Recent Cyber News Feed Spot
Welcome to our Recent Cyber News Feed:
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Investment Scammer John Davies Reinvents Himself? John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish…
Malicious Office 365 Apps Are the Ultimate InsidersPhishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of…
The Wages of Password Re-use: Your Money or Your LifeWhen normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom.
Task Force Seeks to Disrupt Ransomware PaymentsSome of the world's top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.
Experian API Exposed Credit Scores of Most AmericansBig-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he…
Experian’s Credit Freeze Security is Still a JokeIn 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer's request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian's website, and it reminded…
Hacks
Microsoft warns of a large-scale BEC campaign to make gift card scam Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI’s Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business…
Russia-linked APT29 group changes TTPs following April advisories The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The…
19 petabytes of data exposed across 29,000+ unprotected databases CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data,…
[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around…
VMware addresses critical RCE in vRealize Business for Cloud VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to…
Connecting the Bots – Hancitor fuels Cuba Ransomware Operations The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker…
Possible attacks on the TCP/IP protocol stack and countermeasures Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. Excluding in this discussion threats due to natural disasters, we can classify…
Windows Moriya rootkit used in highly targeted attacks Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been…
Qualcomm bug impacts about 30% of all smartphones A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm Mobile Station Modem that can be exploited by attackers to trigger memory corruption and execute arbitrary code on the…
Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from…
A taste of the latest release of QakBot A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using…
Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could…
UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malwareA new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization…
Cyber Defense Magazine – May 2021 has arrived. Enjoy it!Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 90 pages of excellent content. Cyber Defense Magazine May 2021 OVER 90+ PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.CLICK HERE AND…
Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure ManagerResearchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer’s cloud infrastructure. “A security vulnerability…
Hacker's Den
How North Korean APT Kimsuky Is Evolving Its Tactics Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
Most Important Security Tools and Resources For Security Researchers and Malware Analyst Security Professionals always need to learn many tools, techniques, and concepts to analyze sophisticated Threats and current cyber attacks. Here we are going to see some of the most important tools, books, Resources which is mainly using for Malware Analysis and Reverse Engineering. Also Read – Become Master in Cyber Security with Complete Advance Level…
TsuNAME – DNS Bug That Allow Hackers to DDoS Authoritative DNS Servers Researchers encountered a new vulnerability named “TsuNAME” in DNS Servers that allows attackers to exploit DDoS authoritative DNS servers. The TsuNAME bug specifically affects the DNS resolvers that lead to exploiting the authoritative servers due to recursive resolvers by sending an extremely large amount of queries to the targeted authoritative servers. The recursive resolver is…
New Financially Motivated UNC2529 Hacking Group Targets U.S. Organizations with 3 Malware The cybersecurity researchers of FireEye’s cybersecurity team at Mandiant have recently proclaimed that the phishing campaign, which mopped across financial, communications, medical, and other organizations around the world in December in two waves was based on completely new strains of malware. In this campaign, the attackers targeted and attacked 50 well-known organizations from an extensive…
Troy Hunt: Organizations Make Security Choices Tough for Users The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
New Techniques Emerge for Abusing Windows Services to Gain System Control Organizations should apply principles of least privilege to mitigate threats, security researcher says.
CISA Publishes Analysis on New 'FiveHands' Ransomware Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
Cloud-Native Businesses Struggle With Security More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
Hundreds of Millions of Dell Systems Vulnerable to Hack Due to Driver Bug The cybersecurity researchers have detected a set of five high-severity flaws in hundred of millions of Dell’s firmware update. The set of Five high-severity flaws is affecting Dell computers, laptops, notebooks, and tablets. The security researchers at SentinelOne’s SentinelLabs declared in their report that Dell has published hundreds of millions of Windows devices throughout the…
Most Important Web Server Penetration Testing Checklist Web server pentesting performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities. 1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities. 2. …
Attackers Seek New Strategies to Improve Macros' Effectiveness The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
DoD Lets Researchers Target All Publicly Accessible Info Systems The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
Wanted: The (Elusive) Cybersecurity 'All-Star' Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
40+ Apps With More Than 100 Million Downloads Exposing AWS API Keys The cybersecurity researchers from CloudSEK has recently discovered more than 40 apps which has nearly 100 million downloads, are continuously targeting the AWS API keys. Amazon Web Services (AWS) is generally known for its cloud computing platform for enterprises, small businesses, and not only that even it also deals with the government bodies around the…
ID TheftCyber AttacksCyber NewsCyber Attack and HacksCyber Defense- Microsoft warns of a large-scale BEC campaign to make gift card scam Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI’s Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business…
- Russia-linked APT29 group changes TTPs following April advisories The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The…
- 19 petabytes of data exposed across 29,000+ unprotected databases CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data,…
- [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around…
- VMware addresses critical RCE in vRealize Business for Cloud VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to…
- Connecting the Bots – Hancitor fuels Cuba Ransomware Operations The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker…
- Possible attacks on the TCP/IP protocol stack and countermeasures Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. Excluding in this discussion threats due to natural disasters, we can classify…
- Windows Moriya rootkit used in highly targeted attacks Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been…
- Qualcomm bug impacts about 30% of all smartphones A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm Mobile Station Modem that can be exploited by attackers to trigger memory corruption and execute arbitrary code on the…
- Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from…
- A taste of the latest release of QakBot A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using…
- Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could…
- UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malwareA new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization…
- Cyber Defense Magazine – May 2021 has arrived. Enjoy it!Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 90 pages of excellent content. Cyber Defense Magazine May 2021 OVER 90+ PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.CLICK HERE AND…
- Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure ManagerResearchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer’s cloud infrastructure. “A security vulnerability…
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Hacks
Hacker's Den
ID Theft
Cyber Attacks
Cyber News
Cyber Attack and Hacks
Cyber Defense