Cyber Security News

Fast discharge of the smartphone, the appearance of strange notifications or spam when the screen is locked, blocking antivirus programs - all this may indicate that malicious software is installed on the device. Experts named an unnaturally fast discharge of the battery as one of the main signs of hacking. As a rule, such software runs in the background on your phone, significantly eating up the battery power. Self-restart of the phone is another sign of hacking. Dmitry Galov, a cybersecurity expert at Kaspersky Lab, pointed out that when it comes to banking Trojans, miners, spyware and stalker software, whose task is to remain unnoticed for as long as possible, there are only a few indirect signs of infection. "These signs include fast battery discharge, despite the fact that the phone may be new, the device overheating, the consumption of a large amount of Internet traffic, the appearance of strange notifications or unfamiliar programs that you did not install. And this is ...

These days when attacks occur every minute, cybersecurity has become an utmost priority for individuals… What Can You Learn from a Reverse IP Lookup? on Latest Hacking News . from Latest Hacking News https://ift.tt/3mL4E76

  Mike Sievert, CEO of T-Mobile, is in a spot of bother after a major data breach of the carrier’s servers. In a statement issued last week, he apologized for a data breach but also tried to paint a rosy picture of the data breach by claiming no financial details were stolen but confirmed that millions of social security numbers were compromised. The attack on the carrier’s servers impacted more than 54 million current, former and prospective users. Leaked data included social security numbers, names, contact numbers, driver’s license information, IMEI and IMSI information, and addresses for some, but not financial details. Meanwhile, device identifiers and PINs were obtained for certain accounts.  “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into oth...

Over the past three months, there has been an increase in targeted attacks on Russian companies via email During May-July 2021 Kaspersky Lab prevented more than 100 targeted BEC (Business Email Compromise) attacks against Russian companies. Alexey Marchenko, head of the content filtering methods development department, stressed that such cases have become more frequent lately. The trend was confirmed by market participants, as well as other organizations that specialize in cybersecurity. The attacks targeted companies in the airline, industry, retail, IT and delivery sectors. According to Mr. Marchenko, most often the victims are employees who have access to finances and important documents. He stressed that attacks are usually prepared from several weeks to several months and can lead to multimillion-dollar damage to the organization. "Often, attackers use hacked employee accounts or addresses that are visually similar to the company's official mail but differ by few char...

There is rarely a company today that has not at least part of their environment… Malware Analysis Online: Why You Need It Now For Your Cloud Environment on Latest Hacking News . from Latest Hacking News https://ift.tt/3ywdIyW

Bangkok Airways admitted the data breach happened following an unfortunate cyber attack. While they didn’t… Bangkok Airways Disclosed Data Breach Following A Possible Ransomware Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3yvSG3v

Heads up, crypto users. Another cryptocurrency exchange has suffered a cyber attack losing assets worth… Cream Finance Crypto Exchange Hacked – Lost $29 Million To Attackers on Latest Hacking News . from Latest Hacking News https://ift.tt/3kG6ovz

  Cyberattacks employing a type of ransomware that appeared nearly two years ago have increased in number lately. The ransomware known as LockBit Ransomware, continues to be effective for cyber thieves.  Trend Micro's cybersecurity analysts recently documented an uptick in LockBit ransomware operations that have surged since the beginning of July. This ransomware-as-a-service first surfaced in September 2019 and has been quite successful, although activities have increased relatively during this summertime.  Recently, Envision Credit Union has been the victim of a potential ransomware attack that seized its computer networks. There were clear indications of a suspected ransomware attack that surfaced last week, leading to speculation that the entity responsible for the attack was LockBit 2.0.  LockBit works on the concept of Ransomware as a Service (RaaS), in which they lease out their network and software to legitimate hackers in exchange for a portion of th...

  A new ransomware threat known as LockFile has been affecting organizations all around the world since July. It surfaced with its own set of tactics for getting beyond ransomware security by using a sophisticated approach known as "intermittent encryption."  The operators of ransomware, called LockFile, have been found exploiting recently disclosed vulnerabilities like ProxyShell and PetitPotam to attack Windows servers and install file-encrypting malware that scrambles just every alternate 16 bytes of a file, allowing it to circumvent ransomware defenses.  Mark Loman, Sophos director of engineering, said in a statement, "Partial encryption is generally used by ransomware operators to speed up the encryption process, and we've seen it implemented by BlackMatter, DarkSide, and LockBit 2.0 ransomware.”  "What sets LockFile apart is that, unlike the others, it doesn't encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a do...

  The Phorpiex malware's creators have shut down their botnet and are selling the source code on a dark web cybercrime forum. The ad states that none of the malware's two original authors are participating in maintaining the botnet, which is why they opted to sell its source code. It was posted on 27th August by an individual previously associated with the botnet's operation.  Phorpiex, a long-running botnet notorious for extortion schemes and old-school worms delivered via removable USB drives and instant messaging programmes, has been broadening its architecture in recent years in order to become more durable and deliver more deadly payloads.  These operations had extended to encompass bitcoin mining, which had previously included extortion and spamming. Researchers have noticed an upsurge in data exfiltration and ransomware delivery since 2018, with the bot installer releasing malware such as Avaddon, Knot, BitRansomware (DSoftCrypt/ReadMe), Nemty, GandCrab, and ...

  Ragnarok ransomware group has decided to abandon its operations and has reportedly published the master key that can decrypt files locked with their malware. The ransomware gang did not leave a note explaining their sudden exit and instead replaced all the victims on their leak site with a short instruction on how to decrypt files. Sudden exit   The Ragnarok gang, also known as Asnarok, used the leaked site to release data of the victims who refused to pay the ransom. The leak site has been stripped of all aesthetic factors and only contains a brief text linking to an archive consisting of the master key and the associated binaries that go with it in order to use it. Looking at the leak site, it seems like the ransomware group did not consider shutting down and just wiped everything and shut down their operation.  According to threat intelligence provider HackNotice, the leak site added 12 victims between July 07 and August 16. By listing victims on their webs...

Another public service has suffered a cyberattack. The latest victim is an eye clinic in… Singapore Eye Clinic Suffered Ransomware Attack, Lost 73,000 Patients Data on Latest Hacking News . from Latest Hacking News https://ift.tt/3kAQuCX

FBI has recently issued a detailed alert about the Hive ransomware that is actively targeting… FBI Alerts About Hive Ransomware Amidst Rising Attacks On Healthcare Systems on Latest Hacking News . from Latest Hacking News https://ift.tt/2WAVmQp

A serious security vulnerability in Annke Network Video Recorder (NVR) could allow critical remote code… Critical Vulnerability In Annke Network Video Recorder Could Allow RCE Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/3BlGdBa

One of the oldest and the largest libraries in the US, the Boston Public Library,… Boston Public Library Suffers Outages Following A Cyber Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3zut7Bb

The firm’s CEO has finally come up with an update about the breach that affected… T-Mobile Breach Update: CEO Confirmed Brute Force Attack On Network on Latest Hacking News . from Latest Hacking News https://ift.tt/3BoT2uB

The notorious Ragnarok ransomware has seemingly shut down its operations. Although the gang didn’t appear… Ragnarok Ransomware Released Decryption Keys With No Formal Departure Notice on Latest Hacking News . from Latest Hacking News https://ift.tt/38oyy8H

Another viable spying strategy has surfaced online as researchers teamed up to leverage optical changes… Glowworm Attack Retrieves Sound From Devices Via LED Indicators on Latest Hacking News . from Latest Hacking News https://ift.tt/2WCoaaF

Samsung has recently disclosed a feature already available with its TV sets that can disable… Samsung Release TV Block Feature That Disables Stolen TVs Remotely on Latest Hacking News . from Latest Hacking News https://ift.tt/2UXw2Dh

NSO’s Pegasus spyware keeps making it to the news due to its high stealth functionalities… New iOS Zero-Click Exploited In Bahrain To Deploy Pegasus Spyware on Latest Hacking News . from Latest Hacking News https://ift.tt/38nYph5

A malicious update to the FMWhatsApp WhatsApp mod infects target Android devices with the Triada… Malicious WhatsApp Mod FMWhatsapp Delivers Trojan On Android Devices on Latest Hacking News . from Latest Hacking News https://ift.tt/38mDniS

With so many companies turning to remote work, sensitive enterprise data is flying across the… 7 Security Tools to Safeguard Enterprise Data on Latest Hacking News . from Latest Hacking News https://ift.tt/2WBZMpW

  Researchers at the Cofense Phishing Defense Center (PDC) have been able to dig further into the addressing characteristics of one of the phishing attempt that used Verizon's multimedia messaging service - Vzwpix – employing Cofense Vision.  Verizon's Vzwpix is a genuine multimedia messaging service. It allows users to send emails from mobile phones, which often include the sender's contact number. Fraudsters exploit the popularity of this service by faking an original email address via spoofing.  Cyber attackers could use these services to mass deliver SMS that comes from a mobile number but does not include the sender's name and identity. If somehow the recipient does not recognize the mobile number, then they might be left speculating who had sent these emails.  Hundreds of complaints about Verizon's Vzwpix service domain have been obtained by the Cofense PDC over the last week.  A majority of these messages would be texts or pictures, but investig...

  In elFinder, an open-source web file organizer, security researchers from SonarSource identified five flaws that form a severe vulnerability chain. The elFinder file manager is often used in content management systems and frameworks like WordPress plugins and Symfony bundles to make it easier to manage both local and remote files. It's written in JavaScript with the use of jQuery UI.  The five flaws, termed CVE-2021-32682 as a group, have a CVSS score of 9.8, which means they're highly dangerous. The vulnerability chain impacts elFinder version 2.1.58.  According to the researchers, exploiting the vulnerabilities may allow an intruder to run arbitrary code and instructions on the server hosting the elFinder PHP connector. The vulnerabilities have been patched in elFinder version 2.1.59. The five weaknesses in the chain are classified by researchers as "innocuous bugs" that may be combined to acquire arbitrary code execution.  The researchers noted, "W...

  According to a copy of the email and a cyber security researcher, Microsoft warned thousands of its cloud computing customers, including some of the world's largest organizations, that intruders might read, update, or even delete their major databases. Researchers uncovered a "serious" vulnerability in Cosmos DB, a Microsoft Azure flagship database product, that allows an attacker to read, write, and remove data from Cosmos DB customers.  Microsoft's proprietary database service Cosmos DB was launched in 2017 and is offered through the tech giant's cloud computing platform Azure. Coca-Cola, ExxonMobil, and Schneider Electric are just a few of the world's major organizations that utilize it to manage their data. Many of Microsoft's own programmes, such as Skype, Xbox, and Office, use Cosmos DB.  Wiz's research team realized it was possible to gain access to keys that controlled access to databases owned by tens of thousands of companies. Ami Lut...

Russian banks are going to introduce customer identification by the pattern of veins on their hands. It is assumed that this method of authentication will help to prevent unauthorized access to the savings of citizens. Meanwhile, experts were skeptical about the initiative. In their opinion, the system has significant disadvantages which can be used by criminals. It is worth noting that Russian banks already have biometrics that allow them to identify customers by voice and face. "The palm vein pattern will remove barriers to biometric identification for people with hearing and speech problems due to various reasons," the Central Bank explained. Nikita Durov, Technical director of Check Point Software Technologies in Russia and the CIS, said that with the introduction of the new identification system there are new risks of data substitution by intruders. "Recently, we have witnessed how attackers used neural networks to replace people's faces in photos and video...

  Threat actors responsible for the BazaLoader malware designed a brand-new bait to trick website owners into opening malicious files: fake notifications concerning the internet site being engaged in distributed denial-of-service (DDoS) assaults. The notifications contain a legal risk and a file stored in a Google Drive directory that supposedly provides evidence of the source of the strike.  Phony lawful threats  The DDoS theme is a variation of another bait, a Digital Millennium Copyright Act (DMCA) infringement complaint, link to data that allegedly includes documentation of copyright infringement. Brian Johnson, a website developer, and designer posted last week concerning his two clients receiving legal notifications about their websites being actually hacked to operate DDoS assaults versus a major company (Intuit, Hubspot). The sender was threatened with a lawsuit unless the recipients failed to “immediately clean” their website of the malicious files that...

  The Boston Public Library (BPL) announced on 27th August that its network was compromised on Wednesday, resulting in a system-wide technical outage. BPL stated that the current technical disruption was triggered by a cyberattack on its servers on Wednesday.  BPL hosts nearly 4 million people each year through its central library and twenty-five nearby branches, as well as millions more online. In terms of an overall number of items, it is the third-largest public library in the United States, following the federal Library of Congress and the New York Public Library.  "The library is currently experiencing a significant system outage and online library services that require login are unavailable," a notice on the library's site currently reads.  The library stated, "On Wednesday morning, 8/25, the Boston Public Library experienced a systemwide technical outage due to a cybersecurity attack, pausing public computer and public printing services, as well as som...

  The federal police's Computer Crime Unit is looking into an identity fraud case concerning Catherine De Bolle, the executive head of the EU's law enforcement organization Europol. Fraudsters are masquerading as the director of Europol, the European Union's law enforcement organization, to mislead individuals into providing their financial information.  The European Union Agency for Law Enforcement Cooperation, popularly known as Europol, previously called European Police Office and Europol Drugs Unit, is a law enforcement agency of the European Union (EU) constituted in 1998 to properly manage criminal intelligence and counteract significant global organized crime and terrorism through coexistence among competent authorities of EU member states. The Agency has no executive powers, as well as its personnel, are not authorized to detain suspects or act without prior consent from appropriate authorities in the member states.  According to the Brussels Times, Belgian ...

  The Federal Bureau of Investigation (FBI) has issued a security alert regarding the Hive ransomware attacks, which provides technical data and indicators of compromise related to the gang's operations. The gang recently targeted Memorial Health System, which was compelled to shut down some of its activities.    The new Hive ransomware, according to John Riggi, senior advisor for cybersecurity at the American Hospital Association, is of particular concern to healthcare organizations. Hive has targeted at least 28 companies so far, including Memorial Health System, which was infected by ransomware on August 15. Across Ohio and West Virginia, the non-profit operates a number of hospitals, clinics, and healthcare facilities. The attack, led Memorial, which is situated in Ohio, to stop user access to IT applications. All urgent surgery cases and radiology exams were canceled for August 16th, but all general care visits went through as planned. While systems were restor...

Due to privacy blunders in Microsoft Power Apps, many firms from different sectors leaked data… Misconfigurations in Microsoft Power Apps Leaked Millions Of Records From Multiple Firms on Latest Hacking News . from Latest Hacking News https://ift.tt/2UTaE1Y

Numerous critical security vulnerabilities riddled the file manager plugin elFinder. Exploiting these bugs could allow… Multiple Vulnerabilities Spotted In elFinder File Manager WordPress Plugin on Latest Hacking News . from Latest Hacking News https://ift.tt/3Blrqq9

  Microsoft this week published guidance about three vulnerabilities referred to collectively as ProxyShell days after security researchers at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers were actively trying to exploit them.  The ProxyShell vulnerabilities, which are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, could allow hackers to run arbitrary code on a vulnerable machine without authentication. The first two flaws were fixed in April, while the third received a patch in May. Orange Tsai, a security researcher at consulting firm DEVCORE exploited the ProxyShell vulnerabilities to target a Microsoft Exchange server during the Pwn2Own 2021 hacking contest, but technical details were made public only a few weeks ago, at the Black Hat and DEF CON cybersecurity conferences. Earlier, Orange Tsai had identified the ProxyLogon and ProxyOracle vulnerabilities in Exchange servers. Last week, cybersecurity experts u...

  The American multinational technology conglomerate corporation Cisco Systems, based in San Jose, California - has published six security patches for its high-end 9000 series networking gear, spanning in severity from critical, high, and medium.  Cisco Systems designs, produce and distributes networking gear, software, telecom equipment, and a variety of other high-tech products and services.  Cisco fixed one of the most critical flaws (ranked 9.1 out of 10) that might enable a hostile and unauthorized attacker to read or write arbitrary files on an application protocol interface used in Cisco 9000 series switches meant to operate its software-defined networking data center solutions.  Cisco additionally patched two high-severity Nexus 9000 flaws (CVE-2021-1586 and CVE-2021-1523) as well as three medium-severity flaws (CVE-2021-1583, CVE-2021-1584, CVE-2021-1591). Each of the high-severity flaws (also with a CVSS base score of 8.6) are denial of service issu...

  F5 Security has patched over a dozen critical-severity vulnerabilities in its BIG-IP networking device, including one which was classified as critical severity when exploited under certain conditions.  A privilege escalation flaw, tracked as CVE-2021-23031 affects the BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) Traffic Management User Interface (TMUI).  An authorized attacker who has entry to the Configuration tool can exploit the issue to run arbitrary system commands, create or remove files, and/or discontinue services. Due to the flaw, an attacker can totally compromise the network device.  The vulnerability was assigned a severity level of 8.8, but according to the security notice, users that use the Appliance Mode, which imposes some technical constraints, get a severity value of 9.9 out of 10. As per the security advisory for CVE-2021-23031, the problem is only affecting a small number of clients in critical c...

  Five new research reports outlining malware detected on compromised Pulse Secure devices were issued this week by the US Cybersecurity and Infrastructure Security Agency (CISA). Adversaries have been targeting Pulse Connect Secure VPN appliances to exploit a variety of vulnerabilities, including CVE-2021-22893 and CVE-2021-22937, which were found earlier this year. CISA issued an alert in April this year on assaults on Pulse Secure devices, along with indicators of compromise (IOCs) and details on the malware used by the attackers. Threat actors' tactics, techniques, and procedures (TTPs) are detailed in the malware analysis reports (MARs).  CVE-2021-22893 is a buffer overflow vulnerability in Pulse Connect Secure Collaboration Suite prior to version b9.1R11.4 that allows remote authenticated attackers to execute arbitrary code as the root user through a maliciously crafted meeting room. Two hacking groups have used the zero-day vulnerability in Pulse Secure VPN equipm...

DeviceLock, a Russian manufacturer of anti-data leakage systems, reported that the number of complaints about attempts to hack accounts on Public Services has increased. "Also an increase in offers to sell accounts has been noted in darknet and on closed forums, with their cost dropping from $1.35 at the beginning of the year to $0.40 for new accounts and to $0.05 for used accounts," said Yuri Tomashko, CEO of DeviceLock DLP. According to him, the stolen accounts can be used by fraudsters to apply for online loans and register with bookmakers. "In addition, criminals can apply for tax deductions and subsidies on behalf of the account owner through a personal account on Gosuslugi, and almost always in such cases fake documents are provided," said Mr. Tomashko. "Security should be provided by the administrators of the Gosuslugi website. There was already an attempt to hack, then the database of those who had already been vaccinated against the coronavirus wa...

  Researchers at Trend Micro, have identified and flagged nearly 14 million Linux-based systems that are directly exposed to the internet, making them a lucrative target for attackers to deploy malicious web shells, ransomware, coin miners, and other Trojan horses.  The U.S.-Japanese company published a detailed analysis on the Linux threat setting, highlighting the top threats and flaws that affected the operating system in the first half of 2021, based on the data gathered from honeypots, sensors, and anonymized telemetry. The company, which discovered nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for 29% of the share.  Furthermore, researchers examined more than 50 million events from 100,000 unique Linux hosts and discovered 15 different security weaknesses that have been actively exploited in the wild or have a proof of concept (POC) -  ...