Hackers

Retour à Sécurité

Security Affairs

    • Zero-day vulnerability in Oracle WebLogic 24 avril 2019
      Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. New Oracle #WebLogic #RCE #Deserialization 0-day Vulnerability. No vendor fix yet! Speak to @waratek for guaranteed active protection ag …

    • Stuart City is the new victim of the Ryuk Ransomware 24 avril 2019
      Another city fell victim of a malware attack, systems at the city of Stuart, Fla., were infected by the Ryuk ransomware on April 13, 2018. Law enforcement is investigating a ransomware attack that hit the City of Stuart on April 13, 2018. The Ryuk malware infected several servers and forced them offline. “City officials on Wednesday confirmed a computer virus that infected servers over the w …

    • The Russian Shadow in Eastern Europe: Gamaredon ‘s Ukrainian MOD Campaign 24 avril 2019
      Security researchers at Yoroi-Cybaze ZLab uncovered a new campaign carried out by the Russian state-actor dubbed Gamaredon. Introduction Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. This campaign, instead, seems to be linked to another Russian ha …

    • OilRig APT uses Karkoff malware along with DNSpionage in recent attacks 24 avril 2019
      Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns.Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. The OilRig APT group, the threat actor behind the DNSpionage malware campaign, is carrying out a new sophisticated and targeted operation that infect …

    • Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer 24 avril 2019
      Experts at Kaspersky Lab linked the recent supply-chain attack targeted ASUS users to the “ShadowPad” threat actor and the CCleaner incident. Security researchers at Kaspersky Lab linked the recent supply-chain attack that hit ASUS users (tracked as Operation ShadowHammer) to the “ShadowPad” threat actor. Experts also linked the incident to the supply chain attack that targ …

    • Bodybuilding.com forces password reset after a security breach 23 avril 2019
      Bad news for fitness and bodybuilding passionates, the popular online retailer Bodybuilding.com announced that hackers have broken into its systems. The popular online retailer website Bodybuilding.com announced last week that hackers have broken into its systems. The website offers any kind of fitness articles, exercises, workouts, and supplements. The company confirmed it has no evidence that pe …

    • FireEye experts found source code for CARBANAK malware on VirusTotal 23 avril 2019
      Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before. Researchers at FireEye discovered that the Carbanak source code has been available on VirusTotal for two years, but it was not noticed before. The Carbanak gang (aka FIN7, Anunak or Cobalt) stole over a billion euros from banks across the wo …

    • Targeted Attacks hit multiple embassies with Trojanized TeamViewer 23 avril 2019
      CheckPoint firm uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer to target officials in several embassies in Europe. Security experts at CheckPoint uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe. The targeted attacks a …

    • Iran-linked APT34: Analyzing the webmask project 23 avril 2019
      Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten). Thanks to the leaked source code it is now possible to check APT34 implementations and techniques. Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissa …

    • EmCare reveals patient and employee data were hacked 23 avril 2019
      EmCare disclosed that a number of employees’ email accounts had been hacked, potentially exposing personal information of patients and employees.EmCare disclosed that a number of employees’ email accounts had been hacked, potentially exposing personal information of patients and employees. US healthcare firm EmCare Inc disclosed that a number of employees’ email accounts had been …

The Hackers News

    • Congress Asks Google 10 Questions On Its Location Tracking Database 24 avril 2019
      U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a « geofence » warrant, authorities obtain location history of all devices from Google’s Sensorvault database …

    • Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course 24 avril 2019
      The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited. It’s a lucrative career, and anyone can find work …

    • 'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy 24 avril 2019
      The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims’ computers with DNSpionage—a custom remote administrative …

    • Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress 23 avril 2019
      Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social …

    • Source Code for CARBANAK Banking Malware Found On VirusTotal 23 avril 2019
      Security researchers have discovered the full source code of the Carbanak malware—yes, this time it’s for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks against banks, financial institutions, hospitals, and restaurants. In July last year, there was a …

    • Hacker Breaks Into French Government's New Secure Messaging App 19 avril 2019
      A white-hat hacker found a way to get into the French government’s newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities. Dubbed « Tchap, » the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials, …

    • Facebook Stored Millions of Instagram Users' Passwords in Plaintext 18 avril 2019
      Facebook late last month revealed that the social media company mistakenly stored passwords for « hundreds of millions » of Facebook users in plaintext, including « tens of thousands » passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. <!– adsense –> Facebook today quietly updated its March press release, adding that the actual number o …

    • Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission 18 avril 2019
      Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users’ email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns …

    • Drupal Releases Core CMS Updates to Patch Several Vulnerabilities 17 avril 2019
      Drupal, the popular open-source content management system, has released security updates to address multiple « moderately critical » vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in …

    • Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform 17 avril 2019
      A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen, allowing users to continuously …

    • Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet 17 avril 2019
      An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy « 88888 88888 » customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the …

    • Google Makes it Tough for Rogue App Developers Get Back on Android Play Store 16 avril 2019
      Even after Google’s security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers’ existing accounts, is enough for ‘bad-faith’ developers to trick the Play Store into distributing unsafe …

    • Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered 16 avril 2019
      A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed Scranos—which was first discovered late last year, still appears to be a work in progress, it is …

    • Google Helps Police Identify Devices Close to Crime Scenes Using Location Data 15 avril 2019
      It’s no secret that Google tracks you everywhere, even when you keep Google’s Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude. According to Google, the company uses this location-tracking …

    • Apache Tomcat Patches Important Remote Code Execution Flaw 16 avril 2019
      The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, …

    • Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts 13 avril 2019
      If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook service. …

    • Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute 12 avril 2019
      Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country’s controversial Data Localization law. It’s bizarre and unbelievable, but true. <!– adsense –> In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that …

    • Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack 13 avril 2019
      Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix’s website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the …

    • Popular Video Editing Software Website Hacked to Spread Banking Trojan 11 avril 2019
      If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once …

    • WikiLeaks Founder Julian Assange Arrested After Ecuador Withdraws Asylum 11 avril 2019
      WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London—that’s almost seven years after he took refuge in the embassy to avoid extradition to Sweden over a sexual assault case. According to a short note released by London’s Metropolitan Police Service, Assange was arrested immediately after the Ecuadorian government today withdraws his political asylum. Assange …

Dark Reading

gHacks

    • Firefox not remembering the last window size? This may fix it! 24 avril 2019
      Some months ago, I started to notice that the Firefox web browser was not remembering its window size when closed and reopened. I usually run Firefox on one half of the screen on a 1920×1080 monitor on a Windows PC. Firefox would open and by doing so, change its window size so that a small gap was left at the bottom of the browser window and the Windows taskbar. While it is easy enough to make the …

    • MoviePrint: create video thumbnail summaries 24 avril 2019
      MoviePrint is a free open source program for Microsoft Windows and Apple Macintosh systems that creates thumbnail summaries of any number of video files. The program is not the first of its kind; we reviewed Video Thumbnail Maker in 2008, ImageGrab in 2010,  Auto Movie Thumbnailer in 2010, and the Macintosh exclusive Thumber in 2008. The first thing that you may notice is that MoviePrint is a huge …

    • Google deprecates Chrome Data Saver extension for the desktop 24 avril 2019
      Google will deprecate the Data Saver extension for desktop versions of the Chrome web browser when the stable version hits version 74; the company renamed Data Saver to Lite mode and decided to make it Android exclusive. The company launched Data Saver in Chrome for Android in an effort to reduce page load time and bandwidth of the Chrome browser. Similarly to Opera Turbo, Data Saver pushed (some) …

    • Chrome 74 Stable is out with Dark Mode and Lazy Loading support 24 avril 2019
      Google released Google Chrome 74 to the Stable channel of the web browser on April 23, 2019. The new version of the web browser is available for all desktop and mobile platforms, and introduces new features such as support for a dark mode. Google Chrome can be updated with a click on Menu > Help > About Google Chrome on the desktop; mobile users on Android need to wait until it is pushed to …

    • Missing Chrome's "Use a Prediction Service" Setting? 23 avril 2019
      If you have upgraded Google Chrome to the newest stable version, version 73, and checked the preferences and settings, you may have noticed that the preference « Use a prediction service to load pages more quickly » is no longer listed under privacy and security. If you set the preference previously, you may wonder if it has been removed from the browser or whether it was moved to another location. …

    • Ghacks Deals: Adguard Premium: Lifetime Subscription (74% off) 23 avril 2019
      Adguard is a popular content blocking solution that runs on Android, Windows, Mac OS X and all major web browsers. Adguard is available as a standard, mobile, and premium version. Standard is limited to Windows and Mac, Mobile to Android, and the Premium edition supports desktop and mobile systems. You get a lifetime subscription for Adguard Premium, and may use it on two computers and two Android …

    • It looks as if Microsoft Paint is not going anywhere anytime soon 23 avril 2019
      Microsoft Paint, the decades-old basic image editor of the Windows operating system won’t go anywhere, anytime soon it appears. Microsoft listed Microsoft Paint, abbreviated as MS Paint, as deprecated in the Fall Creators Update. Deprecated means that Microsoft would not assign any more development resources to Microsoft Paint but that it would still remain a part of the operating system for the f …

    • Skyload: music and video downloader for Chrome and Chromium 23 avril 2019
      Skyload is a free browser extension for Google Chrome and Chromium-based browsers to download music and video files from nearly any site out there. Skyload is available on the Chrome Web Store and Opera Add-ons; it should work in most Chromium-based browsers because of that. The extension requests additional permissions: read your browsing history, display notifications, and manage downloads. Thes …

    • Promo: Social Media image resizing has never been easier 23 avril 2019
      Image Resizer by Promo is a free online service that takes source images or photos and turns them into perfectly sized images for social media. Most social media sites give its users some customization options when it comes to the public user presence on the site and the look and feel of the social media site itself. Facebook users may post page and event covers, upload story pictures, profile ima …

    • Windows 10's Set feature is Dead, it appears 22 avril 2019
      Remember the Sets feature that Microsoft revealed back in 2018 and even included in some Insider Builds back then? That feature seems to be dead and buried even though you find conflicting reports right now on the Internet. Microsoft designed Sets as a way for Windows 10 users to merge multiple application windows into a single window container for easy access. Similarly  to tabbed browsing that y …

blackMORE Ops

    • A .vimrc config file everyone should use 24 avril 2019
      Ever had that issue when you login to a Linux terminal, editing a file and the texts are just blue and you can’t read? I’ve had way too many cause default vim/vi config is just bad. I created a good .vimrc config file. Simply create a file with .vimrc name in home directory a paste … The post A .vimrc config file everyone should use appeared first on blackMORE Ops. …

    • Remove cloud-init from Ubuntu 19 avril 2019
      Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Cloud-init is the defacto multi-distribution package that handles early initialization of … The post Remove cloud-init fro …

    • How to Prevent DOM-based Cross-site Scripting 8 janvier 2019
      There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the OWASP Top 10. Malicious JavaScript … The po …

    • Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown 28 décembre 2018
      On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware implementations are vulnerable to the …

    • How to access Dark Web? 27 décembre 2018
      The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything that is illegal to sell … The post How to access Dark Web? appeared first on blackMORE Ops. …

    • Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
      The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu …

    • Brute Force Attacks Conducted by Cyber Actors 13 décembre 2018
      In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as … The post Brute Force Attacks Conducted …

    • Avoiding Web Application Firewall using Python 21 novembre 2018
      Web application firewalls are usually placed in front of the web server to filter the malicious traffic coming towards server. If you arehired as a penetration tester for some company and they forgot to tell you that they are using web application firewall than you might get into a serious mess. The figure below depicts … The post Avoiding Web Application Firewall using Python appeared first …

    • Targeting websites with Password Reset Poisoning 20 novembre 2018
      Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify …

    • Cyber Actors Target Home and Office Routers and Networked Devices Worldwide 19 novembre 2018
      DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions … Th …