Cyber Security News

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks. "BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said. Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it. According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts. "In most cases, people use the same username and password on a variety of resources:...

A serious universal cross-site scripting (XSS) vulnerability existed in the Microsoft Edge browser. Microsoft Edge… Universal XSS Vulnerability In Microsoft Edge on Latest Hacking News . from Latest Hacking News https://ift.tt/2UhRS3W

Are you a Data Practitioner working in the Big Data space? Do you want to… What is HDFS? Its architecture and its features on Latest Hacking News . from Latest Hacking News https://ift.tt/361Cj2H

  As 5G private networks become more widely available in the next years, security may become a major concern for businesses. According to a report presented at the Mobile World Congress on Monday, significant gaps in mobile operators' security capabilities still prevail.  According to the GSMA and Trend Micro report, 68 percent of carriers already sell private wireless networks to enterprise customers, with the rest expecting to do so by 2025. However, these may not be ready for prime time in terms of security: For example, 41% of surveyed operators claimed they are having difficulty addressing vulnerabilities connected to 5G network virtualization.  In addition, 48% of them indicated they don't have adequate internal knowledge or resources to find and fix security flaws at all. For 39 percent of surveyed operators, a restricted pool of mobile-network security professionals is a contributing cause to the problem.  5G Networks: Diverse Architecture, Diverse Ri...

  Aditi Singh, a 20-year-old Delhi-based ethical hacker, was awarded $30,000 (Rs 22 lakh roughly) for detecting a bug in the Microsoft Azure cloud system. Just two months ago, Aditi uncovered an issue in Facebook and got a $7500 (around Rs 5.5 lakh) bounty.  She further claims that both these firms have a relatively new remote RCE problem, but that is something new and is not paid much attention comparatively. With such weaknesses, hackers can access and maintain information on their internal systems.  Aditi points out that it isn't simple to locate vulnerabilities and that ethical hackers need to keep up with new bugs in their game, report them, and still be eligible for pay-outs. She does not only emphasize getting money but also stresses gaining knowledge and learning about ethical hacking first.  “Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” claimed Aditi, the first one to notice the flaw on the RCE. ...

  A massive breach has purportedly compromised the data of over 700 million LinkedIn users. LinkedIn has a total of 756 million users, which means that this new hack has exposed the data of more than 92 percent of its users. An anonymous hacker is reported to have gotten a fresh dataset including personal information about LinkedIn users. Reportedly, the data exposed includes phone numbers, physical addresses, geolocation data, and inferred salaries.  The data advertised by the hacker is “both authentic and up-to-date,” according to a recent investigation by the publication, with data points ranging from 2020 to 2021. The article goes on to say that the data breached comprises a lot of information. LinkedIn reported a data breach impacting 500 million customers in April, in which personal information such as email addresses, phone numbers, workplace information, complete names, account IDs, links to social network profiles, and gender characteristics were exposed online....

Deputy Secretary of the Security Council of the Russian Federation Oleg Khramov named several countries with which Moscow plans to sign agreements on cooperation in the field of cybersecurity. Mr. Khramov said that intergovernmental cooperation agreements are ready to be signed with Indonesia, Nicaragua and Uzbekistan. Relevant agreements with Iran and Kyrgyzstan were signed this year. "About half a dozen draft agreements are at the stage of expert elaboration or domestic approval," Khramov added. "Russia is ready to cooperate with all states that share its approaches and aim to jointly counter threats to international information security. But, of course, dialogue with our closest partners in the Collective Security Treaty Organization (CSTO), SCO and BRICS will continue to develop as a priority," Khramov stressed. He also noted that cooperation within these associations has a solid legal foundation. Thus, Russia has concluded bilateral agreements with all the...

With the promise of seamless implementation, ease of remote access, cost-saving, and increased productivity, everything… Why Cloud-Based Phone Systems Are the Best Choice for Small Businesses on Latest Hacking News . from Latest Hacking News https://ift.tt/3h6kkhY

Researchers have come up with a fix for how to decrypt lorenz ransomware for free.… A Legit Free Decryptor For Lorenz Ransomware on Latest Hacking News . from Latest Hacking News https://ift.tt/3x5REeD

For computer users, the worst thing that can ever happen to them is a virus… How to Recover Lost Files after Virus Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3x5i1Bo

  Earlier this month, Microsoft signed a driver called Netfilter that turned out to be a malicious network filter rootkit. Krasten Hahn, a G data malware analyst, first identified the rootkit which he later traced, analyzed, and identified as bearing Microsoft’s seal.  When Microsoft researchers analyzed the rootkit, it was found that it communicated with Chinese command-and-control IPs (C2) and as it turns out, these belong to one of the companies called Ningbo Zhuo Zhi Innovation Network Technology Co. Ltd. and was labeled as 'Community Chinese Military' by the United States Department of Defense.  Microsoft said that the threat actor’s goal is to cheat gaming systems. “To use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers,” according to Microsoft’s advisory.  The co...

  The Bit Discovery of Jeremiah Grossman has financed a further $4 million of capital investment to compete with the cluttered attack surface management space.  Mighty Capital with return investor Aligned Partners led the Series B funding round to provide financing, with smaller investments from renowned security professionals like former head of Facebook security - Alex Stamos and Black Hat, including d Jeff Moss, founder of the DEF CON.  Headquartered in Silicon Valley, California, United States, Mighty Capital is a VC company that delivers unique access to 300,000 PMs and a playbook to its portfolio firms to make them clients.  Whereas, Aligned Partners is a venturing capital enterprise, providing its portfolio firms with venture capital skills and allowing entrepreneurs to grow smoothly and efficiently.  Bit Discovery has generated a total of $6.6 million to design and sell an attack-surface management solution to support security programs.  ...

  The personal information of approximately 280,000 students was leaked last week in a cyberattack that targeted the AcadeME company, which serves a variety of colleges and institutions across Israel. Hundreds of thousands of students use AcadeME to get jobs at thousands of companies.  On June 20, a pro-Palestinian Malaysian hacker group known as "DragonForce" claimed that it hacked into AcadeME and stated in a Telegram message, "THE LARGEST AND MOST ADVANCED STUDENT AND GRADUATE RECRUITMENT NETWORK IN ISRAEL Hacked By DragonForce Malaysia."  According to the group, emails, passwords, first and last names, addresses, and even phone numbers of students who were enrolled on AcadeME were leaked. Screenshots of code, server addresses, and a table with email addresses and names were all targeted by DragonForce.  According to May Brooks-Kempler of the Think Safe Cyber Facebook group, the hackers exposed the information of roughly 280,000 students who have utilized...

  Microsoft released Edge browser upgrades last week that addressed two security flaws, one of which is a security bypass flaw that may be used to inject and execute arbitrary code in the context of any website. The flaw, dubbed CVE-2021-34506 (CVSS score: 5.4), is caused by a universal cross-site scripting (UXSS) bug that occurs while using Microsoft Translator to automatically translate web pages using the browser's built-in feature. Microsoft Edge is a cross-platform web browser that was created by the company. It was first released in 2015 for Windows 10 and Xbox One, followed by Android and iOS in 2017, macOS in 2019, and Linux in October 2020 as a preview. Edge was originally designed with Microsoft's proprietary EdgeHTML and Chakra JavaScript engines, resulting in a version known as Microsoft Edge Legacy.  On January 15, 2020, Microsoft announced the public release of the new Edge. Microsoft began rolling out the new version via Windows Update in June 2020 for Win...

A cyber-physical attack is an example of a security breach in cyberspace that impacts the… Tips to Improve Cybersecurity Amidst Cyber Physical Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3dmKD0W

  São Paulo-based medical diagnostic firm Grupo Fleury has suffered a ransomware attack that has impaired business operations after the company shut down its systems. On the 22nd of June, the company website began displaying an alert message, alerting to the fact that its systems were suffering an attack and are no longer accessible. Brazilian healthcare giant provides medical laboratory services across the nation with over 200 service centers and more than 10,000 employees. The company performs approximately 75 million clinical exams in a year. "Please be advised that our systems are currently unavailable and that we are prioritizing the restoration of services. The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services," read the message translated into English.  With their systems being knocked dow...

Security vulnerabilities in the Dell SupportAssist program potentially risked millions of devices globally. Exploiting the… Vulnerabilities In Dell SupportAssist Could Allow Flashing BIOS on Latest Hacking News . from Latest Hacking News https://ift.tt/3y0orSf

The largest medical diagnostic facility in Brazil, Grupo Fleury, has allegedly suffered a ransomware attack.… Grupo Fleury Medical Facility, French Connect Fashion Brand Suffered Ransomware Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3w2wInl

  Zyxel, a manufacturer of enterprise routers and VPN devices, has issued a notification that attackers are targeting its devices and changing configurations to gain remote access to a network.  According to Zyxel, the attacks targeted the USG, ZyWALL, USG FLEX, ATP, and VPN series using on-premise ZLD firmware. All are multi-purpose networking devices that the company sells to enterprise customers as systems that include VPN, firewall, and load balancing.  The company stated in an email, “We recently became aware of a sophisticated threat actor targeting a small subset of Zyxel security appliances that have remote management or SSL VPN enabled.”  As per the vendor's information, the attacks appear to follow the following pattern: The threat actor tries to access a device through WAN, if successful, the threat actor bypasses the authentication and establishes SSL VPN tunnels with unknown user accounts, such as “zyxel slIvpn”, “zyxel ts”, or “zyxel vpn test”, ...

While having a VPN today is a must-have for all internet users, getting one without… Surfshark Review: A Robust Online Privacy Solution on Latest Hacking News . from Latest Hacking News https://ift.tt/3A3woYN

Given the rising instances of cyber-attacks, increasing cyber-surveillance, and aggressive online tracking for data mining,… NordVPN Review – A Trusted Provider Offering The Best Speeds on Latest Hacking News . from Latest Hacking News https://ift.tt/3x0ZsOQ

Researchers have found another way to disrupt  autonomous vehicles. This time, the strategy is to… Poltergeist Attack Targets Self-Driving Cars, Blinding Them Via Audio Signals on Latest Hacking News . from Latest Hacking News https://ift.tt/3dgTX6L

  On Wednesday 23rd of June, cyber-security experts uncovered key vulnerabilities in the Atlassian project and software development platform that might have been exploited to take over the account and control certain apps connected via its single sign-on (SSO) capabilities.  The vulnerabilities are due to Atlassian using SSO to ensure the uninterrupted navigation of the above-mentioned domains, thereby attempting to create a possible attack scenario involving the use of XSS and CSRF to inject malicious code into the portal and leveraging a session fixation error in the event of a valid user session. Though these vulnerabilities have been patched.  On January 08, 2021, the Australian company delivered a patch for its upgrades, after Atlassian was notified of the problem. The issues in the sub-domains include –  jira.atlassian.com  confluence.atlassian.com  getsupport.atlassian.com  partners.atlassian.com  developer.atlassian.com  s...

  The whole goal of using a network-attached storage device is to have a hard drive where you can back up vital data and then retrieve the files when you're out and about. Unknown hackers, on the other hand, are turning Western Digital My Book NAS hard drives into nightmare backup tools by infiltrating users' computers and deleting all of their data. The My Books are controlled by WD My Book Live, an app that allows consumers to access their data and manage their NAS from anywhere.  Last week, the drive manufacturer stated that certain owners' network-connected storage had been accessed unofficially and a complete reset had been triggered, though specifics on how seriously individuals should be concerned are still emerging. Western Digital said the WD My Book Live and WD My Book Live Duo drives are affected. They were first introduced in 2010, and the most recent firmware update was in 2015. The business has not stated how many drives are in circulation or estimated how...

What do you think the most important elements of an internet store are? This is,… No more hide and seek with the Magento 2 Elasticsearch module on Latest Hacking News . from Latest Hacking News https://ift.tt/3A3PTAE

Reverse phone lookup is a standard clause that allows anyone to look up their name,… How to Do a Successful Reverse Phone Lookup? on Latest Hacking News . from Latest Hacking News https://ift.tt/3dhCACA

It is expected that around 75 billion devices will be connected to the internet by… The Common Reasons Behind Hacking-What Motivates them to do it? on Latest Hacking News . from Latest Hacking News https://ift.tt/3qsJ6Mp

If you are a modern-day Internet user, you must be aware of the difference between… How to Protect Yourself Online when Browsing the Dark Web? on Latest Hacking News . from Latest Hacking News https://ift.tt/3A1ooaJ

  Avast researchers published a report on Thursday regarding the discovery of a cryptocurrency mining malware that abuses Windows Safe mode and has likely generated more than 9,000 Monero coins (estimated today at around $2 million) after exploiting more than 222,000 Windows systems since 2018. The latest version of Crackonosh, as Avast dubbed it, spreads through illegal and cracked copies of popular software also known as “warez” which is distributed on various torrent sites and forums. The malware continues to infect systems worldwide, affecting 222,000 unique devices in more than a dozen countries since December 2020. As of May, the malware was still getting about 1,000 hits a day. The researchers already spotted 30 different versions of the malware, with the latest one that was published in November 2020.  According to Daniel Beneš, a malware analyst for antivirus maker Avast, the worst-hit region is the Philippines, with 18,448 victims; followed by Brazil (16,584)...

The developers behind the popular privacy-focused browser Brave have now launched Brave Search. This search… Brave Browser Launches a Beta Version of Their New Search Engine on Latest Hacking News . from Latest Hacking News https://ift.tt/2UJSeQY

  On 16 April 2021, security researcher Jeremiah Fowler together with the Website Planet Research Team revealed a non-password secured database with less than one billion records. The leaked documents included WordPress account user names, display names, and emails.  Over 800 million WordPress-linked records are leaked in this misconfigured cloud database. There are many internal documents leaked that should not be available to the general public in the monitoring and file logs.  Multiple references to DreamHost were discovered upon further study. The well-known hosting company for over 1.5 million websites is also an easy way to install, the famous WordPress blog platform. DreamPress is Dream Host's Managed WordPress hosting, as per their website. It's a scalable solution that can administer WordPress websites for users.  They uncovered 814 million records from the managed WordPress hosting company DreamPress, which appeared to be from 2018.  Allegedl...

  Researchers have uncovered a variant of cryptocurrency-mining malware that exploits Windows Safe Mode during attacks.  Researchers at Avast have termed the malware Crackonosh, and it spreads through pirated and cracked software, which may be found through torrents, forums, and "warez" websites.  Upon seeing reports on Reddit of Avast antivirus users who were concerned about the sudden disappearance of the antivirus program from their system files, the team investigated the matter and discovered it was the result of a malware infection.  Since at least June 2018, Crackonosh has been in circulation, and when a victim runs a file that they think is a cracked version of genuine software, the virus gets installed as well. The infection chain starts with the distribution of an installer and a script that changes the Windows registry to allow the main malware executable to run in Safe mode. On the subsequent startup, the infected system is set to launch in Safe Mo...

  On Friday, Microsoft revealed that an attacker gained access to one of its customer-service agents and then used the data to begin hacking attempts against customers. The company claimed it discovered the breach while responding to hacks by a group it blames for previous significant breaches at SolarWinds and Microsoft.  Microsoft stated that the impacted consumers had been notified. According to a copy of one warning seen by Reuters, the attacker belonged to the Microsoft-designated Nobelium group and had access in the second half of May. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," according to the warning. The US government has officially blamed the Russian government for the earlier assaults, which it denies.  Microsoft claimed it had discovered a breach of its own agent, who it said had limited powers, afte...

  According to Akamai, a content delivery network (CDN), the gaming business has seen more cyberattacks than any other industry during the COVID-19 pandemic. Between 2019 and 2020, web application attacks against gaming organizations increased by 340 %, and by as high as 415 % between 2018 and 2020. “In 2020, Akamai tracked 246,064,297 web application attacks in the gaming industry, representing about 4% of the 6.3 billion attacks we tracked globally,” reads Akamai’s Gaming in a Pandemic report.  Cybercriminals frequently used Discord to coordinate their operations and discuss best practices on various techniques such as SQL Injection (SQLi), Local File Inclusion (LFI), and Cross-Site Scripting (XSS), according to the company. SQLi assaults were the most common, accounting for 59% of all attacks, followed by LFI attacks, which accounted for nearly a quarter of all attacks, and XSS attacks, which accounted for only 8%.  “Criminals are relentless, and we have the data...

  VMware, the California-based cloud computing and virtualization technology firm has patched an authentication bypass vulnerability in its Carbon Black App Control (AppC) management server. According to VMware’s advisory, the authentication-bypass vulnerability affected AppC versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x.  The flaw tracked as CVE-2021-21998, falls into a highly critical range with a maximum CVSSv3 base score of 9.4 out of 10.A malicious actor with network access to the VMware Carbon Black App Control management server might be able to gain administrative privileges to the application without the need to authenticate, VMware explained.  However, even if the attacker doesn’t need valid credentials for the target application, they would still have to first gain network access to the VMware Carbon Black App Control management server for the attack to succeed, VMware explains in an advisory. AppC is designed to strengthen the security of servers and to preve...

  A new Trojan written in the Go programming language has shifted its focus from government agencies to schools in the United States.  The malware, termed ChaChi, is also being utilized as a critical component in initiating ransomware assaults, according to a research team from BlackBerry Threat Research and Intelligence. ChaChi is built in GoLang (Go), a programming language used with threat actors as a replacement for C and C++ because of its flexibility and simplicity of cross-platform code compilation. Over the last two years, there has been a 2,000 percent growth in Go-based malware strains, according to Intezer.  ChaChi was spotted in the first half of 2020 and the original variant of the Remote Access Trojan (RAT) has been linked to cyberattacks against French local government bodies, as documented by CERT France in an Indicators of Compromise (IoC) report (.PDF); nevertheless, a considerably more sophisticated variation has since emerged.  The most re...

  Mercedes-Benz USA stated on Thursday 24th of June, that sensitive information was made inadvisably accessible on a cloud storage network for over 1,000 customers and prospective buyers.  On 11 June 2021, Mercedes-Benz was told by a salesperson that sensitive personal data on cloud storage was mistakenly made available to fewer than 1000 Mercedes-Benz customers and interested buyers. This confirmation was made in consultation with the vendor as part of a continuing investigation. The problem was discovered through an external safety researcher's effort. They believe that the information was entered between 01 January 2014 and 19 June 2017 by customers and interested buyers on the Mercedes-Benz websites. As a consequence of this event, no Mercedes-Benz system has been hacked and there is no sign of malpractice for any Mercedes-Benz data at this time.  For MBUSA, data safety is a major issue. The seller stated that the problem is fixed and no replication is possibl...

According to the Russian Foreign Ministry, the words of White House spokesman Jen Psaki that the United States does not intend to warn Moscow about retaliatory cyber attacks are perplexing. On Monday Psaki said that at the summit in Geneva, the US president Joe Biden mentioned hacking attacks on American facilities, which are blamed on Russia. As Russian Foreign Ministry spokeswoman Maria Zakharova noted, Psaki's statement is surprising in the context of the Geneva talks, after which the sides announced their intention to begin consultations on cybersecurity. "It seems that the United States is still trying to retain the right to launch cyber attacks based on fake Russian accusations of cyber attacks," Zakharova stressed at the briefing. According to her, if Washington commits a cyber attack without warning, it will be an unannounced attack first. "We really want Washington to take these words seriously," the Foreign Ministry representative added. Zakharo...

  Earlier this year in January 2021, Cloud security researchers from Wiz.io accidentally uncovered a ‘novel’ class of Domain Name Service (DNS) flaws in Amazon Web Services' Route53. Researchers were left surprised after they realized that its self-service domain registration system is allowing them to create a new hosted zone with the same name as the real AWS name server and directed it to their IP address.  Cloud security researchers received traffic from more than 15,000 different AWS customers and a million endpoint devices, all after registering a bogus AWS name server as ns-852.awsdns-42.net, the same name as an actual AWS name server. However, researchers managed to gather a treasure trove of information on Fortune 500 companies including 45 US government agencies and 85 government agencies overseas. "We were trying to figure out how to break DNS and we had no idea what traffic we were getting at first. In theory, if you register a name server name ... it shouldn...