Cyber Security News

  Security expert Lucas Stefanko unearthed the malware known as ‘Android Worm’. Threat actors are using this malware as a weapon to send malicious messages to WhatsApp users and extract critical information or shutting their accounts entirely. ‘Android Worm’ make an entrance into a user phone as a disguised message and then corrupts the victim’s contact list without the victim being aware of it. Lucas Stefanko shared a video detailing the android worm malware – “Android WhatsApp Worm? Malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app. The message is sent only once per hour to the same contact. It looks to be adware or subscription scam”. The malware enters a user phone via message and then uploads adware onto a users’ device and expands by sending WhatsApp messages to the victim’s contact list and keeping the victim in a dark. As per the reports of The Sun, initially, the vi...

A security researcher from Google’s Project Zero security team, Samuel Groß, has shared a detailed… Apple Silently Enhanced iMessage Security With BlastDoor Sandbox in iOS 14 on Latest Hacking News . from Latest Hacking News https://ift.tt/3aim0jY

  Last year, Apple rolled out iOS 14 with many new features, tighter privacy laws, and elements that make the iPhone smarter, introducing to the iPhone and iPad versions a new safety mechanism primarily for the detection of malware attacks from the iMessage network. The BlastDoor Security Sandbox tool was launched in an upgrade to the iOS 14 in September 2020 and discovered that the MacOS 11.1 was running on the M1 powered Mac Mini after reverse engineering and is meant to protect parsing of untrusted data from messaging client iMessage. The service is claimed to be written in swift, a standard memory-safe language that is "significantly harder" for introducing classic vulnerabilities to memory manipulation into the codebase — in this iMessage. The BlastDoor device, concealed inside iOS 14, has been identified by Samuel Groß, a security researcher with the Project Zero team of Google. The prosecutor wrote a blog post on the scope of the current framework to protect consume...

  The domain Perl.com was made in 1994 and was the official site for the Perl programming language, it is enlisted with the registrar key-systems(.)net. An admonition went up on the perl.org foundation weblog overnight telling clients that perl.com was now directed to a parking site and exhorted against visiting "as there are some signals that it may be related to sites that have distributed malware in the past."  “The perl.com domain was hijacked this morning and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC on 27th January 2021. The hijack seems to have followed the deeply rooted way of an assailant jumping on a compromised account and swiping the domain instead of a simple expiration. The assailants changed the IP address from 151.101.2.132 to 35.186.238[.]10. After the hackers took control over the site, it was showing a clear page whose HTML contains GoDaddy parked domain scripts....

 At the moment, Sberbank is more often than other institutions in Europe is subjected to hacker attacks, but successfully repels them, said the head of the credit institution Herman Gref speaking at a plenary session in the Federation Council with a presentation on artificial intelligence (AI). “We are the most attacked institution in Europe. Every day, artificial intelligence inside our Cyber ​​Security Center analyzes billions of events. During this entire period of time, we did not allow a single penetration into our systems,” said Mr. Gref. Gref stressed that the AI protects not only the credit institution itself but also its customers. According to the banker, citizens who use the services of Sberbank are protected in 97% of cases: the systems recognize that a person is trying to transfer funds to a fraudster. "In 97% of cases, our algorithms recognize fraud, stop these transactions, contact the person, the person confirms that he made this transaction, and we tell him th...

  Trickbot, a banking malware has resurged again with new phishing campaigns and attacks after the collaboration of cybersecurity and technology companies disrupted the Trickbot malware in October last year. Trickbot malware evolved into a highly favorable form of malware among threat actors after starting life as a banking trojan. Trickbot is a banking malware that sends victims banking-related website pages that almost look identical to the original thing. Trickbot is a replication of older malware Dyre/Dyreza and is also dispersed via malicious spam including HTML attachments. These HTML files download a Word document posing as a login form, in reality, it is embedded with a malicious macro that restores Trickbot from the threat actors’ command and control (C&C) server when permitted. Microsoft targeted the infamous Trickbot malware last year due to its ability to possess ransomware that could pose a threat to the websites that display election information or to third ...

  Recently we are witnessing that the Ransomware operators are teaming up to exchange software and infrastructure to further accelerate the operation of leakage and extortion that harms the victims of such attacks. One such ransomware is Nefilim.  Nefilim also known as Nemty has emerged in 2020 as a new category onto the list of ransomware strains, here if the victims do not pay the ransom, Nefilim threatens to reveal information to the public; it has its own leaks platform called Corporate Leaks and is located in the TOR node.  As stated by Michael Heller, a researcher at Sophos, the Rapid Response is a 24/7 service provided by Sophos that helps organizations to detect and neutralize the active threat by actors as soon as possible. Lately, a company that has been attacked with the Nefilim ransomware, reached out to the Rapid Responses by Sophos for help. In the incident reported by the company, a ransomware attack from Nefilim locked up more than 100 systems stemmed...

  The Rocke Group's used cloud-targeted malware for carrying out crypto-jacking attacks for Monero that was documented in 2019 by Unit 42 researchers. Since then, the malware has been present in cybersecurity firms, which hindered the crypto-jacking activity of the Rocke Community. The threat actors behind the attack have reportedly updated the malware as researchers discovered a modified malware version used by the Rocke Community, a cyber-crime gang that attacks crypto-jack cloud infrastructure.  The malware is known as "Pro Ocean," first detected in 2019, and now includes "worm" features and the detection-evasion features of rootkits.  For cloud apps, Pro-Ocean utilizes well-known vulnerabilities Pro-Ocean attacked Apache ActiveMQ, Oracle WebLogic (CVE-2017-10271), and Redis in their study. If the malware is built-in Tencent Cloud or Alibaba Cloud, one can disable tracking agents using the same code of the previous malware to prevent detection. If the ma...

  Various vulnerabilities in open source video platforms YouPHPTube and AVideo could be utilized to accomplish remote code execution (RCE) on a client's gadget. It can take an average of more than four years for vulnerabilities in open-source software to be detected, an area in the security community that needs to be addressed, researchers say. Experts from Synacktiv found various vulnerabilities in the source code-shared by the ventures that were because of an absence of client input sanitization, a related write-up reads. The issues incorporate an unauthenticated SQL injection vulnerability, multiple cross-site scripting (XSS) flaws, and a file write vulnerability.  SQL injection is a code injection technique, used to assault information-driven applications, in which vindictive SQL articulations are embedded into an entry field for execution (for example to dump the database contents to the assailant).  SQL injection should abuse a security vulnerability in an appl...

With the increasing prevalence of online data breaches, many of us are looking for ways… Will a VPN Protect Me From a Data Breach? on Latest Hacking News . from Latest Hacking News https://ift.tt/3t7qJNY

With the increasing prevalence of online data breaches, many of us are looking for ways… Will a VPN Protect Me From a Data Breach? on Latest Hacking News . from Latest Hacking News https://ift.tt/3t7qJNY

  Adam Zabrocki, a security researcher warned window operating system users regarding the susceptibilities of Windows 7 to blind TCP/IP hijacking attacks. Adam Zabrocki reported the vulnerability to Microsoft reported eight years ago. Windows 7 was launched in the year 2009 and reached its end of life a year ago – which can be seen in users no longer receiving security updates. In 2008, Adam Zabrocki created a proof of concept of this venerable attack methodology with Windows XP as the target point. In 2012, a security researcher notified Microsoft regarding the same TCP/IP vulnerabilities that made the attack feasible in Windows 7 and all the subsequent versions.  Microsoft only patched the bug in Windows 8 and considered the bug “very difficult” to be exploited. Nearly one in four PCs is still running on the old operating system and are potentially susceptible to form of cyber-attack. In 1994, Kevin Mitnick orchestrated the most infamous blind TCP/IP hijacking strike a...

  Node.js is a cross-platform, open-source, JavaScript back-end operating environment running on Chrome V8 and running JavaScript programming from outside a Web browser. Recently a vulnerability in Node.js could have been used to exploit the framework and achieve remote code execution (RCE).  A report published on January 23, by Shoeb 'Captain Freak' Patel a self-described 'want to be' security researcher, says that the analysis indicates that Express.js might be prone to read local file errors. In conjunction with an old version of the Handlebars engine (Handlebars is a popular templating engine for web applications.), the malicious code may be run remotely. “If you are using Express.Js with Handlebars as templating engine invoked via hubs view engine, for Server Side Rendering, you are likely vulnerable to Local File Read (LFR) and potential Remote Code Execution (RCE),” stated Captain Freak.  Further Captain Freak has claimed that because of his experience with ...

  A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims' organization logos onto the phishing login page. This gives assailants the tools expected to effectively emulate organization login pages, a task that can now and again be intricate. Cybercriminals have depended on LogoKit to dispatch phishing assaults on in excess of 700 unique domains in the course of 30 days (including 300 in the past week). These focused on services range from generic login portals to bogus SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals.  “With LogoKit’s intended functionality to be centered around singular emails per URL and extracting company logos, this dramatically improves ease of carrying out targeted attacks against organizations; and reusing pretexts without changing templates,” said Adam Castleman, security researcher with RiskIQ on Wednesday.  Phishing kits, whi...

According to the expert, to protect yourself from phishing attacks and fraud using malicious software aimed at people working remotely, you need to follow certain rules. In particular, follow the news and discuss threats. "Knowledge is power. The best defense against online threats is an attack. In the context of the digital space, this means having up-to-date information. The more you know about the methods of deceiving users, the less likely that you will become a victim of hackers and believe a phishing email with an offer to buy a COVID-19 vaccine online or a coupon for vaccination without a queue," said Mr. Menshakov. The expert also advises checking the sources of emails. It is equally important not to trust emails and text messages from people you know or from organizations that contain requests or improbably tempting offers. Before you click on the link, you need to go to the company's website yourself or call its support service. Checking the sources will pro...

DDoS attacks have been around ever since the mid-nineties, yet they still continue to intimidate… Why DDoS Attacks Are Still One of the Biggest Cyberthreats on Latest Hacking News . from Latest Hacking News https://ift.tt/2MD3ESE

Subdomain takeovers are pretty common, as a March 2020 study of Microsoft subdomains showed. The… Why Do Subdomain Lookups for Cybersecurity? on Latest Hacking News . from Latest Hacking News https://ift.tt/2M3jGVX

Have you ever heard about Bitcoin? You may be thinking that it is like the… What You Need To Know About Bitcoin Before Investing Your Money In It on Latest Hacking News . from Latest Hacking News https://ift.tt/3t77KTy

At first glance, most organizations are improving their cybersecurity and getting better at defending direct… Massive Cyberattacks that Shook the World in 2020 on Latest Hacking News . from Latest Hacking News https://ift.tt/2M4C1SA

A new data dump has appeared online that includes key information about Pakistani citizens. Reportedly,… Data of 176 Million Pakistani Citizens Found For Sale On Dark Web on Latest Hacking News . from Latest Hacking News https://ift.tt/2YASgJL

A new data dump has appeared online that includes key information about Pakistani citizens. Reportedly,… Data of 176 Million Pakistani Citizens Found For Sale On Dark Web on Latest Hacking News . from Latest Hacking News https://ift.tt/2YASgJL

  The European Union Agency for Law Enforcement announced that a global collaboration of law enforcement agencies had disrupted Emotet, what it called the ‘most dangerous malware in the world’. ‘Operation ladybird’ was conducted via a collaboration of private security experts with global law enforcement agencies to disrupt Emotet and take charge of Emotet’s command-and-control infrastructure. While conducting the raid Ukrainian police arrested at least two Ukrainian citizens working for the cybercriminal group. Ukrainian law enforcement published a video showing officers seizing cash, computer equipment, and rows of gold bars. Neither Europol nor the Ukrainian police has shared the details regarding threat actors or their asserted role in the Emotet group. Ukrainian authorities released a statement explaining that “other members of an international hacker group who used the infrastructure of the Emotet bot network to conduct cyberattacks have also been identified. Measures ar...

Apple has recently rolled out the latest iOS update for users. The update iOS 14.4… Apple Patched Three Zero-Days With The Release Of iOS 14.4 on Latest Hacking News . from Latest Hacking News https://ift.tt/2MfFIoh

  Threats have changed how the typical ransomware assault works: Instead of encrypting the data and demanding ransom in return for decryption, certain attacks include data recovery as well. This constitutes a double threat to organizations, who face not only the danger that their sensitive documents may become revealed to the media, but also lose access to essential archives. Few Ransomware operators are also teaming up to exchange software and infrastructure to further accelerate the operation of leakage and extortion. Nefilim has evolved in 2020 to ransomware strains, here if the victims do not pay the ransom.  Nefilim threatens to reveal information to the public; it has its own leaks platform called Corporate Leaks and is located in the TOR node. The Nefilim ransomware blends data theft with encryption. Nefilim primarily targets unsecured applications like Remote Desktop Protocol (RPD) and virtual desktop systems and leave them vulnerable. It is one of the increasing nu...

  Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes, and rules for the Pwn2Own Vancouver 2021 hacking competition. Pwn2Own Vancouver ordinarily happens during the CanSecWest conference in Vancouver, Canada, but because of the Covid pandemic, the current year's occasion will be hybrid — members can present their exploits remotely and ZDI staff in Toronto (Canada) and Austin (Texas) will run the exploits. The attempts will be live-streamed on YouTube and Twitch. The prize pool for Pwn2Own 2021 surpasses $1.5 million in cash and other prizes, including a Tesla Model 3. The vehicle is being offered to individuals who take an interest in the automotive category. In this category, in addition to the vehicle, hackers can procure up to $600,000 for hacking a Tesla. There are three difficulty levels in this category and the Model 3 is being offered in every one of them.  ZDI has likewise declared another category for the forthcoming occasion. As a fe...

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12. As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference. Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000. The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question. Recall, the US authorities detained Firsov on suspicion of...

  Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine. NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination. The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.   Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipient...

Heads up WhatsApp users! A new wormable malware campaign is in the wild that targets… Watch Out For This Wormable Malware Spreading Via WhatsApp on Latest Hacking News . from Latest Hacking News https://ift.tt/36jhQqR

  On Friday, 22 January, the Dutch police, and the Public Prosecution Service received warnings from the GGD that personal details from GGD applications are being made available for sale on Telegram. The Central Netherlands Police Cyber Crime Unit soon launched an investigation. This probe led the team to two GGD call center workers. Consequently, both were hunted down by the police. The offenders were both in Amsterdam on Saturday night, where they were detained and taken to jail. This involves a 21-year-old man from Heiloo and a 23-year-old man from Alblasserdam. Men's homes have been searched and their computers have been confiscated. “Stealing and selling or reselling personal data is a serious crime," the Dutch police stated.  The two are among a wider number of individuals believed to have access to classified information and to have it sold to third parties, and further arrests have not been ruled out, police said in a statement. The selling of personal information t...

  VIPGames.com, a free platform with a sum of 56 accessible classic board and games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon, and others, has uncovered the personal data of tens of thousands of users.  A research group at WizCase found the wide-open server, with zero encryption and no password protection, through a straightforward search. It was traced back to VIPGames.com, a mainstream free-to-play card and table game platform with 100,000 Google Play downloads and about 20,000 active daily players globally. “Online gaming brings together user personal information, transaction details, and gaming habits. This fusion of confidential information creates a lucrative environment for cybercriminals to exploit,” the WizCase report clarified. “Gaming platforms routinely experience multiple attacks from hackers, sabotage from competing platforms, intra-platform attacks by players targeting the Internet connections of rival users, and more.” In this situation, over ...

Fraud is rife, everyone wants to get your information. From scam emails to bogus web… What Password Managers Are Safe to Use in 2021 on Latest Hacking News . from Latest Hacking News https://ift.tt/39j3bh4

What is an outsourced security services provider? Outsourced cybersecurity services are managed by an external… 7 Reasons to Choose an Outsourced Security Services Provider on Latest Hacking News . from Latest Hacking News https://ift.tt/2YeRq52

The needs of a society change dramatically when different factors come into play. The recent… Preparing for a High-Paying Career in Cyber Security on Latest Hacking News . from Latest Hacking News https://ift.tt/3ciEp2z

Digital attackers have used the XMRig Monero-miner to prey upon Docker in the past. In… Xanthe Cryptomining Botnet Attack Targeting Docker Installations on Latest Hacking News . from Latest Hacking News https://ift.tt/3cf35Jq

So you have developed an application after months of hard work and endless hours of… How To Test If The App You Created Is Secure And Safe From Hacking on Latest Hacking News . from Latest Hacking News https://ift.tt/39lpD9x

TikTok makers ByteDance had to rush for fixing serious security issues in the TikTok app.… TikTok Vulnerabilities Could Expose Users’ Private Data on Latest Hacking News . from Latest Hacking News https://ift.tt/3iMv9Fh

 The owners of the Telegram channels noted that scammers under the guise of advertising offers send malicious files. " In particular, they can be represented by advertising managers of the GeekBrains educational platform", Nikita Mogutin, the co-founder of the Telegram channel Baza (more than 310,000 subscribers), wrote on Facebook. Owner of the Telegram channel Madonna (more than 9500 subscribers) Madonna Moore said that five scammers write to her a day. She also published the text of correspondence with a person who introduced himself as a representative of GeekBrains.  GeekBrains has received many complaints about fraud on behalf of the company and has already sent out warnings to agencies and bloggers, said Elena Toropina, head of the company's marketing department. In her opinion, the attack on the channels is connected with the growth of the online education industry, which spends a lot of money on advertising. Kaspersky Lab reported that the attachments sent by...

  Security firm Radware uncovered the threat actors' campaign named 'distributed denial-of-service' (DDoS). This campaign was launched to target the same set of victims from September 2020 after the companies failed to pay the initial ransom between five and ten bitcoins ($160,000 and $320,000) as demanded by the threat actors. According to the reports, an anonymous group of hackers attacked the victims in August or September 2020 for the first time. In December 2020 and January, threat actors sent additional ransom extortion emails to the organizations after the victims failed to pay the initial ransom. Threat actors attacked the organizations with a DDoS strike immediately after the organizations received the second set of intimidating messages. The latest DDoS strike surpassed 200Gbps and continued for more than nine hours without any disruption. As per the reports of Radware, the latest ransom note reads, “maybe you forgot us, but we didn’t forget you. We were bus...

  Image Source Machine Learning is a core building block in the field of Data Science and Artificial Intelligence. As we all know, mathematics and statistics are the backbones of machine learning algorithms, and the algorithms that are used to discover correlations, anomalies, and patterns deal with data that are too complex.  When we talk about Security, spam is the first thing that comes to our mind. With the invention of the internet, computers were hooked together to create an effective and valuable communication network, and this medium which had broader distribution and free transmission, perfectly suited to steal account credentials, spread computer viruses, Malware, etc.  With enormous development in security domains like intrusion detection, malware analysis, web application security, network security, cryptography, etc., even today spam remains a major threat in the email and messaging space which directly impacts the general public.  The...

  The Australian Cyber Security Centre is on high alert for the vulnerability lately. The Australian corporate regulator has been the latest high-profile survivor of a hacking attack on the same program that used to target both the New Zealand Reserve Bank and the Allens law firm. On Monday (25th January) evening, a 'cyber safety incident involving a server used by ASIC' was said to have been hit by the Australian Securities and Investments Commission.  It all started when the Australia Securities Regulator reported that a server that was used to move files, including credit license applications, recently had a data security violation, where possibly some information has been viewed. The ASIC (Australian Securities and Investments Commission) said it became aware of the case on 15 January, but the credit license form(s) or attachments did not seem to have been downloaded, however.  Furthermore, the ASIC stated that “This incident is related to Accellion software used...

  The WebsitePlanet research group in collaboration with Security Researcher Jeremiah Fowler found a non-password protected database that contained more than 323,277 court-related records. Upon further investigation, the researchers found that the records were completely identified with Cook County, Illinois, the second-most populous region in the United States after Los Angeles County. As per the research group, nearly every record, which dated back to 2012 and as far as possible up to 2020, contained some type of personally identifiable information (PII), for example, complete names, home addresses, email addresses, case numbers, and private insights regarding the cases. The database seemed, by all accounts – to be an inside record management system that contained point by point notes about case status or issues with the cases or people. The case type appears to have been sorted by markers, for example, IMM (likely ‘immigration’), FAM (presumably 'family'), and CRI (most l...

  North Korea is excelling in a field of cybercrime with each passing day despite the tight economic sanctions levied by the United Nations and the United States of America in 2006 to prevent North Korea of the necessary funds for its nuclear program. North Korea has boosted its cyber capabilities by exploiting digital susceptibilities across the globe. North Korea’s hacking groups code-named Lazarus Group or Hidden Cobra have launched several cyber-attacks across the globe to extort money for its banned nuclear weapons development program. Lazarus was suspected of being the driving force behind the famous robbery of nearly $80 million from the Bangladeshi Central Bank. US Department of Homeland and the FBI in 2017 released a cybersecurity bulletin explaining the connection of North Korea to several cyber-attacks on US businesses and critical infrastructure. In May 2020 North Korea recruited nearly 100 science and technology university graduates into its military forces to ov...

A serious vulnerability was discovered in the Shazam app that could expose the location of… Shazam Vulnerability Could Have Exposed User Locations on Latest Hacking News . from Latest Hacking News https://ift.tt/39fcsHd

  On Thursday evening, the Russian government released a security notice to Russian firms warning of possible US-led cyber-attacks following the SolarWinds incident. In retaliation for SolarWinds hacking which has breached networks of a variety of US federal agencies including the Defense Department and top-tech businesses, the Russian government has warned corporations around the world of an imminent cyberspace threat.  At least 250 federal agencies and leading US businesses have suffered from Russian-backed hackers by filtering into the surveillance and control platform 'SolarWinds Orion.’ The response of the Russian government comes after earlier statements from the current Biden administration. New officers from the White House said that they are reserved with the freedom to respond to cyberattacks, and they would want to do so in answer to the questions about their plans for SolarWinds. The secretary of the press said that “We’ve spoken about this previously… of cour...