Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• New Breed of Fuel Pump Skimmer? Not Really Fraud investigators say they've uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device…Krebs on SecurityFeb 21 2019
• A Deep Dive on the Recent Widespread DNS Hijacking AttacksThe U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that…Krebs on SecurityFeb 18 2019
• Bomb Threat Hoaxer Exposed by Hacked Gaming SiteFederal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused…Krebs on SecurityFeb 14 2019
• Patch Tuesday, February 2019 EditionMicrosoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month's patch batch tackles some notable threats to enterprises -- including multiple flaws that were publicly disclosed prior to Patch Tuesday. It also bundles…Krebs on SecurityFeb 13 2019
• Email Provider VFEmail Suffers ‘Catastrophic’ HackEmail provider VFEmail has suffered what the company is calling "catastrophic destruction" at the hands of an as-yet unknown intruder who trashed all of the company's primary and backup data in the United States. The firm's founder says he now fears some 18 years' worth of customer email may be gone forever.Krebs on SecurityFeb 12 2019

Hacks

• Google forgot to tell customers that Nest Hub has a microphone Google on Wednesday revealed that it forgot to inform users that its Nest Secure home alarm system includes a microphone. Google announced this week that it forgot to inform users that its Nest Secure home alarm system includes a microphone. “The problem: Nest users didn’t know a microphone existed on their security device to begin…Security Affairs by Pierluigi PaganiniFeb 22 2019
• Cisco addresses flaws in HyperFlex and Prime Infrastructure Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix…Security Affairs by Pierluigi PaganiniFeb 22 2019
• Expert found a DoS flaw in Windows Servers running IIS Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, the CPU usage will temporarily spike to 100%…Security Affairs by Pierluigi PaganiniFeb 22 2019
• Adobe released second fix for the same Adobe Reader flaw Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised…Security Affairs by Pierluigi PaganiniFeb 21 2019
• Security experts released new GandCrab Decryptor for free Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The…Security Affairs by Pierluigi PaganiniFeb 21 2019
• Critical bug in WINRAR affects all versions released in the last 19 years Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the…Security Affairs by Pierluigi PaganiniFeb 21 2019
• CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack…Security Affairs by Pierluigi PaganiniFeb 21 2019
• The interface of WinPot ATM Malware looks like a slot machine Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from…Security Affairs by Pierluigi PaganiniFeb 21 2019
• Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018.  Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging…Security Affairs by Pierluigi PaganiniFeb 20 2019
• Expert released a PoC for a remote code execution flaw in mIRC App Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat…Security Affairs by Pierluigi PaganiniFeb 20 2019
• North Korea’s Lazarus APT targets Russian Entities Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were…Security Affairs by Pierluigi PaganiniFeb 20 2019
• Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels. North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest. “North Country Business Products, Inc. (“North Country”), today announced that a recent data…Security Affairs by Pierluigi PaganiniFeb 20 2019
• Experts found a Remote Code Execution flaw in WordPress 5.0.0 Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited…Security Affairs by Pierluigi PaganiniFeb 20 2019
• Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. Security expert discovered an exposed MongoDB that reveals facial recognition abuse for tracking the Uyghur Muslim minority in China.Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. We have debated for a long time the surveillance campaigns conducted by the Chinese government, now the news of the day is the…Security Affairs by Pierluigi PaganiniFeb 20 2019
• The Muncy malware is on the rise Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad…Security Affairs by Pierluigi PaganiniFeb 19 2019

Hacker's Den

• New Legislation Builds on California Data Breach Law This bill requires businesses to notify consumers of compromised passport numbers and biometric data.Hacker's DenFeb 22 2019
• To Mitigate Advanced Threats, Put People Ahead of Tech Preventative technologies are only part of the picture and often come at the expense of the humans behind them.Hacker's DenFeb 22 2019
• Hackers using Malware that Steal Premium Users Credentials from Pornhub, XVideos to sell it in Dark Web New Threat report revealed that Credential stealing malware were dramatically increased in 2018 that target the adult websites premium users credentials to selling it in dark web. These credentials are most wanted data in underground market place in Dark web where cybercriminals selling these stolen data for thousands. It very common that pornography website is…Hacker's DenFeb 22 2019
• Tracking Photo’s Geo-location with GPS EXIF DATA – Forensic Analysis This article is about collecting metadata from photographs. Metadata is an information which is created for every file’s format. Examples for metadata: file created date and time, last edited etc. In this article, we will take a picture from iPhone and analyze that Image to collect various metadata for collected evidence. Before starting your forensic investigation for images,…Hacker's DenFeb 22 2019
• New Hacking Tools launching Crypto-Malware by Exploit a Windows SMB Server Vulnerability Cybercriminals now leveraging new hacking tools and remote access software to drop cryptocurrency malware by exploiting a Windows SMB Server Vulnerability . There are 2 main hacking tools that are used by attackers to drop random file info to the targeted systems windows registry. First one is MIMIKATZ , a powerful post-exploitation hacking tool which is used with…Hacker's DenFeb 22 2019
• Personal Data of 458,388 Delhi Citizens Exposed Online from an Unprotected Database A database that contains highly sensitive information of about 458,388 individuals located in Delhi exposed for public access without any password protection. Security researcher Bob Diachenko discovered the publically exposed database name “GNCTD” that indexed by Shodan. The 4.1GB-sized MongoDB belongs to Government of National Capital Territory of Delhi and by analyzing contents Bob Diachenko…Hacker's DenFeb 22 2019
• Attack Campaign Experiments with Rapid Changes in Email Lure Content It's like polymorphic behavior - only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.Hacker's DenFeb 21 2019
• Human Negligence to Blame for the Majority of Insider Threats In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web - a 20% jump from 2018.Hacker's DenFeb 21 2019
• Why Cybersecurity Burnout Is Real (and What to Do About It) The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.Hacker's DenFeb 21 2019
• New Free Tool Scans for Chrome Extension Safety CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.Hacker's DenFeb 21 2019
• Cyber Extortionists Can Earn $360,000 a Year Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.Hacker's DenFeb 21 2019
• Security Analysts Are Only Human SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.Hacker's DenFeb 21 2019
• Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100% Microsoft Security advisory released a new flaw in IIS server that Microsoft  the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server. This malicious process will remain continually affected the CPU usage until the Malicious connection killed by the IIS server. IIS is a web server created…Hacker's DenFeb 21 2019
• 19-Year-Old Vulnerability in WinRAR Allows Attackers to Get Complete Control over victim’s Computer A critical old Remote Code Execution bug puts 500 million WinRAR users worldwide at risk. The vulnerability remains undetected for 19 years. Security researchers from Checkpoint published the technical details of the critical vulnerability that exists in the most popular software. Based on the crash tests researchers detected an old DLL library that compiled back…Hacker's DenFeb 21 2019
• Facebook Released New Location Privacy Control for Android Users to Stop Collecting Location Data Facebook announced new location privacy control future for Android users that allows users to control their location data that collects by Facebook. Android provides an option for its users to control their location by turn off/on that helps to control the location data whether Facebook or other apps collection users precise location. Facebook users frequently…Hacker's DenFeb 21 2019

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

• Liechtenstein Bank Sets up Cryptocurrency Trading Platform for Institutional Investors  Bitcoin.Mixed Attack RSS FeedsFeb 21 2019
• Cryptocurrency companies use 'backdoor' listings to ease into mainstream HONG KONG (Reuters) - Several cryptocurrency exchanges have moved closer to mainstream markets by buying listed companies, looking to raise funds and present themselves as embedded in the traditional financial services world they once spurned. In the most recent deal, U.S. crypto broker-dealer Voyager Digital on Feb. 11 achieved a “backdoor” listing on Toronto’s Venture…Mixed Attack RSS FeedsFeb 21 2019
• Davidson County 911 Center Director Terry Bailey retiring Choose the plan that’s right for you. Digital access or digital and print delivery.Mixed Attack RSS FeedsFeb 21 2019
• China defends Australian coal block, Parliament cyber attack calling hacking claims 'baseless' Mixed Attack RSS FeedsFeb 21 2019
• Huawei to boost research and development spending in Canada, even if government blocks its 5G tech Chinese telecommunications company Huawei pledged Thursday to boost investment in research and development in Canada and to add 200 high-paying jobs here amid ongoing concerns over the company’s role in the development of new high-speed 5G wireless networks. Ottawa is in the midst of a review of national and economic security around 5G technology and…Mixed Attack RSS FeedsFeb 21 2019
• 'We're watching you': Why doxxing is the new weapon of choice for cyber bullies and trolls Updated February 22, 2019 10:59:55 "The purpose of me putting your number online was so people can reach you directly." That's what far-right activist Avi Yemini told me last week when I called to ask him why he'd published my personal mobile phone number on his Facebook page. He also referred to my family as…Mixed Attack RSS FeedsFeb 21 2019
• Cryptocurrency Exchange Exmo Opens Branch in Turkey  Bitcoin.Mixed Attack RSS FeedsFeb 21 2019
• Chhattisgarh BJP website hacked by 'Pakistani hackers' Mixed Attack RSS FeedsFeb 21 2019
• New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth Fraud investigators say they've uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device…Mixed Attack RSS FeedsFeb 21 2019
• Cryptocurrency is a sophisticated pyramid scheme, Reserve Bank warns | Sunday Tribune News / 21 February 2019, 3:33pm / SIPHELELE BUTHELEZI Cape Town - The South African Reserve Bank has no plans to recognise cryptocurrencies such as Bitcoin, which has created frenzy around the world. Reserve Bank Governor Lesetja Kganyago said cryptocurrency did not meet any requirements of a currency and described it as a sophisticated pyramid scheme. Kganyago was responding…Mixed Attack RSS FeedsFeb 21 2019
• Google Adds Bitcoin Cryptocurrency Symbol to Keyboard for iOS Devices A media outlet’s report on February 21 reveals that Google, a U.S. based search engine giant has added a Bitcoin currency symbol to its keyboard for iOS devices. The icon for the most popular cryptocurrency based on market capitalization now sits alongside others like the Yen, Dollar, Euro, and Pounds. Per the report, users of…Mixed Attack RSS FeedsFeb 21 2019
• Gov't best source for human rights info: envoy By Gigie Arcilla February 21, 2019, 6:00 pm GENEVA, Switzerland – A Philippine ambassador to the United Nations (UN) here on Wednesday said it is always best to verify with the government matters pertaining to human rights and security amid the misinformation of some groups that have influence in countries around the world. “They constitute…Mixed Attack RSS FeedsFeb 21 2019
• Samsung Launches Galaxy Series Preloaded With Cryptocurrency Wallet  Bitcoin.Mixed Attack RSS FeedsFeb 21 2019
• Online ATM-style scam puts shoppers at risk: Symantec File: "Formjacking" is essentially an online version of ATM tampering, which allows thieves to grab the PIN codes of unsuspecting customers. PARIS - Online shoppers are at growing risk from a scam which allows hackers to skim their payment details, cybersecurity firm Symantec warned on Wednesday. "Formjacking" is essentially an online version of ATM tampering, which…Mixed Attack RSS FeedsFeb 20 2019
• China ditches 2015 cybersecurity pact with US Read More Mixed Attack RSS FeedsFeb 20 2019

Cyber Defense

• Google forgot to tell customers that Nest Hub has a microphone Google on Wednesday revealed that it forgot to inform users that its Nest Secure home alarm system includes a microphone. Google announced this week that it forgot to inform users that its Nest Secure home alarm system includes a microphone. “The problem: Nest users didn’t know a microphone existed on their security device to begin…Security DefenseFeb 22 2019
• Cisco addresses flaws in HyperFlex and Prime Infrastructure Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix…Security DefenseFeb 22 2019
• Expert found a DoS flaw in Windows Servers running IIS Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, the CPU usage will temporarily spike to 100%…Security DefenseFeb 22 2019
• Adobe released second fix for the same Adobe Reader flaw Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised…Security DefenseFeb 21 2019
• Security experts released new GandCrab Decryptor for free Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The…Security DefenseFeb 21 2019
• Critical bug in WINRAR affects all versions released in the last 19 years Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the…Security DefenseFeb 21 2019
• CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack…Security DefenseFeb 21 2019
• The interface of WinPot ATM Malware looks like a slot machine Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from…Security DefenseFeb 21 2019
• Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018.  Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging…Security DefenseFeb 20 2019
• Expert released a PoC for a remote code execution flaw in mIRC App Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat…Security DefenseFeb 20 2019
• North Korea’s Lazarus APT targets Russian Entities Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were…Security DefenseFeb 20 2019
• Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels. North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest. “North Country Business Products, Inc. (“North Country”), today announced that a recent data…Security DefenseFeb 20 2019
• Experts found a Remote Code Execution flaw in WordPress 5.0.0 Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited…Security DefenseFeb 20 2019
• Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. Security expert discovered an exposed MongoDB that reveals facial recognition abuse for tracking the Uyghur Muslim minority in China.Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. We have debated for a long time the surveillance campaigns conducted by the Chinese government, now the news of the day is the…Security DefenseFeb 20 2019
• The Muncy malware is on the rise Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad…Security DefenseFeb 19 2019