Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• Ransomware at Colorado IT Provider Affects 100+ Dental Offices A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as…Krebs on SecurityDec 07 2019
• Apple Explains Mysterious iPhone 11 Location Requests KrebsOnSecurity ran a story this week that puzzled over Apple's response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user's location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this…Krebs on SecurityDec 05 2019
• The iPhone 11 Pro’s Location Data PuzzlerOne of the more curious behaviors of Apple's new iPhone 11 Pro is that it intermittently seeks the user's location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company's own…Krebs on SecurityDec 04 2019
• It’s Way Too Easy to Get a .gov Domain NameMany readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and…Krebs on SecurityNov 27 2019
• Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant ChainsOn Nov. 23, one of the cybercrime underground's largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and…Krebs on SecurityNov 26 2019
• Hidden Cam Above Bluetooth Pump SkimmerTiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I'd never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I'm not alone. "I believe…Krebs on SecurityNov 25 2019

Hacks

• Security Affairs newsletter Round 243 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Data of 21 million Mixcloud users available for sale on the dark web Google warned 12K+ users targeted by state-sponsored hackers Twitter account of Huawei Mobile Brazil hacked Clop Ransomware attempts to disable Windows Defender and Malwarebytes Europol…Security Affairs by Pierluigi PaganiniDec 08 2019
• US authorities charged Dridex gang members for stealing over $100 Million US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V. (32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan, and for their involvement in international bank fraud…Security Affairs by Pierluigi PaganiniDec 08 2019
• Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets. According to German media, hackers suspected to be members of the Vietnam-linked APT Ocean Lotus (APT32) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade…Security Affairs by Pierluigi PaganiniDec 07 2019
• Russia-linked Gamaredon group targets Ukraine officials Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon attacks against Ukraine don’t seem to have stopped. In June malware researchers from Cybaze-Yoroi spotted a new suspicious…Security Affairs by Pierluigi PaganiniDec 07 2019
• VMware addresses ESXi issue disclosed at the Tianfu Cup hacking competition VMware has addressed a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition. This week VMware has released security updates that fix a critical remote code execution vulnerability in ESXi that was recently disclosed by white hat hackers at the Tianfu Cup hacking competition in China. The Tianfu…Security Affairs by Pierluigi PaganiniDec 06 2019
• CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel Researchers from the University of New Mexico have discovered a vulnerability, tracked as CVE-2019-14899, that can be exploited by an attacker to determine if a user is connected to a VPN and hijack active TCP…Security Affairs by Pierluigi PaganiniDec 06 2019
• OpenBSD addresses authentication bypass, privilege escalation issues Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs. The three issued could be exploited by local users or malware to…Security Affairs by Pierluigi PaganiniDec 06 2019
• China used the Great Cannon DDoS Tool against forum used by Hong Kong protestorsChina is accused to have used the “Great Cannon” DDoS tool to launch attacks against LIHKG, a forum used by Hong Kong residents to organize protests. The Great Cannon Distributed Denial of Service (DDoS) tool was used again by the Chinese government, this time it was used to target the LIHKG forum used by Hong Kong protesters to…Security Affairs by Pierluigi PaganiniDec 05 2019
• CyrusOne, one of the major US data center provider, hit by ransomware attackRansomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware. The company reported the incident to law…Security Affairs by Pierluigi PaganiniDec 05 2019
• The evolutions of APT28 attacksAnalyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International…Security Affairs by Pierluigi PaganiniDec 05 2019
• Iran-Linked APT groups target energy, industrial sectors with ZeroCleare WiperExperts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted…Security Affairs by Pierluigi PaganiniDec 05 2019
• Two malicious Python libraries were stealing SSH and GPG keysThe Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers.…Security Affairs by Pierluigi PaganiniDec 04 2019
• Mozilla removed 4 Avast and AVG extensions for spying on Firefox usersMozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained…Security Affairs by Pierluigi PaganiniDec 04 2019
• Talos experts found a critical RCE in GoAhead Web ServerExperts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and…Security Affairs by Pierluigi PaganiniDec 04 2019
• A flaw in Microsoft OAuth authentication could lead Azure account takeoverA vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365…Security Affairs by Pierluigi PaganiniDec 03 2019

Hacker's Den

• Russian APT Hackers Group Attack Government & Military Network Using Weaponized Word Documents Researchers discovered a new malicious activity that involved by Russian APT hackers to attack Government and Military officials in Ukrainian entities. The attacker’s targets are not limited but they also infect various individuals who is part of the government and Law enforcement, Journalists, Diplomats, NGO and the Ministry of Foreign Affairs. Researchers believe that the…Hacker's DenDec 08 2019
• Top 3 Categories That Mostly Impact by Cyber Threats & Protection Against Cyber Attack Cybersecurity can be termed as the process of recovering programs, networks, and devices from different types of cyber threats. Over the past few years, cyber threats have evolved drastically and have put different enterprises and organizations into trouble across industries. These cyber-attacks are mainly carried out to extort money from various small and large businesses.…Hacker's DenDec 07 2019
• Infamous Lazarus APT Hackers Group Attack Mac Computers With Fileless Malware A Researcher from K7 Labs observed a new wave of fileless malware distributed by Lazarus APT Hackers Group to infects the MacOS users and delivers the fake cryptocurrency trading application. Infamous Lazarus group involved various cyber-attack that GBHackers reported in the past, and its already targeted several financial organizations around the world using various advanced…Hacker's DenDec 07 2019
• BMW Hacked – OceanLotus APT Hackers Group Penetrate The BMW Networks A well-known APT Hackers group “OceanLotus” breach the automobile giant BMW network, and successfully installed a hacking tool called “Cobalt Strike” which help them to spy and remotely control the system. Security experts from BMW spotted that hackers penetrate the company network system and remain stayed active since March 2019. The OceanLotus APT group believed…Hacker's DenDec 07 2019
• How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC Money meant to fund an Israeli startup wound up directly deposited to the scammers.Hacker's DenDec 06 2019
• Data Center Provider CyrusOne Confirms Ransomware Attack The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.Hacker's DenDec 06 2019
• Senators Call for End to Controversial NSA Program The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.Hacker's DenDec 06 2019
• Facebook Sued Hong Kong Company For Hacking Facebook Users Account Using Malware & Run Malicious Ads Facebook Filed a Lawsuit against the 2 Chinese Nations and Hong kong ad company allegedly hack Facebook user’s accounts to install the malware and use their account for running deceptive ads. ILikeAd, a Hong Kong company, and two Chinese software developers are involved in this malicious practice and creating the malware to compromise the Facebook…Hacker's DenDec 06 2019
• Major U.S. Data Center Provider Hit by Ransomware Attack – CyrusOne Major U.S. data center provider CyrusOne, hit by Sodinokibi ransomware, impacts six of their managed service customers. The Sodinokibi ransomware was first identified on April 17, 2019. The ransomware used to encrypt all the files in the disk except the one listed as the configuration file. REvil (Sodinokibi) ransomware previously hit several service providers, local…Hacker's DenDec 06 2019
• Critical Linux Vulnerability Let Hackers Hijack VPN-Tunneled TCP Connections Researchers from the University of New Mexico uncovered a critical Linux vulnerability that affects most of the Linux distros, allows attack Inferring and hijacking VPN-tunneled TCP connections. The vulnerability also allowed to inject the data into the TCP stream and hijack connections through determining the exact seq and ack numbers by counting encrypted packets and analyse…Hacker's DenDec 06 2019
• Microsoft Defender ATP Brings EDR Capabilities to macOS Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.Hacker's DenDec 05 2019
• Two Malicious Python Packages Steal SSH and GPG Keys Exists in the Python Package Index for a YearThe python security team has removed two malicious python packages that introduced with the Python Package Index (PyPI) aimed to steal SSH and GPG keys from the infected developer projects. PyPI is a python repository that helps to locate and install the software developed and shared by the Python community. It includes Over 113,000 Python…Hacker's DenDec 05 2019
• Wireshark 3.0.7 Released – Fixes for Security Vulnerabilities & Update for BGP, IEEE 802.11, TLS ProtocolsWireshark 3.0.7 released with a number of security updates and fixed several other bugs that reside in the Wireshark components. Wireshark also updated Protocol Support for various protocols such as BGP, HomePlug AV, IEEE 802.11, and TLS. Wireshark is known as the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development,…Hacker's DenDec 05 2019
• Iranian Hackers Launching New Disk-wiping Malware “ZeroCleare” To Bypass The Windows Controls & Crash Network DisksResearchers discovered a new wave of destructive attack by the Iranian hacker group using disk-wiping malware “ZeroCleare” to wipe the MBR and damage disk partitions on a large number of networked devices. ZeroCleare malware attacks various industries such as energy and industrial sectors mainly in the Middle East, and malware believed to be developed and…Hacker's DenDec 05 2019
• What's in a Botnet? Researchers Spy on Geost OperatorsThe investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.Hacker's DenDec 04 2019

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

Cyber Defense

• Security Affairs newsletter Round 243 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Data of 21 million Mixcloud users available for sale on the dark web Google warned 12K+ users targeted by state-sponsored hackers Twitter account of Huawei Mobile Brazil hacked Clop Ransomware attempts to disable Windows Defender and Malwarebytes Europol…Security DefenseDec 08 2019
• US authorities charged Dridex gang members for stealing over $100 Million US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V. (32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan, and for their involvement in international bank fraud…Security DefenseDec 08 2019
• Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets. According to German media, hackers suspected to be members of the Vietnam-linked APT Ocean Lotus (APT32) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade…Security DefenseDec 07 2019
• Russia-linked Gamaredon group targets Ukraine officials Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon attacks against Ukraine don’t seem to have stopped. In June malware researchers from Cybaze-Yoroi spotted a new suspicious…Security DefenseDec 07 2019
• VMware addresses ESXi issue disclosed at the Tianfu Cup hacking competition VMware has addressed a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition. This week VMware has released security updates that fix a critical remote code execution vulnerability in ESXi that was recently disclosed by white hat hackers at the Tianfu Cup hacking competition in China. The Tianfu…Security DefenseDec 06 2019
• CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel Researchers from the University of New Mexico have discovered a vulnerability, tracked as CVE-2019-14899, that can be exploited by an attacker to determine if a user is connected to a VPN and hijack active TCP…Security DefenseDec 06 2019
• OpenBSD addresses authentication bypass, privilege escalation issues Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs. The three issued could be exploited by local users or malware to…Security DefenseDec 06 2019
• China used the Great Cannon DDoS Tool against forum used by Hong Kong protestorsChina is accused to have used the “Great Cannon” DDoS tool to launch attacks against LIHKG, a forum used by Hong Kong residents to organize protests. The Great Cannon Distributed Denial of Service (DDoS) tool was used again by the Chinese government, this time it was used to target the LIHKG forum used by Hong Kong protesters to…Security DefenseDec 05 2019
• CyrusOne, one of the major US data center provider, hit by ransomware attackRansomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware. The company reported the incident to law…Security DefenseDec 05 2019
• The evolutions of APT28 attacksAnalyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International…Security DefenseDec 05 2019
• Iran-Linked APT groups target energy, industrial sectors with ZeroCleare WiperExperts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted…Security DefenseDec 05 2019
• Two malicious Python libraries were stealing SSH and GPG keysThe Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers.…Security DefenseDec 04 2019
• Mozilla removed 4 Avast and AVG extensions for spying on Firefox usersMozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained…Security DefenseDec 04 2019
• Talos experts found a critical RCE in GoAhead Web ServerExperts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and…Security DefenseDec 04 2019
• A flaw in Microsoft OAuth authentication could lead Azure account takeoverA vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365…Security DefenseDec 03 2019