2mkGtzc

Ad blocker add-ons can also cause trouble to users. Recently, Google has busted two ad blockers from Chrome for ‘cookie Google Removed Otherwise Functional Chrome Ad Blockers For Cookie Stuffing on Latest Hacking News . from Latest Hacking News https://ift.tt/2mQ5xhP

Now podcasting is becoming more and more common in the world, radio is a thing of the past, so a startup called Descript is becoming popular. Descript is a podcast creation tool that allows people to magically create audio of their own voices based on the text they type. Descript, the latest startup from Groupon founder Andrew Mason, has raised $15 million in funding to expand the business from venture funds Andreessen Horowitz and Redpoint Venture. At the same time, the company bought a small Canadian Startup Lyrebird, which allows as well as Descript to voice text and copy voice. Lyrebird has been developing technologies to copy the user's voice based on existing recordings using artificial intelligence. It also allowed to voice the text using a prerecorded voice sample. After the purchase of Lyrebird, the creators of Descript announced the start of beta testing of the Overdub feature. With its help, users can create templates of their voices and voice the text printed i...

The online developer education site Thinkful turns out to be the latest victim of a cyber attack. As confessed by Online Education Platform Thinkful Resets Passwords Following Security Breach on Latest Hacking News . from Latest Hacking News https://ift.tt/2kFzPTN

Researchers have discovered a security vulnerability in Harbor cloud native registry. As revealed, a critical bug existed in Harbor container Critical Privilege Escalation Vulnerability Existed In Harbor Registry on Latest Hacking News . from Latest Hacking News https://ift.tt/2l2BmDu

The Trusted Aircraft Information Download Station could have been shut down entirely due to a host of flaws discovered by hackers who were challenged to detect vulnerabilities in a system of a U.S military fighter jet known as F-15. It was unprecedented in the history of the tech world that outside researchers were given physical access to such critical machinery, and were asked to detect vulnerabilities. It was a matter of two days for a group of 7 hackers to come up with a number of exploits which included bugs that were identified by the Air Force itself but they couldn't fix it, according to the Washington Post. Hackers put the system through numerous attacks which included subjecting it to malware and testing with objects like screwdrivers and pliers, reported the DEF CON 27. In the context of the vulnerabilities exploited by the hackers, Roper Technologies attributed, “decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force pri...

Google Calendar is a wonderful feature by Google with regards to defining events. However, misconfiguring Google Calendar settings can reveal Misconfiguring Google Calendar Reveals Calendar Events Publicly on Latest Hacking News . from Latest Hacking News https://ift.tt/2m538iS

Dolos Cloak- Automated 802.1x Bypass Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The script is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the victim device off the network. It was designed to run on an Odroid C2 running Kali ARM and requires two external USB ethernet dongles. It should be possible to run the script on other hardware and distros but it has only been tested on an Odroid C2 thus far. How it Works Dolos Cloak uses iptables, arptables, and ebtables NAT rules in order to spoof the MAC and IP addresses of a trusted network device and blend in with regular network traffic. On boot, the script disallows any outbound network traffic from leaving the Odroid in order to hide the MAC addresses of its network interfaces. Next, the script creates a bridge interface and adds th...

Hacker, who has been in the pretrial detention center for the fifth year, made a statement to the head of the Investigative Committee of Russia. He insists that his case was fabricated with the participation of a Kaspersky Lab convicted of high treason along with FSB officers. Russian hacker Dmitry Popelysh, accused of stealing money from the accounts of Sberbank and VTB together with his twin brother Eugene, said that he sent a complaint to the head of the Russian Investigative Committee. According to the hacker, the criminal case against him and his twin brother was fabricated. The hacker said that ex-employee of Kaspersky Lab Stoyanov blackmailed and threatened him. Later, he demanded that brothers Popelysh provide technical support to some servers. It is reported that mentions of an unknown employee who forced the hackers to commit hacks is in the surrender of Popelysh for 2015. However, this information was not verified by the investigation. Previously, Stoyanov was th...

After the Cambridge Analytica fiasco, Facebook started a thorough investigation and scrutiny of all applications. The goal was to single Facebook Suspends ‘Tens Of Thousands’ Of Apps For Data Hoarding on Latest Hacking News . from Latest Hacking News https://ift.tt/2M7IsQD

In 2018, Google broke headlines for tracking its users location even after they disabled the sharing of location history via their privacy settings. There were complaints against the company, stating, "Google represented that a user ‘can turn off Location History at any time. With Location History off, the places you go are no longer stored.’ This simply was not true." In the wake of receiving intense criticism over location history, Google came up with necessary adjustments which now allow users to stop the tech giant from tracking them, except for the applications in which location data is of utmost importance such as Waze and Google Maps. In an attempt to make Google Maps even more secure and trustworthy, the company added enhanced security features related to location privacy in Android 10; to further better the services and regain the lost user trust, Google is planning to add Incognito Mode to Google Maps and the feature is said to be in testing. Users can a...

Phishing attacks do not always involve emails or web links. Sometimes, the attackers also leverage the SMS facility to trick Police Warn Of Scammers Targeting Venmo Users Via Malicious SMS on Latest Hacking News . from Latest Hacking News https://ift.tt/30cFlzQ

International company Group-IB, which specializes in the prevention of cyber attacks, has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000). FANTA belongs to the Flexnet malware family, which is known to experts since 2015 and studied in detail. The Trojan and its associated infrastructure are constantly evolving: attackers are developing more effective distribution schemes, adding new functionality to more effectively steal money from infected devices and bypass security measures. According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito. Attackers find contact details of sellers in a network, and after a while the victim receives personalised SMS about the transfe...

In the murky realm of hacking and jacking, cybercriminals are now using a primitive method for attacking users. Reportedly, researchers Simjacker is Being Actively Exploited in The Wild To Steal Location Data on Latest Hacking News . from Latest Hacking News https://ift.tt/34TYqX0

Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands. The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device. To ensure a proper execution of these instructions, Simjacker exploits the S@T Browser, which is a software found in SIM cards. After receiving the 'attack SMS', SIM card resorts to the S@T Browser library for setting up the execution friendly environment which can trigger logic on the infected device. S@T Browser, a legacy browser technology placed inside the SIM cards on a number of h...

Kraken, the world’s oldest crypto-currency exchange medium recently revealed that a bug allegedly allowed specific customers to purchase and then resell $8,000 worth Bitcoin for $12,000. It was mentioned on Twitter that the bug was found in an “unreleased advanced order type”. The bug caused the orders to automatically execute without having cleared the requisite liquidity and stop orders were immediately activated and filled at market rate. The victims of this incident were strongly advised to submit “support tickets” with their questions. Nevertheless, the exchange was vehemently condemned. Kraken’s CEO in response tweeted that he’s not sure how a “legitimate” trade takes place for pricing reasons or at least what boundaries it exists within. The charts tell the story that a few over-fortunate traders quickly bought for a low price and sold for a fairly higher amount but the tweets tell another story. from E Hacking News - Latest Hacker News and IT Security News htt...

Communicate on Telegram is safer than on WhatsApp, said Dmitry Peskov, the special representative of the President of the Russian Federation on digital and technological development. Recall that on September 16, Edward Snowden, a former employee of the US National Security Agency (NSA), who was granted asylum in Russia, said in an interview with a French radio station that senior officials should not use the WhatsApp messenger due to the low level of encryption. However, he added, both WhatsApp and Telegram are better than SMS or other unencrypted messages. According to Peskov, Telegram messenger is superior to WhatsApp in terms of security, although there are no means of communication that guarantee absolute security. "Absolutely safe means of communication does not exist. Until we made a quantum messenger, there are no safe means, " Peskov said. Peskov also said that there is no ready-made solution for the domestic messenger for civil servants in Russia, however,...

BoomER is a Command-line interface python open-source framework fully developed in Python 3.X for post-exploitation of targets with the objective BoomER | An Open Source Post-Exploitation Tool To Exploit Local Vulnerabilities on Latest Hacking News . from Latest Hacking News https://ift.tt/2LXzYvd

Researchers have spotted numerous vulnerabilities affecting Systems Applications and Products (SAP) web applications. The flaws for which are all critical Team Swascan Discovered Critical Vulnerabilities In Numerous SAP Applications on Latest Hacking News . from Latest Hacking News https://ift.tt/2Oe6D2i

More malware has made it to the news that is aimed toward cryptocurrency. Dubbed as InnfiRAT, the malware resembles usual InnfiRAT Malware Is All Set To Steal Cryptocurrency Wallet Information on Latest Hacking News . from Latest Hacking News https://ift.tt/30ohEkb

A new strain of Linux malware has been discovered by security researchers, which is configured to carry out a multitude of malicious activities besides just illegally mining cryptocurrency; by using a "secret master password" it provides hackers the universal access to the system. Skidmap, Linux malware demonstrates the increased convolutions in Cryptocurrency mining malware and prevalence of the corresponding threats. In order to carry out its cryptocurrency mining in disguise, Skidmap forges CPU-related statistics and network traffic, according to TrendMicro's recent blog on the subject. Highlighting the advanced methods used by Skidmap, researchers at TrendMicro said, "Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits — given their capability to overwrite or modify parts of the kernel — makes it harder to clean compared to other malware." “Cryptocurrency-mining threat...

LastPass is a popular password manager that has earned credibility owing to its efficiency. Nonetheless, like any other software, it LastPass Vulnerability Leaked Login Credentials – Update Now! on Latest Hacking News . from Latest Hacking News https://ift.tt/2Lxz9KF

A researcher discovered a vulnerability in Uber API app that could allow an adversary to take over users’ accounts. Exploiting Critical Vulnerability Discovered In The Uber App That Could Allow Account Takeovers on Latest Hacking News . from Latest Hacking News https://ift.tt/2LU25LV

It would seem that Facebooks’ Instagram frequently makes it to the news due to its security glitches. Recently, a researcher Instagram Flaw That Could Have Previously Exposed User Data Now Patched on Latest Hacking News . from Latest Hacking News https://ift.tt/2NjHF1U

After the launch of iOS 12, a researcher discovered back-to-back lock screen bypass flaws in the system exploiting various features. An iOS 13 Bug Exposes Device Contacts While Exploiting FaceTime Call on Latest Hacking News . from Latest Hacking News https://ift.tt/2UWTiwK

Telegram is one of the most-trusted apps when it comes to private messaging. Therefore, any security or privacy bug arising A Serious Privacy Bug In Telegram Could Allow Retrieval of Media From Deleted Messages on Latest Hacking News . from Latest Hacking News https://ift.tt/2I9jIWO

Google has been tightening up its security checks for applications on the Play Store for quite a while. Yet, these Hundreds Of Android Flashlight Apps Demand Unnecessary Permissions on Latest Hacking News . from Latest Hacking News https://ift.tt/2I9qsnY

On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security. This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards. The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc. Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks. ...

Cyber security experts proved they can hack into Zwift and boost their performance on the indoor cycling gaming platform. The hack works by intercepting and manipulating data sent between smart trainers and Zwift. It underscores the need to tighten security in e-racing, a growing field with UCI-sanctioned events and Olympic ambitions. By his own admission, cyber security consultant Brad Dixon is a bit of a cycling hack. He rides his bike for fitness and recreation, but he’s better at cracking computer codes than cranking out pro-level wattage on two wheels. Dixon’s lack of high-end fitness might keep him off the podium IRL, but his ability to game virtual reality could help him rise through the ranks in the ever-growing arena of e-sports, where cyclists compete, often for actual cash and real-world prizes, on stationary trainers via platforms like Zwift. Last month, Dixon gave a 40-minute presentation at DEF CON, a popular computer security conference, called Cheating in e...

The interface designed for the usage of cell carriers is being exploited heavily by attackers. It allows the cell carriers to get in direct touch with the SIM cards inside subscribers' smartphones, the interface can be employed by the carriers for allowing subscribers to make use of the data stored on their SIM card to provide account balances along with other specialized services. Hackers can secretly track the location of subscribers by exploiting the interface and giving commands to acquire the IMEI identification code of device; the Simjacker exploit further allows them to carry out actions such as making calls or sending messages. According to the researchers at AdaptiveMobile Security, the working of the Simjacker exploit is not limited to a few devices, rather, it can be carried out on a wide range of mobile phones, irrespective of their software or hardware. Unfolding the various aspects of the attack, Dan Guido, a mobile security expert and the CEO of security fi...

The deficit of Internet addresses may occur at the end of September in Russia. Therefore, many users will not be able to visit portals and sites that they previously visited without problems. A representative of one of the world's largest Internet registries RIPE Network Coordination Center (RIPE NCC) Alexey Semenyaka a few days ago said that by the end of September IP-addresses using IPv4 will end in Russia, as well as in the Middle East and Europe. This is due to the huge number of devices connected to the Network. A week ago there were 1.88 million free addresses in these regions, and on 9 September there were already 1.69 million. In the fall of 2019, sites will begin to constantly require visitors to confirm that they are real people, not robots. Experts explained that this is due to the Internet features. So, each user has their own IP address. Sometimes several people have the same IP. If they try to enter with a single IP a site, it can take it for a hacker attack ...

OpenCTI - Open Cyber Threat Intelligence Platform Introduction OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATTACK, etc. Objective The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observable) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first ...

The digital experiment on the introduction of electronic passports in Russia will help to ensure the safety of citizens and identify the level of fraud attempts, said Russian Deputy Prime Minister Maxim Akimov. According to him, the experiment will begin in the first half of 2020 in Moscow. Earlier, E Hacking News published information that the Russian government has determined the basic parameters of the future electronic passport . Prime Minister Dmitry Medvedev said that the main version is a plastic card with a chip, which will be complemented by the secure mobile application "My passport". Akimov specified that the experiment will be extended to services where there are no legally significant transactions. A mobile application “My passport” replacing a paper passport will work as a payment for goods and services using wireless data transmission technology. For example, an electronic passport can be presented when buying alcohol or cigarettes, Akimov explained....

Security researchers have found a trove of more than 400 million Facebook users containing phone numbers on an unprotected server.  TechCrunch found a database on a server without any protection or encryption, meaning anyone could have found and accessed the database of users. The database include 419 million records included unique Facebook IDs and the phone number listed on the account. Some also included the user's birth date, location and gender. "This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the statement said.  "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer." from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2NaTBD...