Security Affairs
- 7 août 2020Did Maze ransomware operators steal 10 GB of data from Canon?
An internal memo confirms that the prolonged outage suffered by Canon last week was caused by a ransomware infection, Maze operators took credit for it. According to an internal memo obtained by ZDNet, the recent outage of Canon was caused by a ransomware attack, while Maze ransomware operators are taking the credit for the incident. The memo also reveals that the company has hired an external sec … - 7 août 2020Intel investigates security breach after the leak of 20GB of internal documents
Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. Intel is investigating reports that an alleged hacker has leaked 20GB of exfiltrated from its systems. The stolen data includes source code and developer documents and tools, some documents are labeled as “confidential” or “restricted secret.” Th … - 7 août 2020Google Threat Analysis Group took down ten influence operations in Q2 2020
Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report, a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Google revealed to have taken down ten coordinated operations in Q2 2020 (between April and June 20 … - 6 août 2020Netwalker ransomware operators claim to have stolen data from Forsee Power
Netwalker ransomware operators breached the networks of Forsee Power, a well-known player in the electromobility market. A new company has been added to the list of the victims of the Netwalker ransomware operators, it is Forsee Power, which provides advanced lithium-ion battery systems for any mobility application. The industrial group is based in France and in the US USA, it is one of the market … - 6 août 2020FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life
The FBI warned private industry partners of risks impacting companies running Windows 7 after the Microsoft OS reached the end of life on January 14. The Federal Bureau of Investigation is warning companies running Windows 7 systems of the greater risk of getting hacked because the Microsoft OS has reached the end of life on January 14. Early this week, the FBI has sent a private industry notifica … - 6 août 2020Hackers can abuse Microsoft Teams updater to deliver malicious payloads
Threat actors can abuse Microsoft Teams updater to retrieve and execute malicious code from a remote location. Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. The bad news is that the issue could not be easily addressed because it is a design f … - 5 août 2020Cyber Defense Magazine – August 2020 has arrived. Enjoy it!
Cyber Defense Magazine august 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 147 pages of excellent content. OVER 145 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.CLICK THIS F … - 5 août 2020NSA releases a guide to reduce location tracking risks
The United States National Security Agency (NSA) is warning of risks posed by location services for staff who work in defence or national security. The United States National Security Agency (NSA) published a new guide to warn of the risks posed by location services for staff who work in defence or national security. The guide, titled “Limiting Location Data Exposure” warn of geolocation features … - 5 août 2020Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers
ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threa … - 5 août 2020Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product
Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product. Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilit …
The Hackers News
- 7 août 2020Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that … - 7 août 2020Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. « The idea is simple and consists of using characters that look the same in order to dupe users, » Malwarebytes … - 7 août 2020How COVID-19 Has Changed Business Cybersecurity Priorities Forever
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the … - 7 août 2020Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to ‘prefetching effect,’ resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and … - 5 août 2020Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP … - 5 août 2020Case Study: How Incident Response Companies Choose IR Tools
Many companies today have developed a Cybersecurity Incident Response (IR) plan. It’s a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while frantically responding to the incident, a recipe ripe for mistakes. Heavyweight boxer Mike Tyson once … - 5 août 2020Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user’s iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple’s implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to … - 4 août 2020US Government Warns of a New Strain of Chinese 'Taidoor' Virus
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China’s state-sponsored hackers targeting governments, corporations, and think tanks. Named « Taidoor, » the malware has done an ‘excellent’ job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access. « [The] FBI has … - 1 août 202017-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested
A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam. According to the U.S. Department of Justice, Mason Sheppard, aka « Chaewon, » 19, from the United Kingdom, Nima Fazeli, aka « Rolex, » … - 31 juillet 2020EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI
The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud …
Dark Reading
- 7 août 2020Researcher Finds New Office Macro Attacks for MacOS
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through. - 7 août 2020BEC Campaigns Target Financial Execs via Office 365
A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada. - 7 août 2020IoT Security During COVID-19: What We've Learned & Where We're Going
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists. - 7 août 2020Getting to the Root: How Researchers Identify Zero-Days in the Wild
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it. - 7 août 2020Researchers Create New Framework to Evaluate User Security Awareness
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats. - 6 août 2020A Mix of Optimism and Pessimism for Security of the 2020 Election
DHS CISA’s Christopher Krebs and Georgetown University’s Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November’s election. - 6 août 2020Dark Reading Video News Desk Returns to Black Hat
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world …! - 6 août 2020Where Dark Reading Goes Next
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it. - 6 août 2020On 'Invisible Salamanders' and Insecure Messages
Cornell researcher Paul Grubbs discusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages. - 6 août 2020Exploiting Google Cloud Platform With Ease
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
WeLiveSecurity
- 6 août 2020Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought The post Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping appeared first on WeLiveSecurity … - 6 août 2020Blackbaud data breach: What you should know
Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider
The post Blackbaud data breach: What you should know appeared first on WeLiveSecurity
- 5 août 2020NSA shares advice on how to limit location tracking
The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared
The post NSA shares advice on how to limit location tracking appeared first on WeLiveSecurity
- 4 août 2020FBI warns of surge in online shopping scams
In one scheme, shoppers ordering gadgets or gym equipment are in for a rude surprise – they receive disposable face masks instead
The post FBI warns of surge in online shopping scams appeared first on WeLiveSecurity
- 3 août 2020How much is your personal data worth on the dark web?
The going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks
The post How much is your personal data worth on the dark web? appeared first on WeLiveSecurity
Threatpost
- 7 août 2020Hackers Dump 20GB of Intel’s Confidential Data Online
Chipmaker investigates a leak of intellectual property from its partner and customer resource center. - 7 août 2020Augmenting AWS Security Controls
Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches. - 7 août 2020Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
An inside look at how nation-states use social media to influence, confuse and divide — and why cybersecurity researchers should be involved. - 6 août 2020Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed. - 6 août 2020Canon Admits Ransomware Attack in Employee Note, Report
The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.
E Hacking News | Latest Hacker News and IT Security News
- 7 août 2020A resurgence in DDoS Attacks amidst Global COVID-19 lockdowns
Findings of Link11’s Security Operations Center (LSOC) uncovered a 97% increase in the number of attacks for the months of April, May, and June in 2020 when compared with the attacks during the same period in the previous year, with an increment of 108% in May 2020.The annual report incorporates the data which indicated that the recurrence of DDoS attacks relied upon the day of the week and time, … - 7 août 2020A hack that fools Face Recognition AI into false identification
Face recognition AI is increasingly being used at Airports and at other security outlets, especially during a pandemic to heed to proper security measures of identifying people while maintaining social distancing but a recent discovery by McAfee, a cybersecurity firm has proved that these Face Recognition systems are not all that perfect.Researchers at McAfee tested a face recognition system simil … - 7 août 2020Russian experts warned about the dangers of watching movies on pirate sites
It is noted that hackers use streaming platforms, TV series and movies to distribute advertising and malware. They can add them to files with the names of popular shows, or use well-known brands to conduct phishing attacks, said Dmitry Galov, a cybersecurity expert at Kaspersky Lab. »Among the malware there are various Trojans that allow, for example, to delete or block data, or steal passwor … - 6 août 2020Number of fake delivery services increased in Russia
Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites. Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.The expert noted that the peak of … - 5 août 2020Here's All you Need to Know About Instagram Reels; Launched Globally in Over 50 Countries
As TikTok fell prey to extensive criticism and was labeled as a ‘threat to security’ by governments, resulting in the banning of the popular video-sharing platform, the creators have long ago started weighing what’s next! In the wake of TikTok’s future succumbing to uncertainties, Instagram has rolled out a new feature ‘Reels’, that appear to be in direct competition with what TikTok had to offer. …
TechWorm
- 6 août 2020Canon Hit By Maze Ransomware Attack, 10TB Of Data Allegedly Stolen
Canon, the Japanese camera giant, recently fell victim to a ransomware attack where over 10TB of photos, videos, and other data were stolen across multiple devices. The attack affected the company’s storage and email services, Microsoft Teams, as well as the U.S. version of its website. Following the incident, Canon’s IT service sent a company-wide notification indicating that it is experiencing … - 6 août 2020Pakistani News Channel Broadcast Hacked To Show Indian National Flag
Pakistan TV news channel, Dawn, was reportedly hacked on Sunday with an Indian tricolour waving on the channel’s screen while it was running an advertisement. Besides the Indian tricolour flag, it also displayed a ‘Happy Independence Day’ message on the screen. According to media reports, the message appeared on the news channel in Pakistan at 3.30 pm on August 2. It is known th … - 25 juillet 2020CarryMinati’s YouTube Channel Hacked To Stream Bitcoin Scam
Popular Indian roaster and streamer on YouTube, Ajey Nagar, aka CarryMinati is the latest victim of the ongoing BitCoin hack scandal. The hack happened on the second channel of CarryMinati, which goes by the name of CarryisLive, where he streams himself playing video games, often with other YouTubers and celebrities. Just a week ago in a similar incident, Twitter accounts of several renowned celeb … - 25 juillet 2020Hackers Are Making ATMs Spit All Cash Using Stolen Proprietary Software
Cybercriminals have found a new way of “jackpotting” ATMs that is forcing the machines to “spit out” cash in several European countries, warned Diebold Nixdorf, the world’s largest ATM manufacturer. For those unaware, Diebold is one of the top players in the ATM market, which earned $3.3 billion in sales, which includes both selling and servicing machines globally, from its ATM business last … - 18 juillet 2020Iran-Linked Hackers Accidentally Exposed 40GB of Their Training Videos Online
Security researchers at IBM X-Force Incident Response Intelligence Services (IRIS) have obtained roughly 40GB of videos and other files belonging to a top Iranian hacking group. The data trove discovered by IBM X-Force IRIS researchers contained roughly five hours of video training that appears to have been recorded directly from the screens of hackers working for a state-sponsored group that it …
GBHackers On Security
- 7 août 2020EtherOops – A New Attack Let Hackers Exploit a Bug in Ethernet Cables to Bypass Firewall and NATs
Researchers unveiled a very new method that helps to exploit a vulnerability in Ethernet cables to bypass firewalls and NATs. Earlier, this exploitation is considered as non-exploitable; but, now the weakness was named as Etheroops. This vulnerability works only if the targeted system network includes faulty Ethernet cables on the path from attackers to the […] The post EtherOops – A … - 6 août 2020Lesser-Known Ways to Improve Your Website Security From Cyber Attacks
In many cases, the simplest solutions are the best ones as well. However, when it comes to protecting your website from unauthorized access, you may want to go several steps further. Apart from tier-1 precautions like keeping your software up to date and strengthening your password, here are the four solutions that most webmasters might […] The post Lesser-Known Ways to Improve Your Website … - 6 août 2020US GOV Exposes Chinese Espionage Malware “TAIDOOR” Secretly Used To For a Decade
Recently, the U.S. government exposed Chinese surveillance malware “TAIDOOR” that are secretly used by the Chinese government for a decade. There has been a joint notice on TAIDOOR that has been revealed by the cybersecurity department of Homeland security (DHS) and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI) and the Department of […] The pos … - 6 août 2020Hackers Abuse Windows Feature To Launch WastedLocker Ransomware to Evade Detection
Recently one of the most dangerous ransomware, WastedLocker, owes its success to a unique bypass mechanism for security solutions and tools that block ransomware. Initially, WastedLocker appeared this year in May, and it’s a part of the arsenal of the famous cybercriminal group Evil Corp, which is also known as Dridex. It was used in […] The post Hackers Abuse Windows Feature To Launch … - 5 août 2020Macro Pack – Automatize Obfuscation and Generation of Malicious Office Documents
Malware delivery trends change every day. For the last few years, we have observed various hacker groups like ( APT12 to Turla ) uses various techniques to deliver malware on the system or network. One of the best technique hackers groups used is to write malicious code and obfuscate it and embed with Office documents […] The post Macro Pack – Automatize Obfuscation and Generation of M …
Cyber Defense Magazine
- 5 août 2020Reading the 2020 Cost of a Data Breach Report
2020 Cost of a Data Breach Report: the global total cost of a data breach averaged $3.86 million in 2020, down about 1.5% from the 2019 study. Every year, I write about the annual report published by the Ponemon Institute on the cost of a data breach, it is a very interesting study that explores the […] The post Reading the 2020 Cost of a Data Breach Report appeared first on Cyber Defense Ma … - 5 août 2020Security by Design: How to Protect the Future of Business
By Jim Zuffoletti, CEO & co-founder of SafeGuard Cyber Estimates suggest that by 2021, cybercrime will cost the world $6 trillion every year. This will constitute “the greatest transfer of economic wealth in history,” making cybercrime “more profitable than the global trade of all major illegal drugs combined.” Too many enterprises fail to protect themselves […] The post Security by Desi … - 4 août 2020The Black Unicorn Report for 2020 – A MUST READ!
In the venture capital industry, a unicorn refers to any tech startup company that reaches a $1 billion-dollar market value as determined by private or public investment. The term was originally coined in 2013 by venture capitalist Aileen Lee, choosing the mythical animal to represent the statistical rarity of such successful ventures. Last year, CB […] The post The Black Unicorn Report for … - 4 août 2020BlackHat USA 2020 – Hot Virtual Vegas Hacker Happenings…
Point3 Security “Virtual Vegas” Sessions Feature Topics Such as the Human Brain and Cybersecurity, Reverse Engineering Malware, and Pros & Cons of The NICE Security Workforce Frameworks Point3 Security, leaders in advanced training of cybersecurity professionals through gamified challenges, will conduct several “Virtual Vegas” cybersecurity sessions on August 4-6, 2020, to serve cybersecurity … - 4 août 2020FBI issued a flash alert about Netwalker ransomware attacks
The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. and foreign government organizations. The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices. The flash […] Th …
blackMORE Ops
- 23 avril 2020Accessing ESXi console screen from an SSH session
I’ve had this issue many times where Firewall ports to iDrac, iLo or RSA were not open and I couldn’t access VMWare ESXi host’s setup screen (the yellow screen!) to change configuration or even restart it. In every cases, I had SSH access to the ESXi host but then I just couldn’t remember what command … The post Accessing ESXi console screen from an SSH session appear … - 23 avril 2020Accessing the RAID setup on an HP Proliant DL380 G7
When the HP Proliant DL380 G7 boots up the only displayed BIOS options are F9 for Setup, F11 for the boot disk menu, but neither other these take you to the RAID setup. To get to the RAID setup options, when the screen appears showing the F9 and F11 options press F8 every second or … The post Accessing the RAID setup on an HP Proliant DL380 G7 appeared first on blackMORE Ops. … - 7 octobre 2019Change IP address in packet capture file (faking IP)
I’m sure you bumped into situations where you needed to fake IP address in a capture file. This maybe required when you’re trying to send the capture file to someone that you don’t really share your real IP’s with or you just want to change cause you can. If you’ve tried this and looked around the interwebs, you’d surely know that there’s not many guides available and most people would just tell c … - 25 septembre 2019SamSam Ransomware
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In a … - 24 septembre 2019New Exploits for Unsecure SAP Systems
A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit …
Hacker Ritz
- 11 janvier 2019New Wifi Hack Method, Easy and Workable on WPA/WPA2 Securities.
Looking for how to hack WiFi password OR WiFi hacking software?Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols wit … - 7 janvier 2019Bitcoin And Cryptocurrency Litigation : A Game Of Future
Bitcoin and other cryptocurrencies are gaining more attention as days pass. Aside from the advantages that cryptocurrencies have like anonymity and easy international transactions, people are enticed by the fact that it can become a good investment. Apart from trading bitcoins for cash, you can also use bitcoins to buy gift cards, book flights, and hotels, buy furnitu … - 20 novembre 2018 Facebook Bug Could Have Exposed Your Private Information
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk.Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered … - 20 novembre 2018Instagram Bug : Passwords are in Plain Text
Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.The company recently started notifying affected users of a security bug that resides in a newly offered feature called « Download Your Data » that allows users to download a copy of their data shared on the social media platform, including photos, comments, p … - 19 mai 2018Inside one of the largest hacking conferences in Russia
Inside one of the largest hacking conferences in RussiaABC NewsWATCHHackers put their skills on display in Moscow conferenceEmailHundreds of aspiring hackers in Moscow faced off against one another earliest this week in different challenges.The event, called Positive Hack Days, is organized by the cybersecurity firm Positive Technologies. More than 4,000 people attended the cybersecurity conferenc …