Cyber Security News

In this article, you’ll find recommendations on making the most of software development in 2021.… 7 Secrets of Successful Software Development Process in 2021 on Latest Hacking News . from Latest Hacking News https://ift.tt/3vZMSiX

Mozilla has recently announced the removal of two Firefox add-ons with a huge number of… Mozilla Removed Two Popular Firefox Add-Ons For Abusing Their Proxy API on Latest Hacking News . from Latest Hacking News https://ift.tt/3mno9lt

While security issues are always huge for the crypto world, the vulnerability in the Polygon… Critical Polygon Blockchain Vulnerability Could Allow Withdrawing Huge Amounts on Latest Hacking News . from Latest Hacking News https://ift.tt/3bmmPcu

Content managers work with the content management systems on a daily basis. Does that mean… Do you need to learn HTML to work as a content manager? on Latest Hacking News . from Latest Hacking News https://ift.tt/3byX2hn

The world we are evolving into today is based on advanced digital technology, having as… Why It’s Important To Protect Your Personal Information on Latest Hacking News . from Latest Hacking News https://ift.tt/3bhWzjb

Heads up, WinRAR users! If you’re still running the older versions of the freeware utility,… Serious RCE Vulnerability Affects Older WinRAR Versions on Latest Hacking News . from Latest Hacking News https://ift.tt/3mbGthn

Despite security measures in place, researchers have found how to analyze and exploit Bluetooth transmissions… Tracking Mobile Devices by Analyzing Bluetooth Transmissions on Latest Hacking News . from Latest Hacking News https://ift.tt/2XPFbzm

Heads up, Chrome and Firefox users! Try not to include any hyphens in your search… A Punctuation Error May Expose Users’ Search Terms to ISPs Via Chrome And Firefox on Latest Hacking News . from Latest Hacking News https://ift.tt/3mgXKWu

The social media giant Facebook has recently announced the release of a new security tool.… Facebook Launched SSRF Dashboard Tool Helps Spot SSRF Bugs on Latest Hacking News . from Latest Hacking News https://ift.tt/3vLaibK

Cloud-based collaboration services are an important tool for any business looking to expand and thrive.… How Your Business Can Benefit From Using Cloud-based Collaboration Services on Latest Hacking News . from Latest Hacking News https://ift.tt/3Ba4lq0

Developed and maintained for quite a while, the password auditing tool “L0phtCrack” now goes open… L0phtCrack Password Auditing Tool Now Available As Open Source on Latest Hacking News . from Latest Hacking News https://ift.tt/2Zt0rf1

Researchers have spotted frequent occurrences of JavaScript obfuscation in regular sites that hackers have also… JavaScript Obfuscation Now Often Used By Hackers To Hide Malware on Latest Hacking News . from Latest Hacking News https://ift.tt/3Eblwt6

Researchers have devised a unique and inexpensive strategy to exfiltrate data from air-gapped networks. Dubbed… LANTENNA Attack – A New Technique To Sniff Data From Air-gapped Networks on Latest Hacking News . from Latest Hacking News https://ift.tt/3BdCRQb

While the patch has arrived, unpatched apps may still cause a roll-back to 2002 due… A GPSd Bug May Push You 20 Years Back From October 24, 2021 on Latest Hacking News . from Latest Hacking News https://ift.tt/2XJn12f

The privacy-oriented Chrome browser alternative Brave has now announced another step to protect users’ searches.… Brave Rolls Out Its Own Search Engine By Default Ditching Google on Latest Hacking News . from Latest Hacking News https://ift.tt/3pAuGeP

After alerting the intended withdrawal for a long time, Google has finally removed FTP with… Google Chrome Removed FTP For Good – Deletes Code With Chrome 95 on Latest Hacking News . from Latest Hacking News https://ift.tt/3EdP5Kv

Researchers have devised a deep-learning algorithm that can effectively guess ATM PINs even if the… The Deep-Learning Algorithm Can Guess an ATM PIN, Even With Keypads Covered on Latest Hacking News . from Latest Hacking News https://ift.tt/3b6r0bZ

The threat actors identified as LightBasin have been targeting the telecom sector for several years.… LightBasin Hacking Group Switches Focus From Windows To Linux To Target Telecom Sector on Latest Hacking News . from Latest Hacking News https://ift.tt/3nnH1Ah

Now that the world has recognized the importance of HTTPS, it’s time to move further… HTTPA – Taking HTTPS Security To The Next Level on Latest Hacking News . from Latest Hacking News https://ift.tt/3b9BR5e

While browser fingerprinting has long been a privacy-intrusive technique for users, it can now pose… Gummy Browsers – An Attack Exploiting Browser Fingerprinting on Latest Hacking News . from Latest Hacking News https://ift.tt/3BblzDp

There are several steps to build a cybersecurity program from scratch. The cost of cybersecurity… How To Build A Cybersecurity Program From Scratch on Latest Hacking News . from Latest Hacking News https://ift.tt/3bcA2UQ

The Japanese messaging service LINE has recently shared details about the mishandling of users’ data… LINE App Admits Limited Mishandling Of User Data – Elaborates On Data Sharing Policies on Latest Hacking News . from Latest Hacking News https://ift.tt/30O78bV

The popular password manager 1password has now come up with a new strategy to keep… 1Password Launches Psst! Tool For Secure Password Sharing on Latest Hacking News . from Latest Hacking News https://ift.tt/3AZNCpj

Researchers have found a serious vulnerability in the Visual Tools DVR that threatens user security.… Critical Vulnerability Cripples Visual Tools DVR Allowing RCE Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/3Gg6CDU

As hackers continue to find more sophisticated ways to exploit site vulnerabilities, it is critical… 5 Website Security Tips on Latest Hacking News . from Latest Hacking News https://ift.tt/3aUREVj

Meltdown and Spectre have long been a nightmare for Intel, since then researchers have devised… Researchers Devise Prefetch Side-Channel Attack Threatening AMD CPUs on Latest Hacking News . from Latest Hacking News https://ift.tt/3jg4Ybf

Introduction If you have been reading the news, you might know that cyber attacks have… Cybersecurity And Web Hosting: What Businesses Need To Know on Latest Hacking News . from Latest Hacking News https://ift.tt/3DILe8a

Heads up, WordPress admins! Make sure to update your websites with the latest WP Fastest… Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress on Latest Hacking News . from Latest Hacking News https://ift.tt/2XkVvYu

Researchers have uncovered how critical vulnerabilities in the OpenSea marketplace allowed crypto thefts via malicious… OpenSea Vulnerabilities Allowed Malicious NFT Uploads To Steal Crypto on Latest Hacking News . from Latest Hacking News https://ift.tt/2Z55vpJ

This week has marked the arrival of scheduled monthly updates from Microsoft. With October Patch… Microsoft October Patch Tuesday Addresses 4 Zero-Day Vulnerabilities on Latest Hacking News . from Latest Hacking News https://ift.tt/3BQ168p

Threats occur, and when they do, they require a response. That’s security at its most… 3 XDR Solutions: Extended Detection And Response Services In 2021 on Latest Hacking News . from Latest Hacking News https://ift.tt/2YRaUAe

David Dufour, Webroot + Carbonite, OpenText Companies Ransomware is no stranger to corporate networks, as… Malware Goes Beyond Ancient Jigsaw on Latest Hacking News . from Latest Hacking News https://ift.tt/2YPbfUt

A severe security vulnerability affected two popular office tools LibreOffice and OpenOffice, allowing signature spoofing.… Vulnerability In LibreOffice And OpenOffice Allows For Spoofing Digital Signatures on Latest Hacking News . from Latest Hacking News https://ift.tt/3AB2gmM

Heads up, Apple users! emergency update iOS 15.0.2 is out to fix a vulnerability that… Apple Patched Zero-Day Vulnerability With iOS 15.0.2 Emergency Update on Latest Hacking News . from Latest Hacking News https://ift.tt/3BEQWaj

Apps built within the Ruby on Rails framework are widely used and increasingly popular, which… 6 Tips to Harden Your Ruby on Rails Applications on Latest Hacking News . from Latest Hacking News https://ift.tt/3AwdFUQ

A researcher discovered a severe vulnerability in the self-destruct message feature of Telegram, leaving deleted… Researcher Disclosed Telegram Vulnerability, Refused Bounty For Staying Quiet on Latest Hacking News . from Latest Hacking News https://ift.tt/3v1Nx2O

Recently, Mozilla has rolled out its Firefox 93 browser version with more privacy features. These… Mozilla Rolled Out Firefox 93 With New Privacy Protection Features on Latest Hacking News . from Latest Hacking News https://ift.tt/3n052xd

Days after the terrible outage that troubled Facebook users globally, Instagram users had to suffer… Facebook’s Sufferings Continue As Instagram Goes Down Again a Week Later on Latest Hacking News . from Latest Hacking News https://ift.tt/3mJlJwE

Although not at supersonic speed, the changes the world experiences in the digital environment multiply,… Growing Threats to Enterprise Security Require a Consolidated Approach on Latest Hacking News . from Latest Hacking News https://ift.tt/3lxi8T3

The US-based streaming platform Twitch has recently suffered a devastating hack losing its source codes… Twitch Disclosed a Massive Hack Leaking Internal Source Codes on Latest Hacking News . from Latest Hacking News https://ift.tt/3FA0uG7

Every organization holds some kind of data. It could be the data of people who… How to Protect Your Enterprise’s Data in a Remote Attack World on Latest Hacking News . from Latest Hacking News https://ift.tt/2YF3MXt

After serving as a trusted login authenticator for years, Yubico has now stepped up to… Yubico’s New Bio Series Security Keys Support Biometric Authentication on Latest Hacking News . from Latest Hacking News https://ift.tt/3FCWrJ2

Introduction  A path traversal attack (also known as directory traversing) aims to gain access to… Navigating Path Traversal Vulnerabilities in Java Applications on Latest Hacking News . from Latest Hacking News https://ift.tt/2YrBgsy

You have the best cyber defenses and security controls in place, and they have done… Why Businesses Need to Refresh Cyber Resilience in the Cloud Era on Latest Hacking News . from Latest Hacking News https://ift.tt/3FqJzFX

Two serious security vulnerabilities in OnionShare could expose users’ data. OnionShare is a secure communication… Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform on Latest Hacking News . from Latest Hacking News https://ift.tt/3iBlB0H

Mobile apps are an excellent way for businesses to serve their clients better without printing… 5 Crucial Tips for Building a Mobile App for Your Business on Latest Hacking News . from Latest Hacking News https://ift.tt/3AelX3r

You may have come across people who were tracked through their phones. This can happen,… 3 Ways the Government Can Track Your Phone on Latest Hacking News . from Latest Hacking News https://ift.tt/3ldqLC0

Global Facebook Services Outage Facebook recently had a terrible outage that caused all its services… Here’s What Caused Facebook’s Global Outage on Latest Hacking News . from Latest Hacking News https://ift.tt/3uJGFal

Days after fixing a zero-day bug, Google has patched two more vulnerabilities in Chrome browser… Google Patched Two Further Zero-Day Vulnerabilities With Latest Chrome Browser Release on Latest Hacking News . from Latest Hacking News https://ift.tt/3l7cJl9

Telegram users need to remain careful as cybercriminals are running malicious campaigns via Telegram bots.… Hackers Try To Steal OTP Via Malicious Telegram Bots In Recent Campaigns on Latest Hacking News . from Latest Hacking News https://ift.tt/3oxNfzO

Researchers have discovered a way that allows an adversary to steal money from Apple Pay… Researchers Discover How Hackers Were Stealing Money Via Apple Pay From iPhones on Latest Hacking News . from Latest Hacking News https://ift.tt/3owS3FA

The social media giant Facebook has released another security tool, “Mariana Trench,” as open-source for… Facebook Releases Android App Security Tool “Mariana Trench” As Open-Source on Latest Hacking News . from Latest Hacking News https://ift.tt/3ou3uxK

Losing access to one’s data is always painful; things get worse when it comes to… Stellar Photo Recovery Review – A Tool to Recover Lost Photos, Videos, And Audio Files on Latest Hacking News . from Latest Hacking News https://ift.tt/3mi7cYt

  The mis-implementation of Elastic Stack, a collection of open-source products that employ APIs for crucial data aggregation, search, and analytics capabilities, has resulted in severe vulnerabilities, according to a new analysis. Researchers from Salt Security uncovered flaws that allowed them to not only conduct attacks in which any user could extract critical customer and system data, but also to create a denial of service condition in which the system would become inaccessible.  “Our latest API security research underscores how prevalent and potentially dangerous API vulnerabilities are. Elastic Stack is widely used and secure, but Salt Labs observed the same architectural design mistakes in almost every environment that uses it,” said Roey Eliyahu, co-founder and CEO, Salt Security. “The Elastic Stack API vulnerability can lead to the exposure of sensitive data that can be used to perpetuate serious fraud and abuse, creating substantial business risk.”  The vu...

Experts believe that the arrest of Ilya Sachkov, the founder and CEO of Group-IB, will not affect the company's work, nor will it affect the Russian information security market. Criminal cases against the heads of companies working in the field of information security have already happened in Russia. On September 28, the office of Group-IB was searched, and the next day the court put the businessman in custody for two months on charges of treason. He might face up to 20 years in prison. It is still unclear what exactly Ilya Sachkov's crime was. Group-IB lawyers are studying the court order, and employees are confident in the innocence of their leader and in his business reputation. At the moment, the technical director and co-founder of Group-IB Dmitry Volkov temporarily heads the company. Ilya Sachkov and Dmitry Volkov opened Group-IB in 2003. The company creates products to combat online fraud, works in the field of computer forensics, consulting and auditing of informati...

The tech giant has announced hefty rewards for bug hunters as part of the new… Google Announced Patch Reward Program For Tsunami Security Scanner on Latest Hacking News . from Latest Hacking News https://ift.tt/3B2NUwv

  In the past few years, two-factor verification is one of the simplest ways for users to safeguard their accounts. It has now become a major target for threat actors. As per Intel 471, a cybersecurity firm, it has observed a rise in services that allow threat actors to hack OTP (one time password) tokens. Intel 471 saw all these services since June which operate via a Telegram bot or provide assistance to customers via a Telegram channel. Through these assistance channels, users mostly share their feats while using this bot and often walk away thousand dollars from target accounts.  Recently, threat actors have been providing access to services that call victims, which on the surface, looks like a genuine call from a bank and then fool victims into providing an OTP or other authentication code into a smartphone to steal and give the codes to the provider. Few services also attack other famous financial services or social media platforms, giving SIM swapping and e-mail phi...

  Kaspersky security researchers have unearthed a new backdoor likely designed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack.  The new malware, dubbed Tomiris, was first identified in June 2021 from samples dating back to February, a month before the “sophisticated second stage backdoor” Sunshuttle was spotted by FireEye and linked to Nobelium. Nobelium is also known by the monikers UNC2452, SolarStorm, StellarParticle, Dark Halo, and Iron Ritual.  "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims. Evidence gathered so far indicates that Dark Halo spent six months inside Orion IT's networks to perfect their attack and make sure that their tampering of the build chain wouldn't cause any adverse effects,” Kaspersky researchers stated....

  Recently a ransomware attack targeted a leading book supplier software, the attack interrupted regular functions of thousands of bookstores in Europe including France, Belgium, and the Netherlands. The data stolen may have included not only personally identifiable information but also payment details.  The ransomware group targeted TiteLive, a French company that provides cloud-based software for book sales and inventory management. Bookstores that have been affected by the ransomware attack included Libris, Aquarius, Donner, Malperthuis, and Atheneum Boekhandels. Additionally, some other clients have also been listed on the company’s website including Paris Libraries, Gallimard, Furet du Nord SciencesPo, and La Pro-Cure.  In order to prevent the ransomware attack from spreading, TiteLive shut down its IT infrastructure, which resulted in a days-long downtime of MediaLog. Media Log includes processing online orders and shipping, cash sales, and customer relationshi...

  In the latest Profero report - Senior Incident Responder Brenton Morris states that RansomeXX decryptors have failed to encrypt different files for the victims that have paid for the ransom demanded by the Linux Vmware ESXI malicious attacker. Profero has found that this RansomExx organization does not lock Linux files appropriately, which might contribute to damaged data during encryption.  Following a reverse engineering process of the RansomExx Linux encrypter, Profero found that perhaps the problem was created by the inadequate encryption of Linux files. The encrypted file would have included encrypted data and unencrypted data afterward if the ransomware were to encrypt a Linux file simultaneously.’  RansomEXX encrypts the disc data and thereafter demands a ransom to acquire the key to decode. Encryption is arranged using the Open Source mbedtls package, so when the virus is activated, it produces a 256-bit key and encodes all the existing files in ECB mode ...

  Authorities in the United States charged a Turkish national for launching distributed denial-of-service (DDoS) assaults against a Chicago-based multinational hospitality company using a now-defunct malware botnet.  Izzet Mert Ozek, 32, is accused of launching attacks against the Chicago multinational in August 2017 using WireX, a botnet developed using Android malware.  According to authorities, Ozek's attacks caused infected Android devices to transmit massive volumes of online traffic to the company's public website and online booking service, leading servers to crash. As per the news release from the US Department of Justice, the charges were announced on September 29 in the Northern District of Illinois.  The press release stated, “In August 2017, IZZET MERT OZEK used the WireX botnet, which consisted of compromised Google Android devices, to direct large amounts of network traffic to the hospitality company’s website, preventing legitimate users from c...

  A new malware named GriftHorse is said to have infected over 10 million Android cell phones. According to the research at mobile security firm Zimperium, the threat group has been executing the campaign since November 2020. The GriftHorse malware was propagated through both Google Play and third-party application stores, according to the research group, and it stole "hundreds of millions of Euros" from victims.  GriftHorse will produce a significant number of notifications and popups when a user downloads any of the malicious programmes, luring consumers in with exceptional discounts or prizes. People who click these are taken to a web page where they must authenticate their phone number in order to gain access to the promotion.  In actuality, GriftHorse's victims are paying for premium SMS services that cost more than $35 per month. GriftHorse operators are thought to have made anywhere from $1.5 million to $4 million per month with this fraud, and their initial ...