Hackers

Retour à Sécurité

Security Affairs

    • 22 octobre 2019
      German company Pilz, one of the world’s biggest producers of automation tools is still down after getting infected by ransomware more than a week ago. German firm Pilz was still down after getting infected by the BitPaymer ransomware more than a week ago, on October 13, 2019. “Since Sunday, October 13, 2019, all servers and PC workstations, including the company’s communication, have b …

    • Trend Micro Anti-Threat Toolkit could be used to run malware on Win PCs 22 octobre 2019
      A vulnerability in the Trend Micro Anti-Threat Toolkit (ATTK) can be exploited by attackers to run malware on targets’ Windows systems. The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit. Trend Micro ATTK allows analyzing malware issues and clean infections …

    • NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches 22 octobre 2019
      NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files.  Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files.  The information belonging to the NordVPN company that was leaked online were stolen fro …

    • Czech Police and Intelligence agency dismantled Russian Spy ring on its soil 21 octobre 2019
      Czech police and intelligence services have identified a Russian espionage network operating having a nerve center in its Prague embassy. Czech police and intelligence services have dismantled a Russian espionage network operating that was operating via its Prague embassy. The officials were helped by peers at the National Organised Crime Centre (NCOZ). According to the official, the cyberspies we …

    • Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers 21 octobre 2019
      Security experts have a new malware, dubbed skip-2.0 used by the China-linked APT group to establish a backdoor in Microsoft SQL Server systems. Security experts at ESET have discovered a new malware, dubbed skip-2.0, used by the Chinese Winnti cyberespionage group to gain persistence on Microsoft SQL Server systems. The Winnti group was first spotted by Kaspersky in 2013, according to the researc …

    • Avast internal network breached for the second time by sophisticated hackers 21 octobre 2019
      The popular security firm Avast disclosed today a security breach that impacted its internal network accessed via a compromised VPN profile. The security firm Avast disclosed today a security breach that impacted its internal network, according to a statement published by the company, the intent of the hackers was to carry out a supply chain attack. It seems that attackers attempted to inject mali …

    • UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers 21 octobre 2019
      A joint UK and US investigation has revealed that the Russian cyber espionage group Turla carried out cyber attacks masqueraded as Iranian hackers. According to the Financial Times, a joint UK and US investigation revealed that Russia-linked cyberespionage group Turla conducted several cyber attacks in more than 35 countries masqueraded as Iranian hackers. The use of false flag operations in cyber …

    • Hackers stole card details from BriansClub carding site 21 octobre 2019
      BriansClub, one of the biggest a dark web “carding store,” which specializes in the sale of stolen payment card data, has been hacked.  Hackers have breached BriansClub (BriansClub[.]at), one of the biggest black market sites, that specializes in the sale of stolen credit card data. According to the security experts Brian Krebs, who first reported the data breach, the hackers stole data of more th …

    • TA505 cybercrime group use SDBbot RAT in recent campaigns 20 octobre 2019
      TA505 cybercrime group that operated the Dridex Trojan and Locky ransomware, has been using a new RAT dubbed SDBbot in recent attacks. Security experts at Proofpoint observed the notorious TA505 cybercrime group that has been using a new RAT dubbed SDBbot in recent attacks. The TA505 group, that is known to have operated both the Dridex and Locky malware families, continues to make small changes t …

    • Security Affairs newsletter Round 236 20 octobre 2019
      A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns Alabama Hospital chain paid ransom to resume operations after …

The Hackers News

    • Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure 22 octobre 2019
      Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks. Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software …

    • Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild 22 octobre 2019
      Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version …

    • NordVPN Breach FAQ – What Happened and What's At Stake? 22 octobre 2019
      NordVPN, one of the most popular and widely used VPN services out there, yesterday disclosed details of a security incident that apparently compromised one of its thousands of servers based in Finland. Earlier this week, a security researcher on Twitter disclosed that « NordVPN was compromised at some point, » alleging that unknown attackers stole private encryption keys used to protect VPN …

    • Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software 18 octobre 2019
      Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it’s American voting machines during the 2016 presidential election or India’s EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to …

    • Chrome for Android Enables Site Isolation Security Feature for All Sites with Login 17 octobre 2019
      After enabling ‘Site Isolation’ security feature in Chrome for desktops last year, Google has now finally introduced ‘the extra line of defence’ for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed …

    • Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested 17 octobre 2019
      The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal officials have arrested the administrator of the child sexual abuse site, 23-year-old Jong Woo Son of …

    • A Comprehensive Guide On How to Protect Your Websites From Hackers 17 octobre 2019
      Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural …

    • Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers 17 octobre 2019
      A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that …

    • Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps 16 octobre 2019
      Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched « Data Abuse Bounty » program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users’ …

    • Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products 15 octobre 2019
      No, it’s not a patch Tuesday. It’s the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe …

    • Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks 15 octobre 2019
      In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in « about: pages » that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed …

    • Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template 15 octobre 2019
      Security incidents occur. It’s not a matter of ‘if’ but of ‘when.’ There are security products and procedures that were implemented to optimize the IR process, so from the ‘security-professional’ angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more …

    • Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted 17 octobre 2019
      Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a …

    • Apple Under Fire Over Sending Some Users Browsing Data to China's Tencent 15 octobre 2019
      Do you know Apple is sending iOS web browsing related data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently …

    • SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks 12 octobre 2019
      Until now, I’m sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name « SimJacker » has been given to a class of vulnerabilities that resides due to a lack of authentication and …

    • UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked 11 octobre 2019
      A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting « /etc/passwd » file in a publicly available source tree of historian BSD version 3, …

    • Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks 10 octobre 2019
      Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple’s iTunes and iCloud software for Windows to evade antivirus detection. The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network …

    • New Comic Videos Take CISO/Security Vendor Relationship to the Extreme 10 octobre 2019
      Today’s CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against …

    • 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App 9 octobre 2019
      A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac’s built-in terminal app. Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity …

    • Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy 9 octobre 2019
      There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and financial information of virtually all citizens of Ecuador – around 20 million people. These are …

Dark Reading

gHacks

    • Opera 54 for Android: new theme, Bitcoin support 22 octobre 2019
      Opera Software released a new version of the company’s main web browser for Google’s Android operating system on October 22, 2019. The new Opera 54 web browser features a new theme and comes with support for Bitcoin and TRON virtual currencies among other new features. The update is already pushed via Google Play at the time of writing. Opera users may check the Apps and Games section on Google Pl …

    • Ghacks Deals: The 2019 Ethical Hacker Master Class Bundle (99% off) 22 octobre 2019
      The 2019 Ethical Hacker Master Class Bundle is a big eLearning course bundle that is all about teaching you various hacking and forensics skills. It includes several certification prep courses next to that and is available for just $39 at the time of writing (you can get another 40% off of that by using the code 40LEARN40 during checkout. Ethical Hacker Training — Explore Common Hacking Attacks …

    • Firefox 70.0 release information 22 octobre 2019
      Firefox 70.0 is the new stable version of the Firefox web browser as of October 22, 2019. Mozilla releases updates for all channels of the Firefox web browser at the same time; this means that besides Firefox 70, Firefox Beta and Dev are upgraded to version 71 and Firefox Nightly is upgraded to version 72. Firefox ESR versions can only be upgraded to Firefox ESR 68.2 as the 60.x branch is no longe …

    • Play local multiplayer games on Steam over the Internet with Remote Play Together 22 octobre 2019
      Remote Play Together is a new feature of the Steam gaming client that unlocks capabilities to play local multiplayer games with friends over the Internet. Valve Software launched Remote Play Together in the latest Steam Beta yesterday and any Steam customer who is using the beta client may take it for a test ride. Non-beta users may opt-in to beta releases to test this right away or wait until Rem …

    • Intel Graphics Drivers for Windows 10 1909 released and here's what's new 21 octobre 2019
      Intel updated its Graphics Driver for Windows this week; it is the first driver that is officially compatible with Microsoft’s soon-to-be-released Windows 10 version 1909 that is expected to be released in November 2019. The version number of the DCH drivers are 26.20.100.7323, and downloads are provided on Intel’s driver download site already. What’s new in this version? The drivers add support Y …

    • How to list all installed third-party drivers on Windows PCs 21 octobre 2019
      Drivers play an important part in Windows as they add certain capabilities or support for certain hardware devices to the operating system. Windows operating systems come with a set of default drivers that ensure that things work reasonably well and don’t require users to install numerous drivers manually before components like video or sound cards, wireless network adapters, or drives function pr …

    • Disney+ does not work on Linux devices 21 octobre 2019
      Linux users who plan to subscribe to Disney’s Disney+ video streaming service may have a rude awakening when they are greeted with Error Code 83 when trying to play any TV show or movie offered by Disney+ on Linux devices. Fedora Linux package maintainer Hans De Goede from the Netherlands decided to try out Disney+ as the service launched recently in some regions including in the Netherlands. Inte …

    • Opera Software tests Cloudflare DNS over HTTPS in Opera 65 21 octobre 2019
      Opera Software released a new beta version of the company’s Opera web browser on October 17, 2019 to the public. Opera 65 Beta includes support for DNS over HTTPS (DoH), a privacy and security feature that encrypts DNS traffic to prevent spying and common attacks such as spoofing or pharming. Opera 65 Beta is already available. Existing Beta installation should receive the new version automaticall …

    • Mozilla working on native Firefox translation feature 20 octobre 2019
      Mozilla is working on integrating a native translation feature in the organization’s Firefox web browser that does not rely on cloud services. One of the advantages that the Chrome browser has over Firefox is that it comes with integrated translate functionality. Mozilla did work on translation features in Firefox and integrated several services, including Yandex Translate and Google Translate in …

    • Windows Update Manager wumgr 1.0 released 19 octobre 2019
      The developer of the Windows Update Manager wumgr has released version 1.0 of the application for Microsoft’s Windows operating system. The release is the first program update in 2019 and an indication that development of the software program is still ongoing. We reviewed the Update Manager for Windows wumgr back in October 2018 and concluded that it was a useful program that system administrators …

blackMORE Ops

    • Change IP address in packet capture file (faking IP) 7 octobre 2019
      I’m sure you bumped into situations where you needed to fake IP address in a capture file. This maybe required when you’re trying to send the capture file to someone that you don’t really share your real IP’s with or you just want to change cause you can. If you’ve tried this and looked around the interwebs, you’d surely know that there’s not many guides available and most people would just tell c …

    • SamSam Ransomware 25 septembre 2019
      The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In a …

    • New Exploits for Unsecure SAP Systems 24 septembre 2019
      A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit …

    • Microsoft Operating Systems BlueKeep Vulnerability 22 septembre 2019
      The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: The post Microsoft Operating Systems BlueKeep Vulnerability appeared first on blackMORE Ops. …

    • A .vimrc config file everyone should use 24 avril 2019
      Ever had that issue when you login to a Linux terminal, editing a file and the texts are just blue and you can’t read? I’ve had way too many cause default vim/vi config is just bad. I created a good .vimrc config file. Simply create a file with .vimrc name in home directory a paste … The post A .vimrc config file everyone should use appeared first on blackMORE Ops. …

    • Remove cloud-init from Ubuntu 19 avril 2019
      Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Cloud-init is the defacto multi-distribution package that handles early initialization of … The post Remove cloud-init fro …

    • How to Prevent DOM-based Cross-site Scripting 8 janvier 2019
      There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the OWASP Top 10. Malicious JavaScript … The po …

    • Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown 28 décembre 2018
      On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware implementations are vulnerable to the …

    • How to access Dark Web? 27 décembre 2018
      The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything that is illegal to sell … The post How to access Dark Web? appeared first on blackMORE Ops. …

    • Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
      The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu …