Cyber Security News

  LLOYDS BANK has issued an urgent warning to Britons as many have been attacked by a highly dangerous scam text message. The latest phishing campaign once again centres around text messages, as more and more people become used to using their phones to manage their finances. The text reads: “LLOYDS-SECURITY: You have successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04. If this was NOT you, visit: https://payee-confirmationcentre.com.”  The malicious link contained within the text message often directs to a phishing website which can easily extract the personal details of unsuspecting individuals. It may also be the case that websites of this kind can download harmful malware onto a person’s desktop which could access their passwords and other sensitive information. Lloyds Bank has now confirmed the text, and those like it, are a scam that Britons should do their best to avoid. Taking to their social media account, the bank wrote: “This is indeed a scam mes...

The connected home alarm systems from German security firm ABUS had a serious security issue.… Vulnerability In ABUS Secvest Connected Alarms Allowed Remote Disabling on Latest Hacking News . from Latest Hacking News https://ift.tt/3aRgV2Y

  Digital Ocean, a cloud solutions provider, informs certain clients that the billing information they receive may indeed be breached as someone has exploited a flaw inside the central database of the company.  US - Based Digital Ocean, Inc. is a supplier of cloud computing with global data centers located in New York City. Digital Ocean offers cloud services for developers which help build and scale applications distributed across multiple computers concurrently.  Digital Ocean stated in an email to clients that the unauthorized access took place between 9th and 22nd April 2021 but was only "confirmed" seemingly on 26 April.  “An unauthorized user gained access to some of your billing account details through a flaw that has been fixed,” the company told customers. Digital Ocean affirms that only a "small percentage" of its users have been affected and therefore no intervention is necessary.  The billing information leaked includes the name, address, e...

  Click Studios, an Australian password protection company, claims that only a small percentage of its 29,000 customers were impacted by a security breach caused by a compromised update containing malicious code.  In a new advisory posted on their website, Click Studios issued an update on their investigation into the breach which took place between 8:33 p.m. Universal Coordinated Time on April 20 and 12:30 a.m. UCT April 23. During that time, any customer who changed their PasswordState tool may have been hacked. In this incident, it's unclear how Click Studios defines "affected" customers.  According to CSIS Security Group researchers, the compromised update was most likely only the first stage of a multi-stage malware attack. At least one customer downloaded the update, but the attack was stopped before any second-stage malware could be deployed.  “The number of affected customers is still very low. Only customers that performed In-Place Upgrades between t...

  According to a researcher, almost every American's credit score was leaked due to an API platform used by the Experian credit bureau that was left accessible on a lender's website without even basic security safeguards. Experian, for its part, dismissed security experts' fears that the problem could be structural.  The Experian Connect API is a platform that helps lenders to simplify FICO-score queries. According to a published article, Bill Demirkapi, a sophomore at Rochester Institute of Technology, was looking for student loans when he came across a lender who would verify his eligibility with only his name, address, and date of birth. Demirkapi was taken aback and wanted to look into the code, which revealed that the tool was driven by an Experian API, he said. “No one should be able to perform an Experian credit check with only publicly available information,” Demirkapi told Krebs On Security, which was the first to break the story of the leak. “Experian should...

  In today’s age, it is impossible to implement effective cybersecurity technology without depending on innovative technologies like machine learning and artificial intelligence. Machine learning in the field of cybersecurity is a fast-growing trend. But with machine learning and AI there comes a cyber threat. Unlike traditional software, where flaws in design and source code account for most security issues, in AI systems, vulnerabilities can exist in images, audio files, text, and other data used to train and run machine learning models.  What is machine learning?  Machine learning, a subset of AI is helping business organizations to analyze the threats and respond to ‘adversarial attack’ and security incidents. It also helps to automate more boring and tedious tasks that were previously carried out by under-skilled security teams. Now, Google is also using machine learning to examine the threats against mobile endpoints running on Android along with detecting and...

Apple users relying on the AirDrop feature need to remain cautious while using this feature.… Apple AirDrop Vulnerability Exposes Users’ Personal Information – Official Patch Awaited on Latest Hacking News . from Latest Hacking News https://ift.tt/3vsq2z5

  The .Net-based malware has recently been disguised as an installer of the popular secure messaging app, Telegram.  Stealers are pieces of malicious code written with a hit-and-run mindset, intending to find something of value on an infected computer and return it to its owner. These sinister viruses usually infect through a second-stage payload or by masquerading as legitimate apps. One such stealer is Redline Stealer, which is often used by attackers to steal credentials from unsuspecting users. According to Minerva, RedLine Stealer employs evasive techniques to bypass the security products, which begins with the unpacking process. The fake setup file is packed and highly obfuscated, like most of the .Net malware. No known packer is found using Detect-It-Easy, implying that the unpacking must be performed manually.  Most of the variable and function names were scrambled after decompiling the malware, making it difficult to understand the code. The packer develo...

DigitalOCean confirmed the data breach via an email to its customers confirming the exposure of… DigitalOcean Data Breach Exposed Customers’ Billing Information on Latest Hacking News . from Latest Hacking News https://ift.tt/3u30Z5f

  Almost everybody by now is workings from home and 84 percent are worried that new security vulnerabilities have been generated with the quick move towards 100 percent remote working.  Cloud service providers built their administration panels' user interface purposefully to mislead consumers and charge for more services than originally intended.  Although it was never demonstrated as a systematic business strategy, reports and alerts of a data breach have overwhelmed the internet in recent years since a cloud-based database has indeed been misconfigured and confidential information ultimately leaked.  Throughout the past month, Censys, a security company that specializes in census-like inspections on the internet, looked closely at the cloud-based services, hoping to uncover what the best potential origin of misconfiguration might be for cloud-based businesses. As per the study, Censys has found over 1.93 million cloud server databases that have been display...

  According to recent studies, the coronavirus pandemic and working from home (WFH) provisions are triggering a "huge" increase in attacks against financial institutions. The COVID Crime Index 2021 survey, published on Wednesday by BAE Systems Applied Intelligence, looked at how the remote working paradigm is affecting the banking and insurance industries. Cybersecurity analysts expected that every 11 seconds in 2021, a cyberattack will occur. It's almost twice as frequent as it was in 2019 (every 19 seconds), and four times as frequent as it was five years earlier (every 40 seconds in 2016). Cybercrime is estimated to cost the global economy $6.1 trillion a year, making it the world's third-largest economy, behind only the United States and China.  The situation is ripe for manipulation, given that the current pandemic has a greater portion of the population operating from home — and all of the associated disruptions. The harried, rushed, exhausted, and depress...

  Security researchers at SentinelLabs revealed the details of a newly identified NTLM (New Technology LAN Manager) relay attack that exploits a remote procedure call (RPC) flaw to enable elevation of privilege. This new vulnerability in RPC, which apparently impacts all versions of Windows, enables an attacker to escalate privileges from User to Domain Admin, all without requiring interaction from the user (NTLM relay attacks typically do require user intervention).  The researchers used a DCOM client that was instructed to connect to an RPC server, operation that involved two NTLM authentications, one without the sign flag being set, and also leveraged the fact that the DCOM activation service can be abused to trigger RPC authentication.  According to SentinelLabs, the motive behind the attack was that a shell in Session 0, even as a low privileged user, combined with triggering some CLSIDs, could allow the attacker to obtain “an NTLM authentication from the use...

Another serious supply-chain attack has surfaced online potentially affecting thousands of customers. This time, the… Passwordstate Password Manager Suffered Supply-Chain Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3eEMaPP

Apple's database was hacked due to cybersecurity deficiencies of the Taiwanese equipment manufacturer. The stolen information is estimated at $50 million, and the Russian hacker group is to be blamed. Quanta, which produces MacBooks and peripherals for Apple, reported hacking of its own system and theft of engineering, production schemes of current and future products. We are talking, in particular, about the Air 2020, M1 2020 model of laptops and an unreleased copy with additional ports. The group, described as the most dangerous in global cyberspace, REvil, sent an extortion message to Apple with samples of stolen technical files. The hackers are demanding a ransom of $50 million if Quanta pays the full amount by April 27. After that date, the amount will double to $100 million. The message was distributed through the Tor anonymous network connection, protected from eavesdropping. According to profile portal Bleeping Computer, by Saturday, April 24, REvil had published more t...

Researchers have shared details of a new botnet dubbed ‘PARETO’ that exploited hacked Android devices… PARETO Botnet Utilized Hacked Android Phones To Generate Fake Ad Views on Latest Hacking News . from Latest Hacking News https://ift.tt/3xx0uT5

  According to MacRumors, the ransomware group that stole schematics from Apple supplier Quanta Computer last week and threatened to release the trove of documents has mysteriously deleted all references to the extortion attempt from its dark web blog.  Last Tuesday, the ransomware group REvil claimed that it had gained access to Quanta's internal computers and obtained some photographs and schematics of unreleased Apple products. The group requested $50 million from Quanta in order to retrieve the data. However, according to a statement posted on the hacker group's website on April 20, Quanta declined to pay the ransom, which led the criminals to turn their attention to Apple.  The hackers publicly posted a handful of images depicting unreleased product schematics, including in total, 21 images showing different features of an alleged upcoming MacBook Pro, an SD card slot, HDMI slot, and a MagSafe charger, to prove they had hacked into Quanta's servers and to incre...

  The sensitive information of some leading artists has been compromised in data breaches witnessed by the world's biggest online music market. Reverb was infringed after an unprotected database containing consumer details has been leaked online.  Reverb.com is a marketplace for modern, used, and antique music equipment online. David Kalt founded this website in 2013, shortly after acquiring Chicago Music Exchange, but was disappointed with the then available choices for online acquisition and sale of guitars. With even more than 10 million monthly visitors and $47 million in revenue, it has developed into a multimillion-dollar company.  Reverb clients recently received data breach notices which stated that customer details, comprising customer names, addresses, telephone numbers, and email addresses, were leaked as millions of records of the company were found on the web by an independent cybersecurity advisor Volodymyr "Bob" Diachenko on the unprotected Elasticsea...

  Cybercriminals have built a bogus Microsoft DirectX 12 download page in order to spread ransomware that steals cryptocurrency wallets and passwords. Despite the fact that the website has a contact form, a privacy policy, a disclaimer, and a DMCA infringement page, the website and the services it distributes are not valid. Users will be routed to an external website when they press the Download buttons, which will prompt them to download a file. You'll be sent a file called '6080b4 DirectX-12-Down.zip' [VirusTotal] or '6083040a Disclaimer.zip' [VirusTotal] depending on whether you want the 32-bit or 64-bit edition. All of these files contribute to malware that attempts to steal files, passwords, and cryptocurrency wallets from their victims. When the bogus DirectX 12 installers are launched, they silently download and execute malware from a remote site, as discovered by security researcher Oliver Hough. This malware is a data-stealing Trojan that tries to sna...

Blockchain tech is helping the world in more ways than we can think of, and… 5 Cases of Blockchain for Cybersecurity on Latest Hacking News . from Latest Hacking News https://ift.tt/3sXFJwr

Once again, researchers have demonstrated how the convenience of Internet-of-Things (IoT) can lead to security… Vulnerabilities In Cosori Smart Air Fryer Could Allow Remote Code Execution Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/32V1D9g

Following the WhatsApp privacy policy update, Telegram has gained significant popularity among users. Perhaps, that’s… ToxicEye Malware Emerges As The Latest Threat To Telegram on Latest Hacking News . from Latest Hacking News https://ift.tt/32PwHae

  Emotet, one of the most dangerous email spam botnets in recent history, is being wiped out today from all infected devices with the help of a malware module delivered in January by law enforcement. The botnet's takedown is the result of an international law enforcement action that allowed investigators to take control of the Emotet's servers and disrupt the malware's operation.  This specifically designed malware code forced the Emotet to self-destruct on Sunday, April 25. The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in an international law enforcement operation. After the takedown operation, law enforcement pushed a new configuration to active Emotet infections so that the malware would begin to use command and control servers controlled by the Bundeskriminalamt, Germany's federal police agency. Law enforcement then distributed a new Emotet mo...

  While the world was focused on President Donald Trump's departure on Jan. 20, an obscure Florida corporation quietly revealed a shocking development to the world's computer networks: it was now controlling a vast unused swath of the internet that had been owned by the US military for decades.  What happened after that was even stranger when Global Resource Systems LLC, the company, continued to expand its zone of influence. It quickly claimed the Pentagon's 56 million IP addresses. After three months, the number had risen to nearly 175 million dollars. That's nearly 6% of a coveted traditional segment of the internet known as IPv4, where such vast pieces are worth billions of dollars on the open market.  Telecommunications powerhouses of well-known names like AT&T, China Telecom, and Verizon dominate the largest swaths of the internet. Global Resource Systems, a company created only in September with no publicly known federal contracts and no apparent public...

Kaspersky Lab, which specializes in developing systems to protect against cyber threats, reported a fraudulent mailing on behalf of The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), which has become widespread in Russia In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company detected about 4 thousand emails containing fraudulent messages sent to more than 2 thousand e-mail addresses. The mailing peaked on April 16-17, but the messages are still coming in. The purpose of the cyber attack is to infect web resources managed by sysadmins and gain access to the site management. If successful, hackers will be able to create pages, post any information and download files. Under the guise of a regulatory authority, intruders are sending fraudulent notifications about the need to confirm the fact of domain name management. The letter contains instructions acc...

Farming isn’t always safe from cyber threats – at least, that’s what some recently found… Security Vulnerabilities In John Deere API Could Expose Tractor Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/3dXu2BU

A serious remote code execution flaw affected the CocoaPods package manager that could have risked… CocoaPods RCE Vulnerability Could Risk 3 Million Mobile Apps Including Signal on Latest Hacking News . from Latest Hacking News https://ift.tt/3sQxfHn

A serious vulnerability existed in the Homebrew package manager that could allow an attacker to… Homebrew Package Manager Vulnerability Could Allow Code Execution Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/3gICTJs

  As of 22nd April 2021, a Pompompurin named hacker group dropped a database of more than 250 (250,806,711) million American citizens and residents which included their personal and sensitive household information.  The database that was published on a popular hacker forum, included 263 GB of documents, each with 200,000 CSV subfiles. Although the origin of the leak comes from open Apache SOLR on Amazon Web Server, it is not clear who obtained or managed the data. Besides, three separate IP addresses were made accessible for the data which is something the hacker obtained before its owner disabled or reassigned them.  The stolen information is nothing short of a treasure trove for cybercriminals and state-supported hackers as it contained massive amounts of information such as full names, telephone numbers, mailing addresses, DOB, Status of marriage, home developed year, Zip code, gender, house rental, home address, credit capability, political participation, number...

  Due to its intriguing features, the much-hyped announcement of AirDrop at the Apple event drew a lot of attention. However, it has recently been discovered that AirDrop has a security loophole that allows users to see personal information such as email addresses and phone numbers. This may result in a data leak affecting over 1.5 billion Apple users, as well as other security concerns.  According to a study citing researchers from Germany's Technische Universitat Darmstadt, everyone can reach Apple users' email addresses and phone numbers, even if they are strangers, by simply opening the sharing pane on the smartphone and initiating the sharing process. A secure Wi-Fi link and proximity between the two Apple devices are needed to complete this task.  The researchers discovered a flaw in the Contacts Only setting. You use the iOS Sharing function and choose AirDrop as the method to share a file with anyone via AirDrop. If the other person's AirDrop is set to Conta...

A new malicious campaign is active in the wild aiming at WhatsApp users. The campaign… Wormable Malware Comes Back As ‘WhatsApp Pink’ – Now Targets Signal, Telegram Too on Latest Hacking News . from Latest Hacking News https://ift.tt/3xqGZf8

It hasn’t been a while that the forensic firm Cellebrite claimed to have decrypted Signal.… Signal CEO Highlights Vulnerabilities In Cellebrite Software on Latest Hacking News . from Latest Hacking News https://ift.tt/3tU38Ao

SonicWall has recently fixed three zero-day bugs affecting its Email Security products. Though the patches… Three SonicWall Zero-Day Bugs Under Active Attack – Patches Deployed – Update Now on Latest Hacking News . from Latest Hacking News https://ift.tt/3vrcsvX

Once again, the practice of procrastinating updates by the users has let the attackers exploit… Trend Micro Warns Users For Active Exploitation Of An Already-Patched Bug on Latest Hacking News . from Latest Hacking News https://ift.tt/3npejhY

Valve, the giant behind the popular gaming platform Steam, had lately addressed a years-old flaw.… Valve Finally Patched A Steam RCE Vulnerability That Waited A Fix For Two Years on Latest Hacking News . from Latest Hacking News https://ift.tt/2QVAbFw

As ransomware attacks continue to expand their targets, another firm has confessed to having become… Mining Tech Firm Gyrodata Suffered Ransomware Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/32RWFK9

A high-severity vulnerability existed in the open-source Django Debug Toolbar. Exploiting this vulnerability could let… Serious SQL Vulnerability Found In Django Debug Toolbar on Latest Hacking News . from Latest Hacking News https://ift.tt/32TjahK

  Fortinet security researcher ‘accidentally discovered a unique way of tricking YouTube users. Due to Covid-19, as well as the recent surge in the value of the stock market and cryptocurrencies, more people than ever are at home looking for livestock market/crypto-related content on streaming platforms like YouTube, etc. This might be to compensate for the lack of in-person interactions that we would normally have in a non-Covid-19 world, as well as to perhaps make some quick income on the side.  During a random midnight search for similar content, the researcher accidentally stumbled upon a LIVE Bitcoin scam on YouTube (yes, this time it was on YouTube and not on Twitter).  YouTube has various labels/buttons on its home page to identify trending categories of videos, and this one indicated that several scams were streaming “live”. The first video researcher saw after clicking the Live button was titled, “Chamath Palihapitiya - What will be the New World of Finance? ...

A serious vulnerability in the Facebook platform could allow an attacker to delete Live Videos.… Serious Vulnerability In Facebook Could Allow Deleting Live Videos on Latest Hacking News . from Latest Hacking News https://ift.tt/3vojph1

Another software giant has disclosed a security breach that potentially bears a long-term devastating impact.… Codecov Breach Following Supply-Chain Attack Affected Hundreds Of Networks on Latest Hacking News . from Latest Hacking News https://ift.tt/3vgYQTV

  A ransomware group made $260,000 by remotely encrypting files on QNAP computers using the 7zip archive software in an interval of five days. After a ransomware operation called Qlocker exploited vulnerabilities on their computers, QNAP NAS users all over the world discovered their files had been encrypted as of Monday.  While most ransomware groups spend a significant amount of time developing their malware to make it powerful, feature-rich, and safe, the Qlocker gang didn't have to do so. Rather, they scanned for QNAP devices that were connected to the Internet and manipulated them with the recently disclosed flaws.  The threat actors were able to use these exploits to remotely run the 7zip archival utility and password secure all of the files on the victims' NAS storage devices. Using a time-tested encryption algorithm built into the 7zip archive utility, they were able to encrypt over a thousand devices in just five days. To access all of a victim's computers a...

  A threat actor dropped about 20 million Big Basket user reports containing personally identifiable details and hashed passwords on a common hacking forum.  Headquartered in Bangalore, India – Big Basket is an online food supply service. The company mainly provides its customers with food products in convenience shops, home supplies, and food. Big Basket is a famous grocery delivery service platform that enables consumers to purchase and deliver food online.  Lately, a popular dealer of data breaches named Shiny Hunters, on the morning of 26th April, published a free database on a hacker website claiming that it has already been stolen from Big Basket. Last year during November, when the same dealer, Shiny Hunter attempted to sell the data stolen via private sales on some hacking websites, Big Basket confirmed to Bloomberg News that it had experienced a data breach.  “There’s been a data breach and we’ve filed a case with the cybercrime police,” Big Basket C...

  Experts cautioned that a text message scam infecting Android phones is expanding across the UK. The message, which appears to be from a parcel delivery company and instructs users to download a tracking program, is actually a malicious piece of spyware. Flubot can seize over smartphones and spy on phones in order to collect sensitive data, such as online banking information. Vodafone, the network provider, said that millions of text messages had now been transmitted through all networks.  Flubot is the name of malicious malware that attacks Android devices. Flubot is distributed by cybercriminals through SMS messages that include links to download websites for a bogus FedEx program (in at least three languages, including German, Polish, and Hungarian). These websites download a malicious APK file (Android Package File) that installs the banking malware Flubot.  “We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and...