Hackers

Retour à Sécurité

Security Affairs

    • Microsoft Edge will warn users if their credentials have been compromised 31 mars 2020
      Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach. “Today, we’re announcing Password Monitor in …

    • Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware 30 mars 2020
      Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and normal users. Zoom has over 74 …

    • Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak 30 mars 2020
      The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot, that focus on government …

    • Voter information for 4,934,863 Georgians leaked online 30 mars 2020
      Voter information for 4,934,863 Georgians has been published on a hacker forum over the weekend. According to the data breach notification service Under the Breach, on Saturday a file containing voter information for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum. Georgia has 3.7 million citizens, but the voting population is around one thi …

    • Your colleague was infected with Coronavirus, this is the latest phishing lure 30 mars 2020
      Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested. Threat actors attempt to …

    • Source code of Dharma ransomware now surfacing on public hacking forums 29 mars 2020
      The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware, is up for sale on two Russian-language hacking forums. The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis. The CrySis ransomware …

    • Coronavirus-themed attacks March 22 – March 28, 2020 29 mars 2020
      In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 22 to March 28, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 23 – COVID19-themed campaign delivers a new variant of Netwalker Ransomwa …

    • Security Affairs newsletter Round 257 29 mars 2020
      A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Coronavirus-themed attacks March 15 – March 21, 2020 Google addresses high severity bugs in Chrome Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records 538 Mill …

    • FIN7 hackers target enterprises with weaponized USB drives via USPS 29 mars 2020
      The FIN7 APT group has been targeting businesses with malicious USB drives and Teddy Bears sent to the victims, the FBI warns. The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged into a computer. “Recently, the cybercriminal group FIN7,1 known for targeting such businesses th …

    • Critical buffer overflow in CODESYS allows remote code execution 28 mars 2020
      Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbitrary code. CODESYS is a software platform, …

The Hackers News

    • AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak 30 mars 2020
      These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without much preparation. As these businesses move digital, cyber threats are more real than ever. Every day we are hearing news about hackers taking …

    • COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware 30 mars 2020
      As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake « Zoom » domains and malicious « Zoom » executable files in an attempt to trick people into downloading malware on their devices. According to a report published by Check …

    • Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks 29 mars 2020
      Cybersecurity researchers with Qihoo 360’s NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities (CVE-2020-8515) affecting DrayTek Vigor …

    • Hackers Used Local News Sites to Install Spyware On iPhones 27 mars 2020
      A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the « Operation Poisoned News » attack leverages a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites, which …

    • Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak 27 mars 2020
      Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, …

    • TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services 25 mars 2020
      The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called « TrickMo » by IBM X-Force researchers, is under active development and has exclusively targeted German users …

    • Critical RCE Bug Affects Millions of OpenWrt-based Network Devices 24 mars 2020
      A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the …

    • How to Provide Remote Incident Response During the Coronavirus Times 24 mars 2020
      While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers’ offices is …

    • Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme 25 mars 2020
      More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed « Tekya, » the malware in the apps imitated users’ actions to click ads from advertising networks such as Google’s AdMob, AppLovin’, …

    • Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions 23 mars 2020
      Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 …

    • User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption 23 mars 2020
      For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar’s accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key features on Pulsar’s product roadmap. Apache Pulsar is a cloud-native, distributed open source …

    • Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems 21 mars 2020
      Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360’s Netlab team, who say different attack groups have been using LILIN DVR zero-day …

    • Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices 21 mars 2020
      A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called « Mukashi, » the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall …

    • How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats 18 mars 2020
      The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the …

    • Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait 19 mars 2020
      As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own …

    • Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion 18 mars 2020
      Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine …

    • TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks 18 mars 2020
      A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The module, dubbed « rdpScanDll, » was discovered on January 30 and is said to be still in development, said cybersecurity firm …

    • TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach 17 mars 2020
      Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and …

    • Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream 17 mars 2020
      Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in a report shared with The Hacker news, uncovered the digital trail of a Nigerian cybercriminal, who went by the name of …

    • Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million 16 mars 2020
      Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people’s phone numbers via SIM swapping attacks. The law enforcement agencies arrested 12 and 14 people in Spain and Romania, respectively, as part of a joint operation against two different groups of SIM swappers, Europol …

Dark Reading

gHacks

    • Goodbye Office 365! Hello Microsoft 365! 31 mars 2020
      The writing was on the wall for quite some time; Microsoft finally made the announcement that it has launched the new subscription service Microsoft 365 and that it will migrate Office 365 Personal and Home users to the new plans automatically in the coming weeks. The company calls it « the subscription service for your life to help you make the most of your time, connect, and protect the ones you …

    • Microsoft releases out-of-band update for Windows connectivity issues 31 mars 2020
      Microsoft has published out-of-band updates for the Windows connectivity issue that it acknowledged last week-The updates are not available via Windows Update, WSUS or other update management systems at the time of writing but only on the Microsoft Update Catalog website as direct downloads. Last week, Microsoft confirmed a new issue affecting the company’s Windows operating system for all support …

    • Opera 57 for Android: improved offline pages and data saving controls 30 mars 2020
      Opera Software launched a new version of the company’s mobile web browser for Google’s Android operating system today. Opera 57 for Android introduces several improvements and new features including improved data saving controls, options to customize the storage location for offline pages on the device, faster Speed Dial access, and more. The update is available on Google Play already; users who u …

    • Nirsoft's latest tool helps you manage Windows Defender Threats in bulk 30 mars 2020
      WinDefThreatsView is a new freeware tool for Microsoft’s Windows 10 and 8.1 operating systems by Nirsoft that assists administrators in managing threats detected by the operating system’s built-in antivirus protection Windows Defender Antivirus. Windows Defender Antivirus is the default antivirus solution on Windows 10. Users may install third-party security software which may take over but part o …

    • Latest Debotnet Windows 10 Tweaker gets debloating scripts 30 mars 2020
      We have the Windows tweaker Debotnet several times before on Ghacks. It is a relatively new program that was released to the public in 2019 for the first time. Back then, it focused on providing administrators and users with options to improve privacy. The developer has released numerous versions of the application since then and introduced new features, some of them not privacy related but still …

    • Hekapad is a text editor that can encrypt text, has a built-in clipboard and more 29 mars 2020
      Hekapad isn’t your average text editor; it has a few built-in tools that are unique or quirky in their own way. The program’s GUI is fairly simple: a toolbar and a menubar are at the top, and a status bar is visible on the bottom of the screen, and the big blank area is the editor workspace. Hekapad uses tabs to load documents and this allows you to open several documents and switch between them s …

    • Minimize any program to the system tray with MinimizeToTray 28 mars 2020
      Having a bunch of programs opened at the same time can affect your productivity, especially if you’re constantly alt + tabbing between some of those. The taskbar does a better job, but having to locate each program’s icon and switch to may not be easier all the time. Want to minimize some programs to the system tray instead? That’s what MinimizeToTray does. Don’t confuse this program with the popu …

    • Mozilla won't delay Firefox releases (but some features may be delayed) 28 mars 2020
      Mozilla won’t change the schedule of Firefox releases for the moment according to a schedule update published on the official Mozilla Wiki website. Several browser makers, software developers and hardware manufacturers announced recently the postponing of planned releases. Google for example decided to skip Chrome 82 and Microsoft announced that it would focus on delivering security updates for it …

    • 0Patch publishes micropatch to address Windows Font Parsing vulnerability 27 mars 2020
      Microsoft published an advisory about a new font parsing vulnerability in Windows on March 23, 2020. The company rated the vulnerability as critical and said that it was aware of limited targeted attacks exploiting the vulnerability. Microsoft listed several workarounds to mitigate attacks but they all reduced functionality for users in one way or another. Microsoft has yet to release a security p …

blackMORE Ops

    • Change IP address in packet capture file (faking IP) 7 octobre 2019
      I’m sure you bumped into situations where you needed to fake IP address in a capture file. This maybe required when you’re trying to send the capture file to someone that you don’t really share your real IP’s with or you just want to change cause you can. If you’ve tried this and looked around the interwebs, you’d surely know that there’s not many guides available and most people would just tell c …

    • SamSam Ransomware 25 septembre 2019
      The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In a …

    • New Exploits for Unsecure SAP Systems 24 septembre 2019
      A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit …

    • Microsoft Operating Systems BlueKeep Vulnerability 22 septembre 2019
      The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: The post Microsoft Operating Systems BlueKeep Vulnerability appeared first on blackMORE Ops. …

    • A .vimrc config file everyone should use 24 avril 2019
      Ever had that issue when you login to a Linux terminal, editing a file and the texts are just blue and you can’t read? I’ve had way too many cause default vim/vi config is just bad. I created a good .vimrc config file. Simply create a file with .vimrc name in home directory a paste … The post A .vimrc config file everyone should use appeared first on blackMORE Ops. …

    • Remove cloud-init from Ubuntu 19 avril 2019
      Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Cloud-init is the defacto multi-distribution package that handles early initialization of … The post Remove cloud-init fro …

    • How to Prevent DOM-based Cross-site Scripting 8 janvier 2019
      There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the OWASP Top 10. Malicious JavaScript … The po …

    • Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown 28 décembre 2018
      On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware implementations are vulnerable to the …

    • How to access Dark Web? 27 décembre 2018
      The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything that is illegal to sell … The post How to access Dark Web? appeared first on blackMORE Ops. …

    • Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
      The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu …