Cyber Security News

Social Media giant Facebook is to pay an amount of $550 million as a settlement in what appears to be another series of lawsuits, and this time, it is a Facial Recognition issue. The lawsuit is not good for the brand perception of Facebook as it puts further questions to the credibility of the privacy laws of the social networking site. "Facebook has agreed to pay a settlement of $550 million related to a claim filed for FB's facial recognition technique," said Facebook this Wednesday. The incident that appeared in Illinois is said to be a great triumph for privacy organizations as it raises the question of privacy laws of the company Facebook which is already among the controversies of data laws. The issue emerged from FB's image labeling technique named 'Tag Suggestions,' which uses facial recognition techniques to suggest the name of users present in the photo. The company that has filed lawsuit accused Facebook of collecting the facial data of the c...

It hasn’t been long since we heard of the Wawa card breach following a malware attack. Now, the attackers have Wawa Card Breach Becomes Huge Problem Since 30M Stolen Cards Are Put Online For Sale on Latest Hacking News . from Latest Hacking News https://ift.tt/2RIIwKA

A leading cyber-security firm recently alerted all the netizens about a vulnerability discovered in the measurement tools that support the Standard Commands for Programmable Instruments (SCPI) protocol, mentioned reports. According to sources, SCPI is an ASCII-based standard especially crafted out for the purposes of testing and measurement machines that came into existence in 1990. SCPI still happens to be used quite a lot given its easy and user-friendly interface and the inclusion of commands that could help alter any setting on the devices. In recent times, most of the measurement devices are connected to networks and in some cases even to the internet. Hence, SCPI’s holding no authentication mechanism is a matter of risk and insecurity for all its users. Per sources, when one of the major cyber-security research firms ran analytic research on SCPI they uncovered all the devices that use it and therefore are vulnerable to cyber-crime. Per reports, the aforementioned me...

Pavel Durov claims that the hacking of the iPhone of Jeff Bezos, the richest man in the world, occurred due to vulnerabilities in WhatsApp. Facebook which owns the messenger insists that the leak is related to the Apple device itself. The reason for the leak of personal photos and correspondence of the founder of Amazon and the richest man in the world, Jeff Bezos, is a vulnerability in the encryption system of WhatsApp, not problems with Apple gadgets. Telegram founder Pavel Durov wrote about this in his Telegram channel. This is how he reacted to an interview with Vice President of Facebook's Global Policy Department Nick Clegg, who said that Bezos confidential data leak was due to the iPhone. "We are confident that end-to-end encryption technology cannot be hacked," he said. Durov recalled that a few months ago he talked about the vulnerabilities of WhatsApp, which, in his opinion, eventually led to the hacking of Bezos smartphone. At the same time, Facebook t...

Streaming is probably not a new phenomenon to you, as streaming services provided by companies such as YouTube and Spotify 6 Best Websites for Streaming on Latest Hacking News . from Latest Hacking News https://ift.tt/2OhcinL

Smart OSINT Collection of Common IOC (Indicator of compromise) Types This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes. The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added "wisdom" by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious. Base Collection For network based IOCs, Mimir gathers basic information including: Whois ASN Geolocation Reverse DNS Passive DNS Collection Sources Some of these sources will require an API key, and occasionally only by getting a paid account a...

A serious vulnerability existed in the Zoom video conferencing app that the vendor has recently patched. The flaw in the Critical Flaw in Zoom Could Allow Attackers to Mess With Meetings on Latest Hacking News . from Latest Hacking News https://ift.tt/3aWB9Xy

The FSB of the Russian Federation reported that it was possible to install another email service that was used by an "electronic terrorist" to send messages about mining of objects with a massive stay of people in Russia. On Wednesday, the FSB and the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) announced the blocking of the Swiss postal service Protonmail.com. "This email service was used by hackers both in 2019 and especially actively in January 2020 to send false messages about mass mining of objects on the territory of the Russian Federation under the guise of reliable information," said the representative of Roskomnadzor. In turn, the FSB of Russia reported that this service is used starting from January 24. Messages with threats of mining were sent to the email addresses of courts in four regions of the Russian Federation. Last year, the same service was also used to send false terrorist threats...

An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says many servers were undermined including at the U.N. human rights office, which gathers rather sensitive information all year round.  According to a U.N. official, the hack seemed very "sophisticated" and the degree of the damage stays vague, particularly regarding personal, secret or compromising information that may have been 'stolen'. The official, who talked openly about the scene, basically on the condition of appearing anonymous, said frameworks have since been strengthened. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up,” says the authority said. Jake Williams, CEO of the cybersecurity firm Rendition Infosec and a former U.S. government hacker says, “The intrusion definitely looks like espionage,” referring to the incident which occurred jus...

Companies of all sizes use computers to store data and records. Some of the data may include information that is This Software Called Otter; What it is and what it does on Latest Hacking News . from Latest Hacking News https://ift.tt/2GBGCoO

Here is another incident to reemphasize the need for patching the serious Citrix vulnerability (CVE-2019-19781). A new ransomware called Ragnarok Ragnarok Ransomware Exploits Citrix Vulnerability To Target Vulnerable Servers on Latest Hacking News . from Latest Hacking News https://ift.tt/314iEMo

Ryuk has now emerged within a new guise. In brief, the new strain of Ryuk Stealer exhibits advanced properties that New Ryuk Stealer Targets Government And Military Sectors on Latest Hacking News . from Latest Hacking News https://ift.tt/3aVZdK4

In this era of rising cybercrimesand never-ending cyber attacks, having proactive cybersecurity policies is a must for every organization. Many Why Organizations Need Manual Penetration Testing on Latest Hacking News . from Latest Hacking News https://ift.tt/38IofdU

The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous security threat. Kaspersky reports that Macs have become a hot target for a dangerous malware - SHLAYER, been active for two years this malware-infected 10 percent of MacOS, affecting more than one in ten users. “The Shlayer Trojan is the most common threat on macOS,” Kaspersky Labs reported on Jan 23, 2020. The users from France, Germany, the United States, and the United Kingdom become the top target of Shlayer in 2019. As for what is Shlayer, Seals said, "Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code...Its main purpose is to fetch and install various adware variants. "These second-stage samples bombard users with ads, and also intercept browser searches in order to modify the search results to promote yet more ads." As per the report by Kaspersky, after the malware is installed on the system...

The German City of Potsdam has become the latest victim of a cyber attack. Following the attack, the city services City Of Potsdam Went Offline After Suffering A Cyber Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/2O6p7RO

Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to third parties such as Microsoft, Google, Pepsi, IBM, Home Depot, and many others, according to the findings of an investigation jointly carried out by PCMag and Motherboard. As per the sources, the investigation basically relied on leaked data; documents used to further the investigation belonged to Jumpshot which is a subsidiary of Avast. The data was extracted by the Avast anti-virus software itself and then repackaged by Jumpshot into various products which were sold to big companies as the report specified, "Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others." "The sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and ...

For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked. According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected. "We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo. He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located rem...

The illusion of security in IT is as fragile as a spiders-web; especially for a company that is built upon 5 Reasons Every Company Requires A Network Audit for Security Reasons on Latest Hacking News . from Latest Hacking News https://ift.tt/36yBNHl

Cisco Webex Meetings Suite, a platform that offers its customers to organize online meetings and seminars anytime anywhere, has revealed a security vulnerability that allows an unauthorized attacker to enter a password-protected meeting without the password. The Vulnerability - The vulnerability allows the attacker to join a meeting if they have the meeting ID or meeting URL from the mobile device browser. Then the browser will launch the meeting on Webex mobile application, and then the unauthenticated user can join the password-protected meeting without the said browser. “The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee,” reads the Cisco blog post. This makes it quite easy to track the unauthorized individual as they will be visible as a mobile attendee. This Cisco Webex vulnerability has received a score of 7.2 out of 10 (can be tracked as CVE-2020-3142). Cisco Product Security Incident Response Team (PSIRT) said that they ha...

In the past weeks, Mozilla has banned 197 Firefox add-ons for malicious activity. Not only have they removed the add-ons Mozilla Bans 197 Malicious Firefox Add-Ons Amidst Crackdown on Latest Hacking News . from Latest Hacking News https://ift.tt/36z4KmH

The Japanese electronics giant Mitsubishi Electric disclosed a hack last week. It now turns out that the attackers exploited a Hackers Exploited Trend Micro Antivirus Zero-day In Mitsubishi Electric Hack on Latest Hacking News . from Latest Hacking News https://ift.tt/2U9akt4

Hacking specialists and penetration testers are the new norms of the modern era. With many companies now being based online 5 of the Most Popular Penetration Testing Tools Found in Kali Linux on Latest Hacking News . from Latest Hacking News https://ift.tt/2t1NNn0

We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a study by Princeton University prooves the vulnerability of wireless carriers and how these SIM swapping has helped hackers ease their hands into frauds and crimes. SIM swapping gained quite an attention when Twitter CEO Jack Dorsey’s account was hacked on his own platform. A study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. And this sim hijacking is on a rise in developing countries like Africa and Latin America. What is SIM swapping?  SIM swapping is when your account is taken over by someone else by fraud through phone-based authentication usually two-factor authentication or two-step verification. This could give the hacker access to your email, bank accounts, online wallets and more. How does the swap occur?  In a S...

Researchers have discovered six different critical MDhex vulnerabilities, in medical devices. These vulnerabilities, upon exploitation, could allow an adversary to MDhex Vulnerabilities Discovered In GE Healthcare Medical Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/38IqxcP

Cisco have recently fixed numerous security bugs in multiple products. These also include a critical security fix in Cisco Firepower Cisco Patched Critical Bug In Firepower Management Center on Latest Hacking News . from Latest Hacking News https://ift.tt/37yXBnI

As an initiative to provide protection to the military's artificial intelligence systems from cyber-attacks, researchers from Delhi University and the Army have joined hands, as per a recent Army news release.  As the Army increasingly utilizes AI frameworks to identify dangers, the Army Research Office is investing in more security. This move was a very calculated one in fact as it drew reference from the NYU supported CSAW HackML competition in 2019 where one of the many major goals was to develop such a software that would prevent cyber attackers from hacking into the facial and object recognition software the military uses to further train its AI. MaryAnne Fields, program manager for the ARO's intelligent systems, said in a statement, "Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyber-attack. This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data...

Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective. Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis. When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department. That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated. There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far. Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago. The d...

The hacker attack that the Austrian Ministry of Foreign Affairs underwent prompted European countries to take active measures to defend against such attacks. At the same time, the EU accuses Moscow of the attack, which makes no sense, given the friendly relations between Russia and Austria. Alexander Baranov, head of the Department of Information Security at the National Research University, commented on the situation. According to the expert, anti-Russian accusations once again show the policy of Western "hawks" who regularly make groundless statements to undesirable countries. "These accusations are completely groundless and are not supported by any arguments," Baranov said. He stressed that Russia has absolutely no interest in attacking the Austrian Foreign Ministry. In addition, Austria supports the implementation of major projects, such as the Nord Stream 2 gas pipeline. "This is one of the friendliest countries in the European Union, I think. Th...

LastPass has recently troubled users when it locked out people from accessing their accounts due to a bug. Once again, Another LastPass Outage After Chrome Extension Mistakenly Left Chrome Store on Latest Hacking News . from Latest Hacking News https://ift.tt/2TX9xLP

"The United Nations officials are not using WhatsApp for purposes of communication as it is unsafe and vulnerable to hacking," said a UN spokesperson last Thursday. The statement came out following the Jeff Bezos incident, where experts at the UN accused Saudi Arabia of hacking the WhatsApp account of Amazon's CEO Jeff Bezos. The experts at the UN last week said that they had information suspecting the association of Prince Mohammed bin Salman, Saudi Arabia's crown prince in the so-called cyberattack on Jeff Bezos that happened in 2018. The officials have demanded an inquiry by American and other authorities as an immediate response, saying that the claims are based on a Forensic Report prepared by FTI, a consulting firm from Washington. The forensic report claims that Bezos' phone was hacked through an ill-disposed video file that was sent by the Saudi Prince via a WhatsApp account. Responding to the question "whether the United Nations Secretly General...

In a recent cybersecurity issue, some hackers from North Korea are attacking Internet Explorer by exploiting a vulnerability, which is said to be a zero-day flaw. The company Microsoft has not yet spoken on the issue and is still silent.  Users should immediately stop using Internet Explorer for a while to stay safe from the hackers, suggest cybersecurity experts. If the users still prefer to use Microsoft software, they can download the latest Edge Browser by Microsoft. The Edge browser is safe from the attack as well as offers a better user experience while browsing than Internet Explorer. Other secured browsers include Google Chrome and Mozilla Firefox. But if the users still want to use the traditional software, cybersecurity experts at Tom's Guide suggest downloading a limited time user account that is safe for any software modification. Microsoft has scheduled to release its next security patch, not until the 11th of February, therefore, its a long wait before the...

TrickBot trojan, a strain of malware that has been around affecting users since 2016 - is now evolved to steal Windows Active Directory credentials. Today, in the cybersecurity ecosystem it is considered as one of the top threats abusing businesses, experts estimate that TrickBot is responsible for compromising more than 250 million email accounts till date. Earlier, TrickBot went a step further while targeting Windows 10 users by disabling Windows defender onto their systems rather than just bypassing the protection. Fundamentally, TrickBot is a banking Trojan and is generally deployed through spearphishing emails like invoices mailed to the accounts department. Typically, it is attached as infected Microsoft Excel or Word documents. The malware can be spread across an organization in a number of ways, one of them is via exploiting vulnerabilities in a protocol called SMB which makes the process of sharing and accessing files on other systems easy for Windows computers. First ide...

HM Revenue and Customs (HMRC) of the UK Government has submitted a tender for the development of a system for monitoring financial transfers in digital money. The appearance of such a system in Russia could already have occurred. Cryptocurrencies can be used not only for transferring funds or paying for services, but also for conducting criminal activities. This position was expressed by the UK tax service HMRC. The purpose of the introduction of this tool is the fight against criminal activity. It includes tax evasion and laundering of criminal proceeds. Mikhail Mishustin, head of the Federal Tax Service of Russia and now Prime Minister, proposed the initiative to control income received through cryptocurrency for tax purposes in February last year. "Money that a young person can freely move across the border using cryptocurrencies and other forms of payment, which the state does not notice and for which there is no regulatory framework, is dangerous," said Mishust...

WhatsApp (now owned by Facebook), a popular social networking app, as we all know, is very easy to setup. But this simple process also opens your account to some vulnerabilities and threats, if you are not cautious while setting your WhatsApp account. Luckily, there exists an extra defense line to ensure the safety of your account, if your 6 digit activation code is hacked. However, as noticed in the recent hacking incident against Amazon's CEO Jeff Bezos, it was observed that these security measures aren't enough to provide security. But it will somehow provide you an extra safety mechanism if, by any chance, the hacker gets your 6 digit security code. How to ensure the safety of your Whatsapp account? In normal circumstances, getting back to your hacked Whatsapp account is very simple: open the app, and while logging in, the app will send you another 6 digit code. But the problem arises when the hacker, once having the hold of your account, intentionally puts up wrong ...

In Russia, the number of DDoS attacks will increase due to the introduction of 5G technology, said Anton Fishman, head of the system solutions Department of the Group-IB. He noted that the wider introduction of 5G will significantly increase the number of traditional attacks that providers have faced in recent years. "For example, the power and frequency of DDoS attacks will increase significantly due to many insecure devices." According to him, a DDoS attack can be used as a distraction when stealing money from a Bank or disabling a service. Earlier, Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, said that the main areas that require attention when countering cybercrime are DDoS attacks, data leaks and fraud using social engineering methods. He explained that the number of DDoS attacks has increased, their quality has changed, in addition, it is quite difficult to detect them. It is important to add that on the eve of the Deputy Chairman of the Boa...

Referring to anonymous sources, a British daily newspaper came up with reports on details regarding Amazon Chief Jeff Bezos' cell phone being hacked in the wake of accepting a message from the Saudi Arabian crown. Theft of information from Bezo's cell phone, however, is said to have been started in 2018 with a contaminated video file sent by means of WhatsApp from the personal account of Mohammed bin Salman, according to the previously mentioned British daily. The report apparently comes about a year after the unexpected announcement that Bezos and his wife, MacKenzie, would separate following 25 years of marriage. The National Enquirer along these lines uncovered an extramarital affair between Bezos and Lauren Sanchez, a former TV anchor, in a progression of reports that depended, to some degree, on some intimate text messages sent by Bezos. Bezos in this way distributed an extraordinary blog entry blaming the newspaper for taking steps to distribute all the more hum...

Transferring personal data to someone (details of cards and accounts, passport data), you can become a victim of cyber fraud, so you can not do this in any case, recalled the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov. "Even if you take a picture of your card and send it to someone — this is basically already a leak. You might as well throw your wallet with your salary in the trash," he said. He also said that in the second half of 2019, Russian companies faced large-scale phishing. "Last year, several organized criminal groups working in this direction became more active. One of them has made a big step forward in expanding its criminal activities. This is the RTM hacking group, it is Russian-speaking and operates in Eastern Europe, including Russia". According to him, using modern software, RTM sends phishing emails to tens of thousands of companies in the country 10-15 times a month. Mr. Kuznetsov added that many companies open emails i...

Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January. The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec. Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the inter...

While security breaches are common, the latest report relates to the tech giant Microsoft. Reportedly, Microsoft has disclosed a security Microsoft Disclose a Security Breach Affecting One of Their Own Customer Support Databases on Latest Hacking News . from Latest Hacking News https://ift.tt/2NS6nVX

After years of usage, your iPhone works slowly. So, you’ve decided to sell it out and upgrade to an new UkeySoft FoneEraser Review: 100% Erase All iOS Data before Selling Your iPhone/iPad/iPod on Latest Hacking News . from Latest Hacking News https://ift.tt/2O7Ilqf

It seems that every iOS user needs an iPhone unlocking software. If you try to enter the wrong unlock password UkeySoft Unlocker Review: Best Tool to Unlock Apple ID & Screen Lock on Latest Hacking News . from Latest Hacking News https://ift.tt/30Nsdzh

Researchers simulated a real-looking “Industrial prototyping” organization with fake employees, PLCs, and websites to study the types of cyber-attacks that commonly on such networks. The elaborately fake organization’s website and the network worked on a highly advanced interactive “honeypot” network that worked extensively on attracting the attention of potential hackers. The plan was to create such a legitimate-looking network that no one could even doubt it's being phony and to accumulate serious information related to cyber-threats and attacks to study and analyze them. Behind researching these threats and attack mechanisms the motive was to dig out the threats that the “Industrial control system” (ICS) sector faces today. Per sources, the sham company specifically let some ports of its network be susceptible to attack and Voila! It got hit with the most cliché of attacks that any IT network faces, including, Ransomware, Malware, Remote Access Trojans (RAT), Crypto-...