Cyber Security News

  Cybersecurity experts from Proofpoint have unearthed a Chinese-sponsored phishing campaign and published a report on Thursday; as per the findings, Chinese state hackers targeted several Tibetan organizations in a low-volume phishing campaign using malicious malware on the systems of Tibetan organizations. The campaign was designed to hijack Gmail accounts via a malicious Firefox browser extension. According to Proofpoint, Chinese sponsored phishing campaign started in January and continued throughout February and was managed by the TA413 APT group, a threat group that’s aligned with the Chinese Communist Party’s state interests. Hackers Modus Operandi  TA413 attackers targeted the organizations by sending a fraudulent email, once the victim opened the email it redirected the victim to the attacker-controlled you-tube[.] domain that displays a fake Adobe Flash Player Update landing page. Threat actors specifically targeted the Firefox users and users with an active...

  After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a data breach. The organization believes that this malicious conduct has been detected very easily and that it has taken steps to stop it and discourage it from continuing in the future.  SIM swap attacks (or SIM hijacking) permits scammers who use social engineering or bribing mobile operator workers to a fraudster-controlled SIM to gain a charge of their target telephone number. They then receive messages and calls from victims and enable users to easily bypass multi-factor authentication (MFA) through SMS, steal user identifiers, and take over the victims' Online Service Accounts. Criminals will enter the bank accounts of the victims and take money, swap passwords for their accounts, and even lock the victims out of their own accounts.  T-Mobile disclosed that an anonymous perpetrator had access to customer account detail...

The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks. According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia. The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky. The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unau...

  Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could permit a threat actor to publish a misleading skill under any arbitrary developer name and even make backend code changes after approval to fool clients into surrendering sensitive data. The discoveries were introduced on Wednesday at the Network and Distributed System Security Symposium (NDSS) meeting by a group of scholastics from Ruhr-Universität Bochum and the North Carolina State University, who examined 90,194 skills accessible in seven nations, including the US, the UK, Australia, Canada, Germany, Japan, and France.  “While skills expand Alexa’s capabilities and functionalities, it also creates new security and privacy risks,” said a group of researchers from North Carolina State University, the Ruhr-University Bochum and Google, in a research paper.  Amazon Alexa permits third-party developers to make additional functionality for gadgets, for...

  Data related to a customer of a recently targeted California-based private cloud solutions firm Accellion is being published online for sale by threat actors. Accellion is a file-transfer platform that is used by Steris Corporation. Many other firms were targeted by hackers a few weeks ago, threat actors exploited the security loopholes in the server of the company. Ransomware gang ‘Clop’ has taken responsibility for the attack and is claiming to have critical information in their possession belonging to Steris Corporation. Steris Corporation is an American Irish-domiciled medical equipment firm specializing in sterilization and a leading provider of surgical products for the American healthcare system. Documents that are missing from the sever system of Steris Corporation include a confidential report regarding a phenolic disinfectant comparison study dating from 2018. This report bears the signatures of two Steris employees – technical services manager David Shields and qua...

  Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask intrusive SQL queries. Whenever the trigger condition is fulfilled, these queries insert an admin-level user into a contaminated database. Users can use a MySQL database to store essential data, including CMS settings and a common CMS is used on their website (such as WordPress). Something that might change the MySQL database is whether injecting harmful code or removing the content of your Website, could also do severe harm to the website.  Potential for protection is one factor why the MySQL database has its own unique username and password, which will deter someone from checking the MySQL database manually without the required login details. Unfortunately, if attackers have unauthenticated access, they can also read a wp-config.php file to understand the website's database authentication credentials — which can then be used to connect to the datab...

American firm Sequoia Capital has publicly disclosed a suspected data breach recently. The firm suspects… Sequoia Capital Discloses Data Breach Following Failed BEC Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3bL95rf

  Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation that are marketed under the Logix brand. These gadgets, which range from the size of a little toaster to a huge bread box or considerably bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs utilizing Rockwell software called Studio 5000 Logix Designer.  The vulnerability requires a low skill level to be exploited, CISA said. The vulnerability, which is followed as CVE-2021-22681, is the consequence of the Studio 5000 Logix Designer software making it possible for hackers to exfiltrate a secret encryption key. This key is hard-coded into both Logix controllers and engineering stations and confirms correspondence between the two gadgets. A hacker ...

According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies and educational institutions The head of the General Intelligence and Security Service of the Netherlands (AIVD), Erik Akerboom, said that the country's special services allegedly "every day" catch hackers from China and Russia, who, according to him, break into the computers of companies and educational institutions. At the same time, the head of the AIVD did not provide any evidence. "Every day we catch hackers from both China and Russia hacking into the computers of companies and educational institutions," the head of AIVD said in an interview with Vu Magazine. According to Akerboom, the target of these hackers is vital infrastructure, such as drinking water, banks, telecommunications, and energy networks." However, he did not give an example of any specific cyberattack. In 2018, the Ministry of Defense of the Net...

A serious vulnerability in VMware servers has just received a fix. However, right after the… Critical Vulnerability In VMware Servers Being Scanned After PoC Exploit Release – Patch Now! on Latest Hacking News . from Latest Hacking News https://ift.tt/3dOYKxf

As the world went digital following the lockdowns due to the COVID-19 pandemic, educational institutions… Educational Institutions Websites Found Vulnerable to Multiple Threats on Latest Hacking News . from Latest Hacking News https://ift.tt/2MrfGhY

While baby monitors make parenting easy, they can be a security threat to you as… Misconfigured Baby Monitors Can Allow Intruders To Spy On Your Baby on Latest Hacking News . from Latest Hacking News https://ift.tt/3sw44tG

  Google Project Zero team disclosed the details of a recently fixed Windows flaw, tracked as CVE-2021-24093, that can be compromised for remote code execution in the context of the DirectWrite user. Dominik Rottsches of Google and Mateusz Jurczyk of Google Project Zero discovered the flaws and reported the issue to Microsoft in November and the bug report was made public this week.  The vulnerability was fixed with the release of February 2021 Patch Tuesday updates. Cybersecurity researchers Jurczyk and Rottsches explained CVE-2021-24093 as a DirectWrite heap-based buffer overflow linked to the processing of a specially designed TrueType font. They further explained that a hacker can trigger a memory corruption condition that can be exploited to execute arbitrary code in the context of the DirectWrite client. DirectWrite is a Windows API designed to provide supports measuring, drawing, and hit-testing of multi-format text. This vulnerability in the Windows operating sys...

  Accidentally, a law firm has disclosed client data of 15,000 incidents in which individuals have been killed and wounded after a cloud misconfiguration. Through a misconfigured Amazon S3 bucket, the WizCase team unearthed a huge data leak with private details regarding Turkish residents. The server includes 55,000 judicial records concerning more than 15,000 court proceedings, affecting hundreds of thousands of individuals. The firm affirmed that it does not require any permission to browse the 20GB trove that anyone with the URL may have viewed the very confidential information. WizCase is one of the leading multinational websites offering cybersecurity resources, tricks, and best practices for online safety. Also incorporates VPN ratings and tutorials. The data was traced by WizCase, back to the Turkish actuarial consulting company, Inova Yönetim, which analyses details for risk and premium estimation. The online security team has revealed a major abuse of the data from an...

  A year into the pandemic, Turkey Dog-related activity is ongoing with campaigns that keep on utilizing the "free internet" lures. These current campaigns use lure pages that guarantee cash payments of thousands of Turkish Lira, implying to be attached to the Turkish government. For instance, as indicated by Google Translate, a page states, "Final Phase Pandemic Support Application - 3,000TL State Support for All Applicants!" Another highlights a picture of Turkish Minister of Health Dr. Fahrettin Koca's and guarantees 1,000 lira for "everybody applying!"  A portion of the lure pages, use whos.amung.us scripts for tracking purposes. RiskIQ's Internet Intelligence Graph, utilizes unique identifiers associated with these scripts to associate numerous Turkey Dog domains. For example, a RiskIQ crawl of pandemidesteklerim[.]com noticed the whos.amung.us ID loaded on the page, which was seen on 431 hosts since April 26, 2020. They additionally found ...

Approximately 100 US companies and nine government agencies were affected by the hack using Orion software of SolarWinds, which is blamed on "Russian hackers." The real scale of the cyberattack became known during a hearing of the US Senate. According to Microsoft president Brad Smith, "at least a thousand very skilled, very capable programmers" worked on the SolarWinds hack. "This is the largest and most complex operation we've seen," noted Smith. The head of Microsoft compared the SolarWinds software to a health care system. According to him, the hacking of this program by the attackers was similar to the robber turning off the alarm for all residents instead of just one apartment where he wanted to enter. "Everyone's safety was threatened. That's what we're up against," added Smith. He added that hackers could use up to a dozen different ways to break into the networks of their victims. In addition, the President of Microso...

Another technology company has fallen prey to a cyber attack. This time, the victim is… Finnish IT Firm TietoEVRY Shut Down Following Ransomware Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3aPfnHg

  French authorities unearthed a glut of stolen credentials on the dark web, apparently belonging to the healthcare workers. The authorities have alerted the healthcare department and advised them to remain vigilant. In recent weeks, threat actors have attacked several French hospitals – including hospitals in Dax and Villefranche-sur-Saone. The French Ministry of Social Affairs and Health issued an alert this week stating, France Computer Emergency Response Team notified our department regarding the sale of a list of 50,000 user accounts on a cybercriminal platform which includes login/password credentials apparently belonging to French healthcare workers.  The alert notes that “it is difficult to accurately describe the origin of this leak, but the impact that the use of login/agent password couples can have on the security of institutions’ information systems is more easily valuable. That includes attempts to connect to remote means of access, such as Outlook web acc...

Egnach, Switzerland. Swisscows, Swiss technology company for intelligent software products and services in the field… Messenger TeleGuard: The world’s most secure messenger competes against WhatsApp on Latest Hacking News . from Latest Hacking News https://ift.tt/2PcRLUD

  Mozilla's latest Firefox 86 has been rolled -out for desktop, Mac, Windows, and Linux platforms. The browser upgrade brings features like multiple image mode and video replay, backward and forward buttons. Total Cookie Protection has been integrated into the Strict Enhanced Tracking Protection (ETP) platform, which has been revealed on Tuesday with the launch of Firefox 86. Complete cookie protections were referred to as 'huge advance' in containing cookies that are placed into new 'cookie jars' by websites.  Cookies are text files containing tiny pieces of information by which the computer can be detected. While intended to enhance the viewing experience on the website, it could also be used, despite any permission, to track online activities. Google now plans to destroy third-party cookies as part of its Sandbox privacy project on its Chrome web browser, an effort that aims to allow personal ads while restricting data detection.  Mozilla uses the 'cooki...

  Security experts from Akamai have detected another botnet utilized for illegal cryptocurrency mining exercises that are abusing Bitcoin (BTC) transactions to remain under the radar. This procedure permits botnet operators to make their infrastructure resilient to takedown led by law enforcement.  “A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It’s a simple, yet effective, way to defeat takedown attempts.” reads the post published by Akamai. “Recent infection attempts against Akamai SIRT’s custom honeypots uncovered an interesting means of obfuscating command and control (C2) infrastructure information. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”  The infection chain starts the exploitation of Remote Code Execution (RCE) vulnerabilities affecting H...

As noted by experts, information leakage in large companies does not often happen, but data theft can occur through contractors Scammers learn personal data of Russians from gaps in the security of companies or from their informants in them, from social networks of citizens, as well as through phishing sites. "Often, a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks," said Sergey Golovanov, a leading expert at Kaspersky Lab. He clarified that information leaks in large companies do not often happen, as they pay great attention to their cybersecurity. However, data theft can be carried out through contractors who do not always have the necessary resources to ensure security when processing personal data. Also, according to the expert, leaks can occur from small online stores or other services where customers are asked for such information. As Anastasia Barinova, deputy head of the Group-...

A serious stored XSS vulnerability existed in the Apple iCloud domain that caught the attention… Apple Patched A Stored XSS Vulnerability In iCloud Domain on Latest Hacking News . from Latest Hacking News https://ift.tt/3snuwFB

A few days ago, Barcode Scanner app made it to the news for potentially infecting… Barcode Scanner App Fiasco – ‘New Owner’ Responsible For The Disaster on Latest Hacking News . from Latest Hacking News https://ift.tt/3uoD2pT

  Bitcoin, the world’s largest cryptocurrency slumped as much as 17 percent to $45,000 on Tuesday, sparking concerns from investors over the cryptocurrency’s sky-high valuations and its volatility in an unpredictable market. The cryptocurrency traded 13% lower, at $47,608.24, as of 11:45 p.m. in New York. The value of the cryptocurrency has soared in 2021, with the price more than doubling this year to reach a record $58,350.41. Elon Musk, CEO of Tesla invested $1.5 billion in cryptocurrency this month and helped bitcoin to reach its market value above $50,000 but this investment may now lead to pressure on Tesla’s stock price as it has become sensitive to movements in bitcoin. Craig Erlam, senior market analyst at OANDA stated that “the kind of rallies we’ve been seeing aren’t sustainable and just invite pullbacks like this.” Ether, the world’s second-largest cryptocurrency by market capitalization also slumped more than 17% and last bought $1,461, down almost 30% from las...

Cyberthreats pose risks to any organization. And companies, regardless of size or industry, so long… How DNS History Contributes to Threat Investigations on Latest Hacking News . from Latest Hacking News https://ift.tt/2ZMfTQ8

It’s crucial now, more than ever, to ship web applications with strong protection and security… Taking Steps to Secure your Application in 2021 on Latest Hacking News . from Latest Hacking News https://ift.tt/2Nz1CUh

  Ukraine on Monday alleged major attacks against the Ukrainian security and defense website by unidentified Russian Internet networks but did not provide specifics of any losses or mention who it felt was responsible for the attack. Kyiv, Ukraine's capital, previously described Moscow with major cyberattacks against Ukraine as part of the "hybrid war," which Russia opposes.  “Kyiv has previously accused Moscow of orchestrating large cyber attacks as part of a “hybrid war” against Ukraine, which Russia denies. However, a statement from Ukraine’s National Security and Defense Council did not disclose who it believed organized the attacks or give any details about the effect the intrusions may have had on Ukrainian cybersecurity.” reported The Reuters agency.  The Ukrainian National Security and Defense Council however has not released a statement that states that the Ukrainian Cyber Security is believed to coordinated or provides specifics about the consequences that ...

  Researchers reported on Tuesday that they discovered two email phishing assaults targeting at least 10,000 mailboxes at FedEx and DHL Express that hope to extract client's work email account. In a blog published by Armorblox, the researchers said one assault impersonates a FedEx online document share, and the other claims to share shipping details from DHL. The phishing pages were facilitated on free services like Quip and Google Firebase to deceive security technologies and clients into thinking the links were legitimate. “The email titles, sender names, and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday. “Emails informing us of FedEx scanned documents or missed DHL deliveries are not out of the ordinary; most users will tend to take quick action on these emails instead of studying them in detail for any inconsistencies.”  The phishing ema...

The former developer of the Android version of the application of the Russian social network VKontakte Grigory Klyushnikov created Clubhouse for Android and posted it in the public domain The creator and former developer of VKontakte for Android, Grigory Klyushnikov, created an open-source version of the Clubhouse app for Android OS and published it on the largest web service for hosting IT projects and their joint development, GitHub. Klyushnikov announced this on his Twitter account. The Clubhouse app is a social network based on voice communication without the possibility of recording and further dissemination of what is happening. It was launched in 2020 but became particularly popular in the Russian segment of the Internet in February 2021. The platform is only available to users of the iOS operating system. To use it, you must receive an invitation from an already registered user. It took Klyushnikov a day and a half to develop the project, and he devoted most of his time to ...

  Malwarebytes, an American security firm announced the findings of its annual ‘State of Malware’ report, this report explored the working methodology of employees and cybercriminals. Work from home was the new normal during the Covid-19 pandemic wherein many companies altered their working methodology and started working remotely. The notable change was in the working methodology of the threat actors, they were more focused on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated assaults. Last year, threat actors targeted many high-profile firms and popular personalities which included hacking the accounts of famous personalities such as Barack Obama, Jeff Bezos, and Elon Musk; attacking FireEye and SolarWinds via supply chain and the Marriott hotel which recorded theft of the records of 5.2 million guests. Marcin Kleczynski, CEO of Malwarebytes stated, “this past year has taught us that cybercriminals are increasingly formidable, pla...

A serious security vulnerability affected the Python language that could potentially lead to remote code… A Python Vulnerability Could Allow Remote Code Execution Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/3aLMlIp

The Brave browser offers Tor support with its private mode. It means this privacy-oriented feature… Brave Browser Tor Mode Leaked .Onion Addresses To ISP – Glitch Fixed on Latest Hacking News . from Latest Hacking News https://ift.tt/37I8XYm

  With more mobile apps entering the new world of smartphone users, only a few know about the dangers of the gizmo. A recent report demonstrated that enabling apps with required permissions and accessing these apps could contribute to the leakage of personal data via the phone tracking feature. The privacy impacts of some of the permissions provided to apps and services are not known by mobile users and researchers were able to classify what kind of data is being obtained from apps with tracking feature.  Two researchers from the University of Bologna, Italy, and Benjamin Baron from University College London, UK, are indeed studying how the processing of these data could constitute an invasion of consumer privacy. To this end, the investigators have built a smartphone app – TrackingAdvisor – which captures user location simultaneously. The app may collect personal information from the same data and request users to provide input about the validity of information in terms of...

  A Chinese hacking group allegedly "cloned" and deployed a zero-day exploit created by the U.S. National Security Agency's Equation Group before Microsoft fixed the Windows vulnerability that was being misused in 2017, as indicated by an analysis published on Monday by Check Point Research. For quite a long while, researchers had presumed the Chinese hacking group known as APT31 or Zirconium had built up an exploit tool to take advantage of a vulnerability tracked as CVE-2017-0005 and found in more seasoned renditions of Windows, like Windows 7 and Windows 8, as indicated by the report.  The report brings up additional questions about how some of the NSA's most valued cyberweapons have been found or stolen by nation-state hacking groups and then turned on their developers over the years. In May 2019, Symantec published a similar report that found another group of hackers had taken and exploited cyber tools developed by the NSA. Both the Symantec and Check Point re...

A management system that enables you to follow the right (EHS) practices to protect the… How to Choose the Right EHS Management Software on Latest Hacking News . from Latest Hacking News https://ift.tt/2ZGQLu2

Even though we all spend a lot of time sitting at a desk, our bodies… Experience-Based Review of Desky Dual Ergo Edge Sit Stand Desk on Latest Hacking News . from Latest Hacking News https://ift.tt/37DdThh

A new Bluetooth overlay skimmer can easily block chip-based cards and hinder transactions. These skimmers… Bluetooth Overlay Skimmer That Blocks Chip-based Transactions on Latest Hacking News . from Latest Hacking News https://ift.tt/37UxREz

  Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps Script business application platform. Threat actors are abusing Google Apps Script domain ‘script.google.com’ to hide their malicious activities from malware scan engines and evade Content Security Policy (CSP) controls. Eric Brandel, a cybersecurity researcher unearthed the scam while analyzing Early Breach Detection data provided by Sansec, a cybersecurity firm focused on fighting digital skimming. Brandel explained that threat actors bank on the fact that the majority of the online stores would have whitelisted all Google subdomains in their respective CSP configuration (a security protocol for blocking suspicious code execution in web apps). They take advantage of this trust and abuse the App script domain to route the stolen data to a server under their possession.  Once, the malicious script was injected by the fraudsters in the e-commerce ...

  The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury, released an advisory on North Korea's cyber-threat to cryptocurrency and on suggestions for mitigating.  Operated with the US government allies, FBI, CISA and the Treasury assess that, Lazarus Group –advanced persistent threat (APT) actors assisted by these agencies in North Korea is targeting the consumers and firms through the dissemination of cryptocurrency trading apps, including crypto-currency exchange and financial service providers, that have been updated to cover.  “This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors,” said CISA Acting Executive Assistant Director of Cybersecurity Matt Hartman. “The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by...

Some serious security vulnerabilities existed in the Ninja Forms WordPress plugin that risked over a… Multiple Vulnerabilities In Ninja Forms WordPress Plugin Could Allow Site Takeovers on Latest Hacking News . from Latest Hacking News https://ift.tt/2Nn7QGS

A serious vulnerability existed in the Agora SDK providing video chat and streaming facility to… Vulnerability In Agora SDK Powering Several Apps Could Allow Spying On Video Calls on Latest Hacking News . from Latest Hacking News https://ift.tt/2NJQQu6

The popular password manager LastPass has recently made an announcement that might not be pleasing… LastPass Free Service Changes – Will Only Support Single Device Type Onward on Latest Hacking News . from Latest Hacking News https://ift.tt/3bwvusr