Recent Cyber News Feed Spot
Welcome to our Recent Cyber News Feed:
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Credit Freezes are Free: Let the Ice Age Begin It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you've been holding out because you're not particularly worried about ID theft, here's another reason to…
Mirai Botnet Authors Avoid Jail TimeCiting "extraordinary cooperation" with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using "Mirai," a potent malware strain used in countless attacks designed to knock Web sites offline -- including an enormously powerful attack in 2016 that sidelined this…
GovPayNow.com Leaks 14M+ RecordsGovernment Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the…
U.S. Mobile Giants Want to be Your Online IdentityThe four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer's phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here's a look at what's coming, and the…
Patch Tuesday, September 2018 EditionAdobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, including several flaws that were publicly detailed prior to today and…
In a Few Days, Credit Freezes Will Be Fee-FreeLater this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you've been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it's just…
Hacks
Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Bondars was convicted of conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with intent to cause damage. “A Latvian “non-citizen,” meaning a citizen…
DanaBot banking Trojan evolves and now targets European countries Security experts at ESET have recently observed a surge in activity of DanaBot banking Trojan that is now targeting Poland, Italy, Germany, Austria, and as of September 2018, Ukraine. Security experts at ESET have recently observed a surge in activity of DanaBot banking Trojan that was first spotted earlier this year. DanaBot is a multi-stage modular banking…
Ngrok Mining Botnet The Ngrok campaign is unique in terms of its overall sophistication for a Docker-based attack vector. Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure. Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware.…
Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The researcher Lucas Leong of the Trend Micro Security Research team publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The flaw is an out-of-bounds (OOB) write in the JET Database Engine…
Homebuyers Being Targeted by Money Transfer Scam Money Transfer Scam – Scammers hack the victims’s email accounts, monitor conversations between the buyers and title agents, send instructions on where to wire the money. A new homebuyer moves through a period of vulnerable transition as they invest in their future. This sensitive stage — a confusing flurry of representatives, documentation and planning —…
Cisco fixes Remote Code Execution flaws in Webex Network Recording Player Cisco released security patches to fix RCE flaws in the Webex Network Recording Player for Advanced Recording Format (ARF). Cisco released security patches to address vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) (CVE-2018-15414, CVE-2018-15421, and CVE-2018-15422) that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on a…
Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange. According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash. The stole digital currencies…
Sustes Malware: CPU for Monero Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows…
US State Department confirms data breach to unclassified email system The US State Department confirmed that hackers breached one of its email systems, the attack potentially exposed personal information of some of its employees. The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people. “The Department recently detected activity of concern in its unclassified email system, affecting less…
Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. Magecart is active since at least 2015, recently the group hacked the websites of Ticketmaster, British Airways, and Feedify…
Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code. “Adobe has released security updates for Adobe Acrobat and Reader for Windows…
Access to over 3,000 compromised sites sold on Russian black marketplace MagBoSecurity experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for…
Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP techniqueExperts at the CSE Cybsec Z-Lab have found a Gafgyt variant implementing the “Non Un-Packable” technique recently presented in a cyber security conference A new variant of the Gafgyt botnet is spreading in the last hours and experts of the CSE Cybsec Z-Lab have found it with the support of the Italian cyber security experts @Odisseus and GranetMan.…
Mirai authors avoid the jail by helping US authorities in other investigationsThree men who admitted to being the authors of the Mirai botnet avoided the jail after helping the FBI in other cybercrime investigations. I’m following the evolution of Mirai botnet since MalwareMustDie shared with me the findings of its investigation in August 2016. Now three individuals who admitted to being the authors of the infamous botnet avoided the…
Evolution of threat landscape for IoT devices – H1 2018Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged…
Hacker's Den
Binwalk – Analyzing Embedded Files and Executable Code with Firmware Images Binwalk is a device for looking a given binary image for embedded documents and executable code. Specifically, it’s far designed for figuring out files and code embedded inner of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Author: Craig Heffner License: MIT Binwalk…
Bug in Apple Store Allowed more than 500 iPhones For Just 0.03 USD A Taiwanese IT engineer named Chang Chi-yuan uncovered a bug in the Apple’s payment system that allowed him to buy more than 500 iPhones for a Taiwanese dollar which is equivalent to 0.03 USD. He posted screenshots on Facebook indicating that he successfully paid a Taiwanese dollar for 500 iPhone 8 Plus 256 GB and…
Hackers Spreading New Virobot Ransomware with Powerful Botnet & Keylogging Capabilities Researchers discovered new Virobot Ransomware that distributed along with botnet futures mainly focusing on victims based on the United States. Attackers using spam email botnet to delivery the ransomware into more number of victims and this ransomware doesn’t have a previous Ransomware family. Cybercriminals always finding new innovative techniques to compromise victims by developing sophisticated threats. Initially,…
EE’s 4G WiFi Modem Privilege Escalation Vulnerability Allows Let Attacker Bypass & Gain Windows Access New local privilege escalation vulnerability discovered in EE’s 4G WiFi Modem allow cybercriminals bypass the modem and gain the admin level privilege. EE is a British mobile network operator, internet service provider and It is the largest mobile network operator in the UK. This critical vulnerability specificaly identified in EE’s 4G Mini WiFi modem access to…
p0f – Passive Traffic Analysis OS Fingerprinting and Forensics Tool P0f is a OS Fingerprinting and Forensics Tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number…
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
US Approves Cyber Weapons Against Foreign Enemies The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
$60 Million Worth Cryptocurrencies Stolen Hackers From Japanese Cryptocurrency Exchange Hackers stolen cryptocurrencies worth $60 million form Japanese cryptocurrency exchange firm Zaif exchange hot wallet that connected to the internet. The stolen cryptocurrencies include Bitcoin, Monacoin and Bitcoin Cash, the attackers gained control over Zaif exchange hot wallet for two hours and transferred the funds. Tech Bureau group who owns Zaif said that bout 2.2…
Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations The three hackers who controlled the notorious Mirai botnet was sentenced last year in a conspiracy to violate the Computer Fraud & Abuse Act. Mirai is malware which turns computer systems running Linux into remotely controlled “bots”, that can be used as part of a botnet in large-scale network attacks. Mirai Botnet Creators The Mirai…
ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline A Microsoft Zero-day vulnerability that existing in Microsoft JET Database Engine has been crossed zero-day Initiative (ZDI) 120 days disclosure deadline and now it released in public. ZDI initially reported this zero-day flow to Microsoft on May 8, 2018, since then Microsoft acknowledged the vulnerability and started working on it to provide the patch for…
3000 Hacked Websites Access comes to Sale in Russian Underground Dark Web Marketplace Cybercriminals listed 3000 Hacked websites access for sale in Russian based underground marketplace that sells for less than $50. The underground marketplace is the best area for criminals where they can sell and buy various malicious software and stolen data for a very cheapest price. This hacked website selling in Russian-speaking underground marketplace called MagBo where…
Think Like An Attacker: How a Red Team Operates Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Retail Sector Second-Worst Performer on Application Security A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
ID TheftCyber AttacksCyber NewsCyber Attack and HacksCyber Defense- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Bondars was convicted of conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with intent to cause damage. “A Latvian “non-citizen,” meaning a citizen…
- DanaBot banking Trojan evolves and now targets European countries Security experts at ESET have recently observed a surge in activity of DanaBot banking Trojan that is now targeting Poland, Italy, Germany, Austria, and as of September 2018, Ukraine. Security experts at ESET have recently observed a surge in activity of DanaBot banking Trojan that was first spotted earlier this year. DanaBot is a multi-stage modular banking…
- Ngrok Mining Botnet The Ngrok campaign is unique in terms of its overall sophistication for a Docker-based attack vector. Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure. Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware.…
- Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The researcher Lucas Leong of the Trend Micro Security Research team publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The flaw is an out-of-bounds (OOB) write in the JET Database Engine…
- Homebuyers Being Targeted by Money Transfer Scam Money Transfer Scam – Scammers hack the victims’s email accounts, monitor conversations between the buyers and title agents, send instructions on where to wire the money. A new homebuyer moves through a period of vulnerable transition as they invest in their future. This sensitive stage — a confusing flurry of representatives, documentation and planning —…
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player Cisco released security patches to fix RCE flaws in the Webex Network Recording Player for Advanced Recording Format (ARF). Cisco released security patches to address vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) (CVE-2018-15414, CVE-2018-15421, and CVE-2018-15422) that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on a…
- Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange. According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash. The stole digital currencies…
- Sustes Malware: CPU for Monero Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows…
- US State Department confirms data breach to unclassified email system The US State Department confirmed that hackers breached one of its email systems, the attack potentially exposed personal information of some of its employees. The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people. “The Department recently detected activity of concern in its unclassified email system, affecting less…
- Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. Magecart is active since at least 2015, recently the group hacked the websites of Ticketmaster, British Airways, and Feedify…
- Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code. “Adobe has released security updates for Adobe Acrobat and Reader for Windows…
- Access to over 3,000 compromised sites sold on Russian black marketplace MagBoSecurity experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for…
- Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP techniqueExperts at the CSE Cybsec Z-Lab have found a Gafgyt variant implementing the “Non Un-Packable” technique recently presented in a cyber security conference A new variant of the Gafgyt botnet is spreading in the last hours and experts of the CSE Cybsec Z-Lab have found it with the support of the Italian cyber security experts @Odisseus and GranetMan.…
- Mirai authors avoid the jail by helping US authorities in other investigationsThree men who admitted to being the authors of the Mirai botnet avoided the jail after helping the FBI in other cybercrime investigations. I’m following the evolution of Mirai botnet since MalwareMustDie shared with me the findings of its investigation in August 2016. Now three individuals who admitted to being the authors of the infamous botnet avoided the…
- Evolution of threat landscape for IoT devices – H1 2018Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged…
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Hacks
Hacker's Den
ID Theft
Cyber Attacks
Cyber News
Cyber Attack and Hacks
Cyber Defense