Cyber Security News

The e-commerce giant has finally started taking steps to secure against the corona epidemic by banning more than one million products and furthermore by removing "tens of thousands" of overrated health products from unethical vendors. A quest for "coronavirus" on Amazon raised results for face masks, disinfectant wipes and recently published books on viral infections, revealing how a few merchants are taking advantage of the health crisis. It additionally offered results for vitamin C boosters as well - a fake remedy for the virus that has been broadly disseminated on the web. The World Health Organisation (WHO) expresses its worry about some deceptive Amazon postings prior this month, including counterfeit medications. The organization said fake coronavirus claims online were creating mass turmoil and asked tech giants to battle this spread of misinformation. Amazon is yet to provide a rundown of those items it says it has expelled, but a BBC search for ...

On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents. A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK m...

Of all the horrible things a pervert could do using the cyber means, Cyber Flashing is by far the most debauching and harassing of all. For all those who aren’t well aware of this concept, cyber flashing is like every other form, a highly disgusting method of “image-based sexual abuse”. This technology backed crime doesn’t stand on a particular pedestal as to the legality of it hence, the fact that people don’t know much about it let alone it being a crime. You may be sitting somewhere in peace and quiet, supposedly on a much-wanted vacation cruising your lazy fingers on your phone and Bam! A stranger’s genitals cover your phone screen via an AirDrop file. The initial shock, getting grossed out and the eventual sickening feeling you get is all well understood. Because the moment you try to close the file it only gets sent, again and again, a good number of times. The nastiest part about this is that the person who sent it to you could be sitting close by, watching you see ...

Fraudsters have found a new way to withdraw money from Russians. Social engineering is also in progress: people are offered a new service from banks "taxi to ATM", and on the way, they are convinced to transfer money to a third-party account. Victims of the new scheme are those who do not use online banking, in particular, the elderly. Attackers force them to transfer money through an ATM, for which they offer to use the "taxi from the Bank" service for free. This information is confirmed not only in banks but also in the Central Bank. Several people have already become victims of such a fraud, all of them tell about the same story: criminals call from the number "8 800" and report that someone is trying to withdraw funds from the client's card. If the potential victim does not have an Internet Bank, the person was offered a special taxi to the ATM. "Allegedly, it will be possible to transfer funds to a secure account from ATM. Attackers ...

Bretagne Télécom, a cloud service provider was hacked by DoppelPaymer, ransomware that exploited CVE-2019-19781 vulnerability in unpatched servers. Bretagne Télécom is a French cloud hosting telecommunications company that provides a range of services like telephony, Internet and networking, hosting, and cloud computing services to roughly 3,000 customers with 10,000 servers. Fortunately this is a success story with a happy ending, as the ransom attack was a failure with no data loss and no ransom paid. The company could restore the encrypted system and data from backups on Pure Storage FlashBlade arrays. Around 30 TB data was encrypted The attack took place in the first half of January, on the unpatched servers making them vulnerable to attack. The attackers started scanning the vulnerable servers from Jan 8 and attacked two days later. The company soon released patches to overcome the vulnerability with the final patch being published on January 24. The DoppelPaymer'...

The digital era has come with its fair share of scams with data breaches being the most prevalent. This problem Digital Age Challenges: Data Breaches of 2019 on Latest Hacking News . from Latest Hacking News https://ift.tt/3ae3ZS5

The way we communicate has changed a lot over the years. From handwritten letters to electronic e-mails to smoke signals Signal Jamming: Different Techniques And Where They Are Used on Latest Hacking News . from Latest Hacking News https://ift.tt/2Tmsohz

Hackers threatening banks in Monero to pay large amounts of money, and if the demands are not met, hackers have blackmailed to launch DDoS attacks against the banks. Since last week, bank corporations and different organizations in the financial sector in Australia have become the target of DDoS extortion campaigns. A hackers group is blackmailing the victims to pay heavy amounts as a ransom. The attackers threaten to conduct a DDoS (Distributed Denial of Service) attack unless they are paid with XMR cryptocurrency in Monero. A security threat has been sent out by ACSC (Australian Cyber Security Centre) to inform the public about the attack. According to ACSC, none of the hackers have launched any attacks, nor has there been any news of DDoS attacks. The current evidence serves as proof of this claim. DDoS Campaign Began in 2019  The Global Ransom Denial of Service (DDoS), a campaign that started in October 2019, is responsible for launching the attacks on Australian financ...

A critical vulnerability has been discovered in the OpenBSD email server OpenSMTPD. Exploiting the flaw could allow remote code execution OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems on Latest Hacking News . from Latest Hacking News https://ift.tt/2T5uoMk

Clearview AI an American technology company was, as of late breached as hackers figured out how to exploit a security flaw and 'make-off' its whole client list. Despite the fact that there's a lot of reason of concern, the specific nature and source of the breach remain unknown as of now. The company anyway has emphasized over and over that it has already patched the vulnerability and insists its that servers were not accessed.  The facial recognition software company has made claims, that not exclusively does its clientele incorporates many police stations, but it purportedly services the FBI and DHS and said that they are exclusively working with law enforcement agencies.  The Daily Beast's Betsy Swan originally investigated the breach. In the wake of assessing the documents from Clearview AI staff they wrote:  Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of users accounts thos...

The universe is lazy, everything that occurs follows the principle of least action. It should be no surprise that living things have evolved to obtain the most benefit for the least work; consider the intersection of intelligence and energy. And the same is true for humans, we are inherently lazy - choosing the path of least resistance. No matter the work, we will choose the shortest, most easy and least time-consuming way to do it. No matter the path, we will take the most direct and simplest route. The same could be said for the cyber world wizards, the hackers who would take the easiest path to hack and earn and hence have chosen a new way to earn and steal - "Loyalty Points" . Loyalty Points  Digital Banking systems nowadays is as safe and impenetrable as their physical counterparts and require planning, knowledge and a load of luck to hack. And when there are easily accessible, far less secure targets like Loyalty Points, then why do so much work?  Loyalty Poi...

The latest victim of an actively exploited zero-day vulnerability is the Taiwan-based firm ‘Zyxel’ whom manufacture networking devices.  Zyxel has Zyxel Patched Zero-Day RCE Vulnerability In NAS Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/3adE11d

Attackers broke into the terminal of the Odessa airport and scolded the eco-activist. Law enforcement authorities in Odessa (Ukraine) said that they found the hackers of the Odessa airport information system, who posted pictures with insulting or obscene language on the organization’s scoreboard against eco-activist Greta Thunberg. According to police, on February 25, officers with the support of the special forces unit of the National Police of Ukraine searched the houses of the participants and founders of the Ukrainian Cyber Alliance public organization. The search was authorized by a decision of the Odessa court. The seized equipment was sent for examination. Law enforcement officers opened a criminal case on the fact of unauthorized interference in the work of the Odessa terminal. The attackers face imprisonment for a term of three to six years. Ukrainian Cyber Alliance associates such actions of the National Police of Ukraine with political pressure on its activists. It...

A security researcher recently discovered that a lot of WhatsApp and Telegram Group invite links that may not be up for public viewing are appearing in multiple search engines like on Google, Yahoo, Yandex, and Bing. On Friday, researcher Jordan Wildon, a multimedia journalist at Deutsche Welle warned that owing to a critical issue, several illegal groups and activities along with genuine private groups were exposed. In the light of the leak, various security measures have been taken by both the companies, however, to erase the links from public searches completely so that they are no longer discoverable by people to join will require much more efforts. This critical flaw not only abused the privacy of the aforementioned messaging apps by exposing around 450,000 groups online but also allowed data mining as the phone numbers were made available directly. Notably, these messager apps' invite links have been indexed by several search engines. Due to this indexing feature, ...

To make self-driving vehicles a reality and to bring them on roads, they need to be able to safely and flawlessly navigate traffic without collisions or jams. Northwestern University researchers have made this possible by developing the first decentralized algorithm with a collision-free guarantee. The algorithm was tested in a simulation of 1,024 robots and in a throng of 100 real robots by the researchers in the laboratory. The robots carefully and efficiently followed to form a command shape.  “If you have many autonomous vehicles on the road, you don’t want them to collide with one another or get stuck in a deadlock,” said Northwestern’s Michael Rubenstein, who led the study.  “By understanding how to control our swarm robots to form shapes, we can understand how to control fleets of autonomous vehicles as they interact with each other.” Rubenstein, the professor who led the study is the Lisa Wissner-Slivka and Benjamin Slivka Professor in Computer Science and Mech...

Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone. On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. Th...

Electronic money transfer is something that has changed the way people used to transact. It has offered a way more convenient method that goes along the lines of modernity and the need of recent times. The most widely used and popular mediums of transferring money between bank accounts in India are NEFT and RTGS. While NEFT has neither minimum nor maximum limits, RTGS is designed for heavier sums of money with 2 lac being the minimum amount and 10 lac being the maximum per day. Per reports, National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) were disrupted for more than half a day. The signs of this started to show from Monday midnight. Sources mention that this happened because of a technical glitch in the systems of the Reserve Bank of India. Nevertheless, NEFT and RTGS have been reinstated after inactivity of 12 hours. Several reports reveal that the main issue allegedly was grappled by the Indian Financial Technology and Allied Services (IFTAS...

Google have recently fixed numerous security bugs in their Chrome browser. These Chrome bugs include two serious vulnerabilities as well Google Patch Serious Chrome Bugs Including A Zero-Day Under Active Exploit on Latest Hacking News . from Latest Hacking News https://ift.tt/2HZbU9G

Flash drives and memory cards are the two types of data storage devices that are the most mobile. Bulk Memory The History of the Flash Drive on Latest Hacking News . from Latest Hacking News https://ift.tt/39cqp6l

Experts noted that most often smartphone owners are inattentive and infect their devices with spyware. Such programs can collect personal data and place it in the public domain, listen to conversations, and monitor the actions of the owner. Sergey Nikitin, Deputy of the Group-IB Computer Forensics Laboratory, said that more than 90 percent of cases are not vulnerabilities, but user actions. According to him, the main source of infection is applications downloaded through the browser. "The search engine, first, gives not an official site, but contextual advertising. Often, scammers buy it, and by clicking on the link from your phone, you download a malicious APK file," said Nikitin. Nikitin gave an example of the GetContact app, which shows how a person is named in his friends' contact list. According to him, the user provides access to contacts that can leak to the network. He noted that such cases have already occurred. The expert advised not to download applicat...

A critical issue might have exposed your WhatsApp or Telegram group to the public. As discovered by a researcher, many Many Private WhatsApp And Telegram Group Invite Links Are Appearing On Search Engines on Latest Hacking News . from Latest Hacking News https://ift.tt/2wOQolV

A researcher with the alias Lynx0x00 discovered security flaws in Slickwraps systems after which they sent emails to customers using Slickwraps Website Breached After Disgruntled Researcher Publicly Exposed Findings on Latest Hacking News . from Latest Hacking News https://ift.tt/2HUkEOv

On Monday, The availability of OpenDXL Ontology - the first open-source language for connecting cybersecurity tools via a common messaging framework has been announced by the Open Cybersecurity Alliance (OCA). The OCA comprises of like-minded individuals, cybersecurity vendors, thought leaders, end-users from across the globe with the mission of finding solutions to the problem of interoperability via tooling, coding and employing procedures and technology they all agree upon. The Project has IBM Security and McAfee as its initial contributors. As the open-source code is made freely accessible in the cybersecurity ecosystem, OpenDXL Ontology allows any tool to acquire the ability to interoperate and communicate with various other technologies on its own by employing this language. Once this language is released, the need for custom integrations between individual products will be effectively eliminated, reducing the number of engineering resources spent on integration. These saved...

According to a survey by Egress, a shocking 97% of IT leaders said insider breach is a big concern. 78% think employees have put the company's data in jeopardy accidentally while 75% think they (employees) put data at risk intentionally. And asking about the consequences and implication of these risk, 45% said financial damage would be the greatest. Egress surveyed more than 500 IT leaders and 5000 employees from UK, US and Benelux regions. The survey showed serious incompetence of IT sector in handling data and their own security as well as employee confusion about data ownership and responsibility. On the question of how they manage insider data breach and security measures they use, half of IT leaders said they use antivirus software to detect phishing attacks, 48% use email encryption and 47% use secure collaboration tools. And 58% , that is more than half relied on employee reporting than any breach detecting system. Egress CEO, Tony Pepper says that the report shows ...

VMware has disclosed multiple security bugs in its software product vRealize Operations for Horizon Adapter. VMware have released fixes for VMware Patch Numerous Bugs In vRealize Operations for Their Horizon Adapter on Latest Hacking News . from Latest Hacking News https://ift.tt/38WIftD

Google's Cloud Vision API is a Google Artificial Intelligence (AI) tool that recognizes an image and what's in it and labels it, will no longer use gender labels like "man" and "woman", instead it will label it as 'Person.' Google Cloud Vision API is a tool through which developers can attach labels to photos and identify the content. In an email sent to users on Thursday, Google instructed that they will not use 'woman' or 'man' as physical appearance can not determine gender, the change has been done to avoid bias. “Given that a person’s gender cannot be inferred by appearance,” reads the email, “we have decided to remove these labels to align with the Artificial Intelligence Principles at Google, specifically Principle #2: Avoid creating or reinforcing unfair bias.” The bias that Google talks about is a result of "flawed training data," a much-discussed topic. A flaw that results in AI algorithm making assumptions- t...

The United States Department of Defense (DOD) holds significant importance owing to its sensitive operations. Perhaps, that is why it Department of Defense’s DISA Confessed Data Breach on Latest Hacking News . from Latest Hacking News https://ift.tt/2vXqqMG

Cisco have recently disclosed a security flaw in one of their products that could have serious consequences. As revealed, a Cisco Patch Static Password Vulnerability In Smart Software Manager on Latest Hacking News . from Latest Hacking News https://ift.tt/38V5yE5

In the digital age, where many of our tasks and chores have been taken care of by machines or by Top Cybersecurity Trends In 2020 on Latest Hacking News . from Latest Hacking News https://ift.tt/3c3hDsS

Last week, Adobe released its monthly Patch Tuesday updates addressing different bugs. But it seems their work wasn’t over as Adobe Patch Two Critical Code Execution Bugs A Week After Patch Tuesday on Latest Hacking News . from Latest Hacking News https://ift.tt/2VgN4Kp

Joining the trail of vulnerable WordPress plugins, here comes another plugin that threatens the security of over 1 million websites. Actively Exploited Duplicator WordPress Plugin Exploit Risks 1 Million Websites on Latest Hacking News . from Latest Hacking News https://ift.tt/2SQYuD4

Russian Foreign Ministry spokeswoman Maria Zakharova commented on the US statement that Russia is spreading fakes about the coronavirus. The diplomat called such accusations "deliberate stuffing". Earlier, the Straits Times reported that the US State Department suspected Russia of spreading fakes about the coronavirus. U.S. officials said that thousands of Russian-related accounts have spread false information about the disease on social networks, undermining global efforts to fight the epidemic. In addition, such users promote the idea that the US government is behind the COVID-2019 epidemic, thus damaging the country's reputation, according to the State Department. According to media reports, the State Department intends to deal with fake accounts on Twitter, Facebook and Instagram. The First Deputy Chairman of the State Duma Committee on International Affairs Dmitry Novikov said that there are different accounts on the network, including those that are trying ...

Heads up all Google AdSense users. A new email extortion scam is in the wild that threatens website owners serving New Email Extortion Scam Threatens Banning of Google AdSense Accounts on Latest Hacking News . from Latest Hacking News https://ift.tt/32kSZj3

Hackers become increasingly serious in their game as they begin targeting sensitive data that incorporates pain diary entries from veterans' very own physical injury cases. Breaching a few law firms, the local government databases and other organizations, demanding payments for data recuperation and deletion Maze, a hacking and ransomware group, as a major element of a ransomware attack against U.S. law firms released V.A documents, patient care records, legal fee agreements, and privacy consent forms.  Screenshot of a VA claims document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms.  (Screenshot/Brett Callow) Two of those hacks focused explicitly on Texas-based law firm Baker Wotring in November and Woods and Woods LLC in Evansville, Indiana, this month. As per Brett Callow, a threat analyst with Emsisoft, Maze hacks an organization's servers, informs them of the breach and demands ransom payments to preven...

Slickwraps, a mobile device case retailer that specializes in designing and assembling the most precision-fitted phone cases in the world has suffered a major data breach that exposed the personal information of employees including their API credentials, resumes and much more. In January 2020, a security researcher named Lynx attempted to gain access to Slickwraps's systems, he acquired full access to the company's website employing a path traversal vulnerability present in a script which is used by them for customizing cases. After exploiting the vulnerability, Lynx sent emails stating the same to the company and upon receiving no response to those emails, he decided to make public disclosure of the vulnerability and how he exploited it to acquire access to the systems and the data that was compromised. While giving insights of the incident, Lynx told that it allowed them to acquire access to 9GB of personal customer data that included employee resumes, customers...

Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation. Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures. At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”. Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae. These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or ...

Researchers from vpnMentor have discovered another unsecured database exposing sensitive details about users. As reported, they discovered an unprotected Amazon NextMotion Leaked Sensitive Plastic Surgery Images Online Via an Unsecured Database on Latest Hacking News . from Latest Hacking News https://ift.tt/2VhbJhU

The international community, following Georgia, the UK and the US, continues to publish statements condemning the cyberattack allegedly committed by Russia on the websites of Georgian government agencies, non-governmental organizations and the media. The relevant statements are published in Georgian by the Georgian Foreign Ministry. Foreign Ministry of Australia, the Ministry of Foreign Affairs of Ukraine, and the foreign ministries of Canada, the Netherlands, Romania, and Montenegro condemned the actions of the Russian GRU. And the Icelandic Foreign Minister on his behalf published a short statement on Twitter. The Ministry of Foreign Affairs of Ukraine not only condemns Russia but also calls on the international community to "bring to justice those who deliberately organize and carry out cyberattacks". The authors of all statements regard the report of a cyberattack on Georgian websites as a "violation by Russia of the sovereignty and territorial integrity of G...

US Department of Homeland has issued an alert regarding the threat of ransomware attacks. DHS warns about it after a US Department of Homeland Warns Of Ransomware Attacks After Pipeline Operations Affected on Latest Hacking News . from Latest Hacking News https://ift.tt/2Vc7Mew

Researchers have discovered a zero-day vulnerability in WordPress plugin ThemeREX. Exploiting the flaw allows an unauthenticated adversary to execute codes Zero-Day Bug In ThemeREX WordPress Plugin Exploited In The Wild on Latest Hacking News . from Latest Hacking News https://ift.tt/2VaJhhH

With the rise in the number of records ‘exposed’ by cloud misconfigurations year after year from 2018 to 2019 by 80%, there is an evident ascent in the total cost to organizations related with those lost records. As organizations keep on embracing cloud services quite swiftly however they neglect to implement legitimate cloud security measures, sadly, specialists anticipate that this upward trend would remain. Charles “C.J.” Spallitta, Chief Product Officer at eSentire says, “The rush to adopt cloud services has created new opportunities for attackers – and attackers are evolving faster than companies can protect themselves. The fact that we have seen a 42% increase from 2018 to 2019 in cloud-related breaches attributed to misconfiguration issues proves that attackers are leveraging the opportunity to exploit cloud environments that are not sufficiently hardened. This trend is expected to continue as more organizations move to the cloud,” “Additionally, common misconfiguration...

Once again, a popular photo-editing application has breached users’ privacy, consequently exposing sensitive information online. This time, the guilty application PhotoSquared App Leaked Personal Data And Sensitive Photos Online on Latest Hacking News . from Latest Hacking News https://ift.tt/2Pdra73

Reportedly, researchers from Eclypsium have discovered how a problem in peripheral devices can risk the security of entire systems. Specifically, Windows & Linux Devices at Risk From Unsigned Peripheral Firmware on Latest Hacking News . from Latest Hacking News https://ift.tt/2uiquWN

Joy all around for the social media fanatics who had gotten quite bored of WhatsApp being their only source of incessant chatting provisions. And to those as well who felt unsafe because of the recent spyware that hit the beloved social media chat application. The word around is that a recently surfaced social media chat application could give strong competition to the Facebook-owned social media service. The users were already quite disconcerted about the recent cyber threat that hit WhatsApp and were in desperate need of any substitute to satisfy their daily social cravings. The celebrated application goes by the name of “Signal”. Its unique characteristic is its keen focus on the privacy of the users. Per sources, Signal has planned out to move towards the big market and go “main-stream”, owing it to the substantial monetary support it received from WhatsApp’s co-founder. The financial backing is to facilitate “Signal” in getting better features and attracting the atten...

Since last year's summers, Chinese hackers have been targeting South Asian companies that own online gambling and betting websites. The gambling companies in South Asia have confirmed the hacks, whereas rumors of cyberattacks on betting websites have also emerged from Europe, and the Middle East, however, the rumors are yet to confirm, says the reports of cybersecurity group Trend Micro and Talent-Jump. Cybersecurity experts claim that no money was stolen in these hacks against the gambling websites. However, hackers have stolen source codes and databases. The motive of the attack was not a cybercrime, but rather espionage intended attack to gain intelligence. According to the experts, a group named ' DRBControl ' is responsible for the cyberattack. According to the reports of Trend Micro, the hacking techniques used in this particular cyberattack incident is similar to methods done by Emissary Panda and Winnti. All of these hacking groups are from China that has launc...