Security Affairs
- Group-IB blocked more than 180,000 links to pirated copies of Game of Thrones 21 mai 2019
Since April 2019, Group-IB has successfully blocked more than 43,000 links to pirated copies of the Game of Thrones Season 8 on pirate websites, forums, and social media As the Game of Thrones saga came to a close (no spoilers here), Group-IB has summed up the results of its anti-piracy campaign during Season 8 of the Game of Thrones – one of the biggest franchises in the TV history. Since April 2 … - After latest Microsoft Windows updates some PCs running Sophos AV not boot 21 mai 2019
Sophos is warning users of potential problems with the recent Microsoft’s Patch Tuesday updates and is saying to roll back it if they want the PC to boot. The security firm has informed its customers of potential problems with the latest Microsoft’s Patch Tuesday updates and is asking them to uninstall the patch if they want the machine to boot. This means that the machine could be exp … - MuddyWater BlackWater campaign used new anti-detection techniques 21 mai 2019
A recent MuddyWater campaign tracked as BlackWater shows that the APT group added new anti-detection techniques to its arsenal. Security experts at Cisco Talos attributed the recently spotted campaign tracked as “BlackWater” to the MuddyWater APT group (aka SeedWorm and TEMP.Zagros). The researchers also pointed out that the cyber espionage group has been updating its tactics, techniq … - US Commerce Department delays Huawei ban for 90 Days 21 mai 2019
US Commerce Department will delay 90 days before to apply the announced Huawei ban to avoid huge disruption of the operations. During the weekend, the Reuters agency revealed in exclusive that Alphabet Inc’s Google has suspended some business with Huawei after Trump’s ban on the telco giant. On Thursday, President Trump added Huawei Technologies to a trade blacklist, but on Friday, the U.S. Commer … - Data belonging to Instagram influencers and celebrities exposed online 20 mai 2019
A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication. The unprotected database was discovered by the security researcher A … - Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS 20 mai 2019
Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a … - Defiant Tech firm who operated LeakedSource pleads guilty 20 mai 2019
The Royal Canadian Mounted Police (RCMP), announced that the company behind LeakedSource, Defiant Tech Inc., pleads guilty in Canada. Defiant Tech Inc., the company behind the LeakedSource.com website, pleaded guilty in Canada. The LeakedSource website was launched in late 2015, in January 2017 the popular data breach notification website has been raided by feds. It reported some of the largest da … - Chronicle experts spotted a Linux variant of the Winnti backdoor 20 mai 2019
Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti. The exp … - Google will block Huawei from using Android and its services 20 mai 2019
The Reuters agency revealed in exclusive that Alphabet Inc’s Google has suspended some business with Huawei after Trump’s ban on the telco giant. The news a bomb, Google has suspended some business with Huawei after Trump’s ban on the Chinese telco giant. In November, The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastruc … - Amnesty International filed a lawsuit against Israeli surveillance firm NSO 20 mai 2019
Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software. The Israeli firm is now facing a lawsuit backed by Amnesty International, but the non …
The Hackers News
- Core Elastic Stack Security Features Now Available For Free Users As Well 21 mai 2019
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are … - WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization 21 mai 2019
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is … - US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei 21 mai 2019
Google has reportedly suspended all businesses with the world’s second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play Store, as well as Google … - Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016 17 mai 2019
The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other’s PC over the Internet from … - Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed 17 mai 2019
Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its … - 'GozNym' Banking Malware Gang Dismantled by International Law Enforcement 16 mai 2019
In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe, primarily in the United States and Europe, for years. <!– adsense –> GozNym was created by … - Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement 16 mai 2019
A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles. In a security advisory published Wednesday, Google … - New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011 14 mai 2019
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and … - Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues 14 mai 2019
It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction. Out of 79 vulnerabilities, 18 issues … - Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder 14 mai 2019
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., … - Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor 14 mai 2019
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects … - Cryptocurrency Hacks Still Growing — What Does That Mean for the Industry? 14 mai 2019
Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years. In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year. But beyond the ups and downs in the market for the world’s largest cryptocurrency is a much more sinister … - Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones 14 mai 2019
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few « selected » smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs … - U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million 10 mai 2019
The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called « The Community » and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a method known as « SIM Swapping. » According to the 15-count indictment unsealed today, five Americans … - North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data 10 mai 2019
The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media … - U.S. Charges Chinese Hacker For 2015 Anthem Data Breach 9 mai 2019
The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim Young, and Zhou Zhihong—are charged with four … - Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites 8 mai 2019
Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting … - Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks 8 mai 2019
A bug hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide. … - Google Chrome to Introduce Improved Cookie Controls Against Online Tracking 8 mai 2019
At the company’s I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google in the Chrome web … - Baltimore City Shuts Down Most of Its Servers After Ransomware Attack 8 mai 2019
For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can’t access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in …
Dark Reading
- To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape 21 mai 2019
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame. - KnowBe4 Focuses on Security Culture with CLTRe Acquisition 21 mai 2019
The acquisition solidifies KnowBe4’s European presence and shows a focus on building and measuring security culture. - Old Threats Are New Again 21 mai 2019
They may look familiar to you, and that isn’t a coincidence. New threats are often just small twists on old ones. - Data Security: Think Beyond the Endpoint 21 mai 2019
A strong data protection strategy is essential as data moves across endpoints and in the cloud. - TeamViewer Admits Breach from 2016 20 mai 2019
The company says it stopped the attack launched by a Chinese hacking group. - DHS Warns of Data Theft via Chinese-Made Drones 20 mai 2019
The drones are reportedly built with parts that can compromise organizations’ data and share it on a server accessible to the Chinese government. - New Trickbot Variant Uses URL Redirection to Spread 20 mai 2019
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms. - 97% of Americans Can't Ace a Basic Security Test 20 mai 2019
Still, a new Google study uncovers a bit of good news, too. - Financial Sector Under Siege 20 mai 2019
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time. - Killer SecOps Skills: Soft Is the New Hard 20 mai 2019
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
gHacks
- Chrome 76: ESC-key use no longer seen as user action to block spam 21 mai 2019
From Chrome 76 on, Google won’t allow sites access to certain APIs anymore based on a user’s use of the ESC-key on such sites to fight abuse. Most modern browsers prevent access to certain APIs open the websites based on user interactions with webpages. Access to certain APIs such as those that allow popups or screen changes, is blocked until the user interacts with the page in question. Downloads … - Ghacks Deals: Degoo Premium: Lifetime 1TB Backup Plan (94% off) 21 mai 2019
Degoo is the product of the Swedish company Degoo Backup AB. Founded in 2012, Deego is available as a free version and two paid subscription options. The Premium version is available for just $49.99 for 1 TB of lifetime storage right now on Ghacks Deals. Options to increase the quota to 2TB, 3TB or 10TB are available as well. Deego is available for the mobile operating systems Android and iOS, and … - Not all extensions will be supported in Thunderbird 68 21 mai 2019
While Thunderbird 60.7.0 will be released later today, work continues on the next major release of the email client, Thunderbird 68.0. Thunderbird development is closely tied to the development of Firefox ESR. Firefox 68.0 ESR will be released on July 9th, 2019 and Thunderbird 68.0 will be released shortly thereafter. The move to a new ESR base introduces a huge number of changes. Extended Support … - Firefox 67.0 Release Information 21 mai 2019
Firefox 67.0 is the new stable version of the web browser. First offered on May 21, 2019, it introduces new features such as private browsing mode extension controls and marks the beginning of the WebRender rollout. Mozilla updates all Firefox versions using the same schedule: Firefox 66 Stable to 67, Firefox 67 Beta to 68, Firefox 68 Nightly to 69, and Firefox ESR 60.6 to 60.7. The release overvi … - Firefox WebRender Rollout begins with the release of Firefox 67 20 mai 2019
Mozilla plans to release Firefox 67 to the Stable channel tomorrow on May 21, 2019. The release was pushed back a week, likely to take into account the time it took to address the add-on signing issue earlier this month. Rollout of a component, called WebRender, begins tomorrow when Firefox 67 is released to the public. WebRender, which was known as Quantum Render previously, is a component that M … - Vivaldi 2.6 will block abusive advertisement by default 20 mai 2019
Vivaldi Technologies is working hard on getting Vivaldi 2.6 out to the browser’s stable channel. The most recent Vivaldi 2.6 snapshot introduces several new features in the browser including one that will block abusive advertisement practices by default. Vivaldi, which is based on Chromium, uses the same blocklist that Google uses for its Chrome web browser. Google started to integrate ad-blocking … - May 2019 updates for Windows 7 and Server 2008 R2 don't play nice with McAfee or Sophos software, again 20 mai 2019
It seems that the saying « history repeats itself » is true, at least when it comes to Microsoft patches. Microsoft released updates for all supported versions of Windows — client and server — on the May 2019 Patch Day. We covered the updates in our monthly security updates overview for Windows. Microsoft confirmed two issue: an update might be installed twice on affected systems, and some UK gove … - IrfanView 4.53 Image Viewer released 20 mai 2019
IrfanView is one of the most advanced image viewers that is available for Windows. IrfanView 4.53 was released last week; it is the first release of the program in 2019 and one that introduces several new features and options. Just like the password manager KeePass, IrfanView belongs to a category of well designed powerful programs for Windows. The program’s main feature is image viewing but it su … - Fix Windows 10 can't be restored after you install an update 19 mai 2019
Windows 10 administrators who install Windows 10 on a computer may receive a stop error when they attempt to restore the system after installing updates. Updates may be installed automatically or manually after Windows 10 is installed on a device. These updates bring the operating system to the newest version and they may patch security issues and introduce other improvements. Windows 10 users who … - Gmail tracks all your purchases, it is difficult to delete them and impossible to stop 18 mai 2019
Google uses its email service Gmail to track purchases that customers of the company made, even on third-party websites like Amazon. Gmail scans emails for receipts and collects these automatically. The purchases are neatly listed on a hard to find Purchases page on Google’s My Account portal. There you find the list of purchases that you made sorted chronologically. The listing goes back to 2015 …
blackMORE Ops
- A .vimrc config file everyone should use 24 avril 2019
Ever had that issue when you login to a Linux terminal, editing a file and the texts are just blue and you can’t read? I’ve had way too many cause default vim/vi config is just bad. I created a good .vimrc config file. Simply create a file with .vimrc name in home directory a paste … The post A .vimrc config file everyone should use appeared first on blackMORE Ops. … - Remove cloud-init from Ubuntu 19 avril 2019
Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Cloud-init is the defacto multi-distribution package that handles early initialization of … The post Remove cloud-init fro … - How to Prevent DOM-based Cross-site Scripting 8 janvier 2019
There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the OWASP Top 10. Malicious JavaScript … The po … - Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown 28 décembre 2018
On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware implementations are vulnerable to the … - How to access Dark Web? 27 décembre 2018
The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything that is illegal to sell … The post How to access Dark Web? appeared first on blackMORE Ops. … - Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu … - Brute Force Attacks Conducted by Cyber Actors 13 décembre 2018
In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as … The post Brute Force Attacks Conducted … - Avoiding Web Application Firewall using Python 21 novembre 2018
Web application firewalls are usually placed in front of the web server to filter the malicious traffic coming towards server. If you arehired as a penetration tester for some company and they forgot to tell you that they are using web application firewall than you might get into a serious mess. The figure below depicts … The post Avoiding Web Application Firewall using Python appeared first … - Targeting websites with Password Reset Poisoning 20 novembre 2018
Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify … - Cyber Actors Target Home and Office Routers and Networked Devices Worldwide 19 novembre 2018
DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions … Th …