Security Affairs
- Anti-Debugging Techniques from a Complex Visual Basic Packer 17 juillet 2019
One of the latest trends for the attackers is to leverage the ISO files to avoid detection, the technique has also been used in a recent Hawkeye campaign. Introduction As we described in our previous post, one of the latest trends for the attackers is to leverage the ISO files in order to reduce detection chances. This technique has also been used by a recent Hawkeye spreading campaign. “Hawkeye K … - 17 juillet 2019
Tesla paid $10,000 a researcher that found a stored cross-site scripting (XSS) vulnerability that could have been exploited to change vehicle information. The security researcher Sam Curry has earned $10,000 from Tesla after reporting a stored cross-site scripting (XSS) flaw that could have been exploited to obtain vehicle information and potentially modify it. Curry discovered the issue in the so … - 17 juillet 2019
Threat actors used the Extembro DNS-changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS-changer Trojan to prevent users from accessing websites of security vendors. “Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. … - Turla APT group adds Topinambour Trojan to its arsenal 17 juillet 2019
Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been … - Sprint revealed that hackers compromised some customer accounts via Samsung site 16 juillet 2019
US telecommunications company Sprint revealed that hackers compromised an unknown number of customer accounts via the Samsung.com “add a line” website. The mobile network operator Sprint disclosed a security breach, the company revealed that hackers compromised an unknown number of customer accounts via the Samsung.com “add a line” website. “On June 22, Sprint was inf … - A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files 16 juillet 2019
Experts at Vertical Structure and WhiteHat Security discovered a serious flaw that exposed millions of files stored on thousands of exposed Lenovo NAS devices. An analysis conducted by researchers at Vertical Structure and WhiteHat Security allowed discovering a vulnerability in discontinued Iomega/Lenovo NAS devices, tracked as CVE-2019-6160, that exposed millions of files. The discovery was made … - Media File Jacking allows manipulating media files users receive via Android WhatsApp and Telegram 16 juillet 2019
Media File Jacking – Security researchers at Symantec demonstrated how to manipulate media files that can be received via WhatsApp and Telegram Android apps. Security experts at Symantec devised an attack technique dubbed Media File Jacking that could allow attackers to manipulate media files that can be received via WhatsApp and Telegram Android apps. The issue could potentially affect many … - Mysterious hackers steal data of over 70% of Bulgarians 16 juillet 2019
Hackers stole data of millions of Bulgarians, and sent it to local media, According to the media the source could be the National Revenue Agency. Hackers have exfiltrated data from a Bulgarian government system, likely the National Revenue Agency (NRA), and have shared it with the local media. The hackers have stolen the personal details of millions of Bulgarians and sent to the local newspaper do … - iOS URL Scheme expose users to App-in-the-Middle attack 16 juillet 2019
Security experts at Trend Micro have discovered that iOS URL scheme could allow an attacker to hijack users’ accounts via App-in-the-Middle attack. Security experts at Trend Micro devised a new app-in-the-middle attack that could be exploited by a malicious app installed on iOS devices to steal sensitive data from other applications. The attack exploits the implementations of the Custom URL … - DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape 16 juillet 2019
Some of the crooks behind the Dridex Trojan have split from the gang and released a forked version of the BitPaymer ransomware dubbed DoppelPaymer. Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. The group that is known for the distribution of the Dridex Trojan and the Locky ransomware, has released other pieces of malware including the tR …
The Hackers News
- Breach at Bulgaria's Tax Agency Exposed Data of Over 70% Citizens 17 juillet 2019
Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. According to multiple sources in local Bulgarian media, an unknown hacker earlier this week emailed them download links to 11GB of stolen data which included taxpayer’s personal … - EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users 17 juillet 2019
Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It’s a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core … - New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission 17 juillet 2019
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side … - Engage Your Management with the Definitive 'Security for Management' Presentation Template 16 juillet 2019
In every organization, there is a person who’s directly accountable for cybersecurity. The name of the role varies per the organization’s size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They’re the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are … - Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram 16 juillet 2019
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. … - Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu 16 juillet 2019
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web … - iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts 15 juillet 2019
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple’s iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing … - This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes 15 juillet 2019
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user … - Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw 13 juillet 2019
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control … - Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation 13 juillet 2019
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook … - Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits 12 juillet 2019
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That’s definitely a ‘NO,’ which is why there’s a reactive approach in place to … - New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices 11 juillet 2019
Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it’s working perfectly as intended? …Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I’m asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers … - Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets 11 juillet 2019
Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals who inject … - A New Ransomware Is Targeting Network Attached Storage (NAS) Devices 10 juillet 2019
A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users’ important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and … - Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar 10 juillet 2019
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target various mobile platforms including iOS and Android, we well as desktop operating systems. Gamma … - Hackers' Operating System Kali Linux Released for Raspberry Pi 4 10 juillet 2019
We’ve got some really exciting news for you… Offensive Security has released an official version of Kali Linux for Raspberry Pi 4—the most powerful version of the compact computer board yet that was released just two weeks ago with the full 4GB of RAM at low cost and easy accessibility. Based on Debian, Kali Linux has always been the number one operating system for ethical hackers and … - Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach 9 juillet 2019
After fining British Airways with a record fine of £183 million earlier this week, the UK’s data privacy regulator is now planning to slap world’s biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach. This is the second major penalty notice in the last two days that hit companies for failing to protect its customers’ personal and … - Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack 9 juillet 2019
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure … - Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library 9 juillet 2019
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, … - Dashboards to Use on Palo Alto Networks for Effective Management 9 juillet 2019
Enterprises should expect to see more cyber attacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used by hackers to extort them. Enterprises are now aggressively shifting their workloads to the cloud …
Dark Reading
- MITRE ATT&CK Framework Not Just for the Big Guys 17 juillet 2019
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK’s common language. - Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices 17 juillet 2019
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access. - 800K Systems Still Vulnerable to BlueKeep 17 juillet 2019
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says. - Sprint Reveals Account Breach via Samsung Website 17 juillet 2019
The last-June breach exposed data including names, phone numbers, and account numbers. - A Password Management Report Card 17 juillet 2019
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings. - Data Loss, Leakage Top Cloud Security Concerns 17 juillet 2019
Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers. - For Real Security, Don't Let Failure Be Your Measure of Success 17 juillet 2019
For too long, we’ve focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will). - Master Next-Level Network Defense Techniques at Black Hat USA 17 juillet 2019
Brush up on new DDOS defense tricks, 5G network vulnerabilities, and applications of military strategy to cybersecurity. - The 10 Essentials of Infosec Forensics 17 juillet 2019
Whether it’s your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery. - Lenovo NAS Firmware Flaw Exposes Stored Data 16 juillet 2019
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
gHacks
- Media Player Classic – Black Edition is a lightweight video player for Windows 17 juillet 2019
Media Player Classic – Black Edition has been around for a long time, and I’m quite certain some of you maybe using it. Some of you may prefer Media Player Classic – Home Cinema, which is still being updated. Both programs are quite identical, because they are based on the original Media Player Classic. In fact, MPC – BE is a fork of MPC-HC, so it can play all video formats that HC supports. But M … - Beware: CCleaner may install CCleaner Browser and remap file associations 17 juillet 2019
CCleaner, the popular Windows file cleaning software, may install the web browser CCleaner Browser as part of the installation process if users are not careful. CCleaner bundles third-party offers — technically not all offers are third-party as you find Avast Browser, Avast is the parent company of Piriform which develops CCleaner, and not also CCleaner Browser, another first-party project, among … - NewFileGo for Windows: watch for new files and execute programs automatically 17 juillet 2019
NewFileGo is a portable software program for Microsoft’s Windows operating system that Windows users may use to monitor directories for new files matching set rules to execute commands automatically. Basic examples where something like this may be useful include moving digital camera photos to another directory once they are transferred to the system, extracting downloaded archives automatically, … - Next up for Firefox's Tracking Protection: Social Media tracker blocking 17 juillet 2019
Mozilla plans to extend the functionality of Firefox’s Tracking Protection feature soon by adding Social Media tracker blocking to the list of protections. Social Media tracker blocking is not an entirely new feature but Mozilla wants to move it into its own Tracking Protection category and improve it at the same time. Tracking Protection is a built-in feature of the Firefox web browser that has b … - ClipAngel is an open-source clipboard manager for Windows 16 juillet 2019
A Clipboard manager can be a very useful tool, especially if you do a lot of writing and calculating work. It can store a history of the text that you copy using CTRL + C or a right-click and copy. This can be very useful to have, in case you want to go revisit something that you copied to the clipboard, something that the default clipboard manager in Windows is incapable of. We have reviewed plen … - Leaving Windows for Manjaro KDE: Post-Installation First-Steps 16 juillet 2019
Previously I wrote an article where I recommend Manjaro KDE Edition for Windows 7 Refugees and I felt like I should follow-up with some changes and first-steps that I think would make the transition for Windows users who followed my advice much easier. I’ll skip the fluff, and just assume that you’ve completely wiped Windows, and have installed Manjaro KDE Edition. This article will not touch on t … - Ghacks Deals: Degoo Premium: Lifetime Backup Plan (Price Drop) 16 juillet 2019
If you are still looking for a backup solution or want a second backup provider just for backup² purposes, you may be interested in Degoo Premium. Available as 1, 2, 3, and 10 TB lifetime plans, Degoo offers mobile apps and desktop programs, and encrypts all data using 256-bit AES encryption. The company highlights the security features more than anything else; these include a top secret feature t … - Any Google Photos media (photos, videos) you share becomes public 16 juillet 2019
Google Photos is a popular photo hosting service and application that millions of people use on a daily basis. Part of its popularity comes from the fact that the service is deeply integrated into most Android devices. Google Photos supports management features including options to view photos, create albums, and share photos or albums with others. Sharing works fluently; if you use the web versio … - How to load SWF files on the desktop 16 juillet 2019
Adobe will retire Flash in late 2020 and all major browser makers announced that they would end support for Flash in 2020 in the browsers as well. Mozilla will set Flash to disabled in Firefox 69 by default, and Google made Flash usage in Chrome more annoying with the release of Chrome 76. Some web browsers, Pale Moon being one of them, will retain support for NPAPI plugins and thus Adobe Flash ev … - To Google Translate is a useful translator add-on for Firefox 15 juillet 2019
As a freelance writer, sometimes I have to read foreign language material or a webpage for reference. I have always felt this way, and I’m quite certain that I’m not alone in this, but Google Translate is often terrible. Machined-based translation services often get the meaning of a word or sentence wrong. Google switched to neural networks in 2016 to improve translations and while it appears that …
blackMORE Ops
- A .vimrc config file everyone should use 24 avril 2019
Ever had that issue when you login to a Linux terminal, editing a file and the texts are just blue and you can’t read? I’ve had way too many cause default vim/vi config is just bad. I created a good .vimrc config file. Simply create a file with .vimrc name in home directory a paste … The post A .vimrc config file everyone should use appeared first on blackMORE Ops. … - Remove cloud-init from Ubuntu 19 avril 2019
Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Cloud-init is the defacto multi-distribution package that handles early initialization of … The post Remove cloud-init fro … - How to Prevent DOM-based Cross-site Scripting 8 janvier 2019
There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the OWASP Top 10. Malicious JavaScript … The po … - Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown 28 décembre 2018
On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware implementations are vulnerable to the … - How to access Dark Web? 27 décembre 2018
The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything that is illegal to sell … The post How to access Dark Web? appeared first on blackMORE Ops. … - Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu … - Brute Force Attacks Conducted by Cyber Actors 13 décembre 2018
In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as … The post Brute Force Attacks Conducted … - Avoiding Web Application Firewall using Python 21 novembre 2018
Web application firewalls are usually placed in front of the web server to filter the malicious traffic coming towards server. If you arehired as a penetration tester for some company and they forgot to tell you that they are using web application firewall than you might get into a serious mess. The figure below depicts … The post Avoiding Web Application Firewall using Python appeared first … - Targeting websites with Password Reset Poisoning 20 novembre 2018
Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify … - Cyber Actors Target Home and Office Routers and Networked Devices Worldwide 19 novembre 2018
DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions … Th …