Cyber Security News

Strategic support solutions are often reserved for leading companies. With digitalization expanding rapidly, all businesses… 3 Redefined Trends for Cyber Security Investing (2021) on Latest Hacking News . from Latest Hacking News https://ift.tt/3rKy31z

  In the latest study, researchers at Positive Technologies have documented the evolution of hacker-placed ads on the Dark Web from 2020 to early 2021. It has transformed into a thriving marketplace for cybercriminals who want to buy or sell illegal and malicious goods and services.  The number of ‘access-for-sale’ ads on the dark web has increased seven-fold compared with previous years. Researchers have identified as many as 590 new offers in the first quarter of 2021 alone, which is 83% of all offers in 2020. A contributing factor to this increase is a jump in ransomware attacks, according to the report. Security specialists at the company believe that the profile of threat actors is changing in many ways. The profile of an outside intruder who gains first access to a corporate network is different from a criminal who tracks an attack after breaking inside. Most importantly, the two have different skillsets.  Positive Technologies researchers note that ads prom...

 The Copilot service developed by Microsoft and GitHub specialists, designed to simplify the work of programmers, can be used by hackers to create malicious software Copilot, created by GitHub based on artificial intelligence, acts like keyboards on mobile devices. GitHub introduced this service at the end of June, and its development required the help of OpenAI. Copilot is expected to make life easier for developers. So, during the development of the service, specialists trained it on billions of lines of code. And now, when a developer writes code, GitHub Copilot gives suggestions that can be used for more productive coding. Russian cybersecurity experts believe that innovation of GitHub may be useful not only for software developers, but also for cybercriminals. According to experts, the new program may make it easier for hackers to write code, and they will be able to do it faster. Consequently, the number of authors of such code may increase. Denis Legezo, a senior cybe...

  The cyber-attack that crippled Iran's national railway system at the beginning of the month was caused by a disk-wiping malware strain called Meteor, not a ransomware attack, as per the research published by security firms Amnpardaz and SentinelOne.  According to Reuters, the attack caused train services to be affected as well as the transport ministry's website to fall down. But the assault wasn't simply meant to cause havoc. A number for travelers to contact for further information about the difficulties was also put into displays at train stations by the attackers.  As per Juan Andres Guerrero-Saade, Principal Threat Researcher at SentinelOne, this is the first time this malware has been used and also stated Meteor is yet to be linked to a previously identified group.  Meteor malware: A part of a well-planned attack The Meteor wiper was precisely one of three components of a broader malware arsenal placed on the systems of the Iranian railway computers...

  The Polish authorities have detained two individuals committing so-called ‘Black Box’ attacks, targeting ATMs, whereby criminal offenders attach electronic devices to cash machines and electronically force them into spraying all the money. The Polish authorities did this with the assistance of Europol.  Following the ATM 'jackpotting' attack, which fraudulently led cash machines throughout Europe to deliver Euro 230,000 ($273,000), two Belorussian residents have been arrested.  According to a press statement released on July 29 by Europol, criminals gained access to ATM cables by piercing or mounting pieces, that further connect the equipment to a laptop physically. This was then used to send relay commands to distribute all of the cash in the ATM.  An ATM black-box attack is an ATM cash-out sort, a fraud concerning the financial system where the culprit bores troughs in the top of the cash machine, to obtain access to the internal infrastructure of the ATM...

  After a ransomware cyberattack on its internal information-technology systems, D-BOX Technologies Inc. says it is progressively resuming operations, with restoration work likely to be completed in the coming weeks. Production was never entirely disrupted by the cyberattack, according to the Montreal-based entertainment company, and rehabilitation of its different internal IT systems has begun.  D-BOX creates and redefines realistic, immersive entertainment experiences by using elements such as motion, vibration, and texture to move the body and stimulate the imagination. D-BOX has partnered with some of the world's most innovative firms to provide new ways to improve amazing stories.  The company has postponed the release of its interim financial statements and analysis for the three months ending June 30. The incident had a limited impact on internal systems, and services to studios and theatre operators were unaffected, according to the statement. The company ex...

Two security bugs in Zimbra webmail could allow an adversary to access and control mail… Zimbra Webmail Platform Vulnerabilities Discovered That Could Compromise Mail Servers on Latest Hacking News . from Latest Hacking News https://ift.tt/3ygnIwW

  Computer science student Augusto Zanellato has earned a $50,000 payday following the discovery of a publicly available GitHub Personal Access Token (PAT) which gave access to the Shopify source code repositories.  Zanellato spotted the exposed GitHub token in a .env file while reviewing a public macOS Electron-based app. The vulnerability gave access to both public and private repos and admin privileges, potentially allowing a less ethically-minded individual to tamper with repositories and even plant backdoors. Although Zanellato didn’t realize it at the time, the Electron-based app was developed by a Shopify employee.  "After finding the GitHub token inside the application I tried to use it against the GitHub API to see what token it was, whom it belongs to, what privileges it had etc. I found out that the user in question was a member of the Shopify organization and that he had push and pull access to all the private Shopify repositories," Zanellato explained. ...

  RiskIQ's research team has evaluated the familiar fingerprints campaign in dangerous infrastructure from famous malware families. Their examination of Agent Tesla infrastructure leads them to discover the employment of web solution stack installations for XAMPP Web Server. They examine these identified campaigns using their Internet Intelligence Graph.  The most recent investigation depicts a new insight into the ecosystem of Agent Tesla, the TTP its operatives utilize, and how RiskIQ users potentially can use the XAMPP web component to identify hosts that transmit malware and investigate other possibly harmful infrastructures.  XAMPP is an open-source web server solution stack package produced by Apache Friends, composed primarily of Apache HTTP Server, MariaDB database, and script interpreters created in the PHP and Perl programming languages. XAMPP is a free server solution stack. As the majority of current web server operations employ the same components...

Popular e-commerce platform Shopify had a simple yet serious vulnerability that could have devastating results.… Critical Shopify Vulnerability Exposed GitHub Access Token And Shopify Repos on Latest Hacking News . from Latest Hacking News https://ift.tt/2WBYpYh

Apple has recently rolled out a short macOS and iOS update with a critical security… Apple Patched Zero-Day Bug Under Attack For Mac and iOS Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/2ViTqLw

Another data breach has surfaced online as UC San Diego Health discloses an incident exposing… UC San Diego Health Discloses Data Breach Exposing Personal Information on Latest Hacking News . from Latest Hacking News https://ift.tt/3xeNGj8

A new type of NTLM relay attack dubbed PetiPotam poses a threat to Windows systems’… Microsoft Alerts Users About PetiPotam NTLM Relay Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/378znlp

Although you can export mailboxes from Exchange database to PST by using the “New-MailboxExportRequest” PowerShell… Stellar Converter for EDB Review – Advanced Tool to Convert EDB Files to PST on Latest Hacking News . from Latest Hacking News https://ift.tt/3xe7H9l

  Attackers' evasive methods stretch back to the times when base64 and other popular encoding schemes were utilized.  New Linux shell script methods and techniques are being used by attackers today to deactivate firewalls, monitor agents, and change access control lists (ACLs). The common evasive shell-script techniques are:  1.Uninstalling monitoring agents  Monitoring agents are software elements that track the system's process and network activity on a regular basis. The monitoring agents also produce various logs, which are useful during an incident probe.  The malicious script, discovered in the osquery-based sandbox, attempts to uninstall the cloud-related monitoring agent Aegis (Alibaba Cloud threat detection agent) and terminate the Aliyun service. It also tries to uninstall YunJing, a host security agent from Tencent and BCM client management agent, which is generally installed on Endpoints for risk mitigation.  2.Disabling Firewalls and...

  As part of a fresh campaign that began in May 2021, an Android malware that was discovered misusing accessibility features in the device to steal user credentials from European banking applications has morphed into an altogether new botnet. Oscorp, a mobile malware built to attack several financial targets with the purpose of stealing funds from unsuspecting users, was revealed by Italy's CERT-AGID in late January.  The Oscorp malware, like other Android malware, convinces users to provide them access to the Android Accessibility Service, which allows them to read text on the phone screen, determine an app installation prompt, traverse through the permission list, and install apps on the user's behalf. “Not being able to access the private files of other applications, the actions of these malicious apps are “limited” to the theft of credentials through phishing pages, to blocking the device and possibly to the capture of audio and video,” read the advisory published by I...

The Prosecutor General's Office of the Russian Federation reported that Russia has submitted to the UN the world's first draft convention on countering cybercrime and the criminal use of cryptocurrency. Recall that last year an interdepartmental working group on combating information crime was established, one of the main tasks of which was to develop a draft of a universal comprehensive international convention on combating the use of information and communication technologies for criminal purposes. The project has a number of advantages. It takes into account modern challenges and threats in the field of international information security, including the criminal use of cryptocurrency, introduces new elements of crimes committed using information and communication technologies. It is stressed that Russia was the first country that developed and submitted to the special committee a draft convention to combating information crimes. "Today cyber attacks are as much a we...

  Cybersecurity researchers from South Korean security firm S2W Labs have unearthed two new ransomware groups. A sample of the first group of malware  —  which is identifying itself as 'Haron', was first submitted to VirusTotal on July 19.  According to S2W Lab, the layout, organization, and tactics used by Haron are almost identical to those for Avaddon, the ransomware group that went dark in June after sending a master decryption key to BleepingComputer that victims could use to recover their data. Both groups are targeting high-profile organizations in order to maximize their profits. Haron also runs a “leak site” where it threatens to publish data stolen from companies who refuse to pay for decrypting their files. According to S2W Lab, the engine driving Haron ransomware is Thanos, a separate piece of ransomware that has been around since at least 2019. Haron was developed using a recently published Thanos builder for the C# programming language. Avaddon,...

  The cybersecurity researchers from Safety Detectives uncovered an insecure Microsoft Azure Blob storage server linked to the Raven Hengelsport retail outlet (also called Raven Fishing B.V.), with PIIs presumably accessible for malicious hackers belonging to hundreds of thousands of consumers.  Headquartered in Dronten, Netherlands is Raven Hengelsport, engaged in fishing gear and equipment. While online offering Raven.nl offers a wide choice of products, the corporation has many significant shops in the Netherlands and across Europe.  In early March, the cybersecurity branch of antivirus screening site SafetyDetectives found the unsecured Azure Blob Storage Server with 18 GB of company data spanning at least 246,000 users in over 450,000 entries. Raven provides its clients across the Netherlands and Europe with a large variety of products in the retail industry. The website of Raven.nl works as a fishing supermarket to provide everything from conventional goods su...

While the official Windows 11 is just around the corner, expectedly, the fake installers have… Be Wary Of Fake Windows 11 Installers Bundled With Malware on Latest Hacking News . from Latest Hacking News https://ift.tt/3j6Ijh0

Weeks after bearing with the weird iOS WiFi bug, Apple users can finally be at… Apple Fixed The Nasty iOS WiFi Bug With The Latest iOS 14.7 on Latest Hacking News . from Latest Hacking News https://ift.tt/3rEyudK

Data suggests that 85% of organizations are spending incrementing amounts of time on modifying their… Organizations are Making Incremental Investments on Modifying Web Application Firewall to Stay Ahead of Cybersecurity Threats on Latest Hacking News . from Latest Hacking News https://ift.tt/3rHOjkb

  The Personally Identifiable Information (PII) of approximately 100 million users of local business listing site JustDial was at stake after an Application Programming Interface (API) was left exposed for over a year.  JustDial is an Indian internet technology firm that offers local search for a variety of services in India via phone, Internet, and mobile apps.  However, a fix appears to have protected the PII data, which includes users' names, gender, profile photos, email addresses, phone numbers, and birthdates.  Rajshekhar Rajaharia, an independent internet security researcher who first tweeted about this on Tuesday, informed BusinessLine that after discovering the data breach, he contacted the organization, and it was patched and fixed promptly.  “The company’s data was exposed since March 2020, though we can’t say yet if they have been leaked. We will only know once JustDial releases an audit report on it,” Rajaharia stated.  Further, he ...

  Multiple security flaws have been uncovered in the Zimbra email collaboration software, which could be abused to compromise email accounts by sending a malicious message or even take control of the mail server if it is housed on a cloud infrastructure. Researchers from code quality and security solutions company SonarSource found and reported the flaws in Zimbra 8.8.15 in May 2021, dubbed CVE-2021-35208 and CVE-2021-35209. Since then, Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16 have been released with mitigations.  "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses. "As a result, an attacker would gain unrestricted access to all sent and received emails of all employees."  Zimbra is a cloud-based email, calendar, and collaboration suite for businesses...

The now infamous macOS malware XCSSET has evolved further to steal account logins from different… macOS Malware Now Steals Account Logins Of Telegram, Chrome, And More on Latest Hacking News . from Latest Hacking News https://ift.tt/3BRdN31

  Signal has patched a critical flaw in its Android app that, in some circumstances, sent random unintended images to contacts without an obvious explanation.  The flaw was first reported in December 2020 by Rob Connolly on the app's GitHub page. Despite being known for months, Signal has fixed the bug only recently. While the team faced a backlash over this delay, Greyson Parrelli, Signal’s Android developer confirmed fixing the bug recently. As per his response on the same GitHub thread, Signal has patched the flaw with the release of the Signal Android app version 5.17.  When a user sends an image via the Signal Android app to one of his contacts, the contact would occasionally receive not just the selected image, but additionally a few random, unintended images, that the sender had never sent out, Connolly explained.  “Standard conversation between two users (let’s call them party A and party B). Party A shares a gif (from built-in gif search). Party B re...

While the “Forgot Password” feature in web and mobile apps is meant for convenience, it… Numerous web apps found vulnerable to DNS cache poisoning via ‘forgot password’ feature on Latest Hacking News . from Latest Hacking News https://ift.tt/3yc6MHN

  Malicious malware and websites have targeted both event organizers and regular spectators as the Tokyo Olympics' opening ceremony approaches.  According to Tokyo-based Mitsui Bussan Secure Directions, this malware was published to the VirusTotal malware-scanning site on 20 July and has been identified by numerous antivirus software companies throughout the world.  A fraudulent PDF file masquerades as a Japanese-language document on cyberattacks associated with the Olympics. When users open it, malware enters their computer and deletes the documents. The dubious PDF was allegedly sent to Japanese event officials by hackers in an effort to erase important Olympics-related data.  Takashi Yoshikawa of MBSD cautioned concerning the "wiper" malware. The so-called Olympic Destroyer virus caused severe system interruptions at the 2018 Winter Games in Pyeongchang, South Korea.  TXT, LOG, and CSV files, which can occasionally hold logs, databases, or password ...

  Another latest spam E-mail operation, which abused a technique named "HTML smuggling" to circumvent E-mail security measures and transmit malware on users' devices, was identified by Microsoft's security team. This campaign has been going on for weeks.  Microsoft Corporation is an international American technology firm that develops computer software, consumer devices, computers, and associated services.  HTML smuggling is a method used to overcome security systems by malicious HTML generation behind the firewall - in the browser at the targeted endpoint.  Sandboxes, proxies, and sandboxes leveraging HTML5 and JavaScript characteristics bypass the conventional network security methods such as E-mail scanners. This is by producing the destructive HTML code on the target device in the browser that is already located within the network security perimeter.  Typically network security solutions work by analyzing the 'wire' or information flows from the ...

  Although Windows 11 isn't expected to be released until later this year, hackers have already begun attempting to use it to infect victims with malware. On Friday, security firm Kaspersky warned that crooks were using bogus installers to take advantage of consumers eager to get their hands on the Microsoft operating system update, which is set to be released in the fall.  “Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all),” Kaspersky wrote. The sarcastic "goodies" include anything from harmless adware to password stealers and trojans.  An executable file called 86307 windows 11 build 21996.1 x64 + activator.exe is one example. It certainly appears credible, with a file size of 1.75GB. However, the majority of that space is tak...

Researchers found multiple security vulnerabilities in the Telegram encryption protocol that could potentially risk users’… Numerous Vulnerabilities Discovered In Telegram Encryption Protocol on Latest Hacking News . from Latest Hacking News https://ift.tt/3i7gwNP

Signal has recently addressed a serious vulnerability that would be worrisome for users. A zero-day… Signal Zero-Day Bug Allows for Sending Unintended Images To Contacts on Latest Hacking News . from Latest Hacking News https://ift.tt/3zGvIri

How to make the user experience better for your e-commerce? The simplest answer is to… Making Authentication Safer and Simpler for Customers on Latest Hacking News . from Latest Hacking News https://ift.tt/3f6JZWl

  The officials of Mobile County in southwest Alabama, have finally notified county employees of a computer system breach that compromised employee data along with other sensitive information. Two months ago in May 2021, the County officials discovered malware affecting certain systems. In order to contain the matter and securely restore the systems, officials were forced to shut down the computer system for about three days. The county commission said in a statement issued for employees:  “As previously addressed in statements published by Mobile-area media, Mobile County recently discovered suspicious activity related to some of its computer systems. We immediately shut down and launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. Once the forensic specialists confirmed that our network was secure, we safely restored our systems.” “Although our investigation is ongoing, we have determin...

In life, we do everything we can to stop any risk that could harm us.… What is a Security Theatre and How Is It Impacting the Organisations on Latest Hacking News . from Latest Hacking News https://ift.tt/3rAXHG5

  Q2 2021 was among the most important ransomware periods, with several significant events taking place. Humans witnessed one of the biggest pipelines in the United States being targeted, new ransomware organizations emerging and some others disappearing this quarter. People witnessed renowned cybercriminal forums denouncing ransomware and certain law enforcement activities radically changing some ransomware operations.  According to the recent report by Digital Shadows, a cybersecurity firm, more than 700 firms were attacked with ransomware and their information was dumped on data leak websites in Q2 of 2021. Of the nearly 2,600 victims mentioned on the data leak websites of ransomware, 740 were identified in Q2 2021, depicting a 47% rise over Q1.  Digital Shadows researchers found an increase of 183% between the first quarter of 2012 and the second quarter in the retail sector with ransomware operations.  Q1 2021 was driven by supply chain attacks, such as ...

  According to WhatsApp CEO Will Cathcart, governments used NSO group malware to target high-ranking government officials all around the world.  Cathcart addressed the spyware assaults discovered by the Project Pegasus inquiry with The Guardian, noting they are similar to a 2019 attack against 1,400 WhatsApp users.  Cathcart added, “The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then. This should be a wake-up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.”  NSO Group's military-grade spyware is suspected of being utilized against heads of state, cabinet members, activists, and journalists. Over 50,000 phone numbers have been leaked from the Pegasus project's central breach. The inclusion of a person's phone number on the list, however, does not always indicate that they were efficiently targeted, according to The Gu...