Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• Meet Bluetana, the Scourge of Pump Skimmers"Bluetana," a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help…Krebs on SecurityAug 14 2019
• Patch Tuesday, August 2019 EditionMost Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it's all going to turn out. Fortunately, this month's patch batch from Redmond is mercifully…Krebs on SecurityAug 13 2019
• SEC Investigating Data Leak at First American Financial Corp.The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.Krebs on SecurityAug 12 2019
• iNSYNQ Ransom Attack Began With Phishing EmailA ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ's internal network to properly stage things before unleashing the ransomware.…Krebs on SecurityAug 09 2019
• Who Owns Your Wireless Service? Crooks Do.Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists. If you are somehow under the…Krebs on SecurityAug 07 2019
• The Risk of Weak Online Banking PasswordsIf you bank online and choose weak or re-used passwords, there's a decent chance your account could be pilfered by cyberthieves -- even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to…Krebs on SecurityAug 05 2019

Hacks

• At least 23 Texas local governments targeted by coordinated ransomware attacks At least 23 local governments were impacted by a wave of ransomware attacks that according to the experts are the result of a coordinated effort. Texas is the victim of an ongoing wave of ransomware attacks that are targeting local governments. At least 23 local government organizations were impacted by the ransomware attacks, the Department…Security Affairs by Pierluigi PaganiniAug 18 2019
• Security Affairs newsletter Round 227 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 10-year-old vulnerability in Avaya VoIP Phones…Security Affairs by Pierluigi PaganiniAug 18 2019
• Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law…Security Affairs by Pierluigi PaganiniAug 18 2019
• Intel addresses High-Severity flaws in NUC Firmware and other tools Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that…Security Affairs by Pierluigi PaganiniAug 18 2019
• Capital One hacker suspected to have breached other 30 companies Federal prosecutors revealed that Paige Thompson, who was arrested after the Capital One data breach, may have hacked more than 30 other organizations. In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breach that exposed personal information from 106 million Capital One credit applications. A hacker that goes…Security Affairs by Pierluigi PaganiniAug 18 2019
• New DanaBot banking Trojan campaign targets Germany The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries.  DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The…Security Affairs by Pierluigi PaganiniAug 17 2019
• Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. Security expert Peleg Hadar from SafeBreach discovered a DLL hijacking vulnerability in the Trend Micro Password Manager that could be exploited to execute arbitrary code with the permissions of the most privileged…Security Affairs by Pierluigi PaganiniAug 17 2019
• Expert shows how to bypass a fix for a recently discovered Steam flaw A security researcher demonstrated how to bypass a fix released by Valve for a recently discovered Steam vulnerability re-enabling the attack. A few days ago, the security experts Matt Nelson and Vasily Kravets separately disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative…Security Affairs by Pierluigi PaganiniAug 17 2019
• USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$ USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. (Wanna know how to make it? Read the article below.)  All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable…Security Affairs by Pierluigi PaganiniAug 16 2019
• 700,000 records belonging to Choice Hotels customer leaked online. Crooks demanded ransom Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return.  Experts at Comparitech with the help of the popular researcher Bob Diachenko discovered an unsecured database containing 700,000 records from the hotel franchise Chain Hotel. The experts discovered the unsecured MongoDB archive containing 5.6 million records…Security Affairs by Pierluigi PaganiniAug 16 2019
• Hurry Up! Update your LibreOffice because 2 patches have been bypassed The latest version of LibreOffice (6.2.6/6.3.0) addresses three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice has released a new version of the popular open-source office software that addressed three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice attempted to fix one of…Security Affairs by Pierluigi PaganiniAug 16 2019
• European Central Bank (ECB) discloses data breach in BIRD Newsletter The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter The ECB was the victim of a data breach, the bank announced that hackers had access for several months to the contact information of hundreds of financial industry subscribers…Security Affairs by Pierluigi PaganiniAug 16 2019
• Mozilla addresses “master password” security bypass flaw in Firefox The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox (Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “When a master password…Security Affairs by Pierluigi PaganiniAug 16 2019
• Biometric data of 1M leaked via an unsecured Suprema owned databaseResearchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company.…Security Affairs by Pierluigi PaganiniAug 15 2019
• A flaw in Kaspersky Antivirus allowed tracking its users onlineA vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The…Security Affairs by Pierluigi PaganiniAug 15 2019

Hacker's Den

• Active Directory Penetration Testing Checklist This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network. “Active Directory” Called as “AD” is a directory service that Microsoft developed for the Windows domain network. Using it you can to control domain computers and services that are running on every node…Hacker's DenAug 19 2019
• 85 Malicious Photography and Gaming Adware Apps Installed Over 8 Million Times From Play Store Researchers discovered nearly 85 malicious adware apps in Google play store that intended to upload for delivering adware and monetize from affected Android devices. These Fraudulent adware apps were installed over 8 million times from the Google play store, and the malicious ads displaying in the affected phone are very difficult to close. Past two-years…Hacker's DenAug 18 2019
• Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems. The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft…Hacker's DenAug 17 2019
• 10 Best Free Password Manager to Secure Your Password For 2019 Free Password Manager always helps to make Strong passwords to protect your devices, online banking accounts and other data sources from unauthorized access. In this article, we highlight the Best open source Password Manager for Android, Mac and iPhone. Do I really need a password manager? Manage different password for so many accounts in online…Hacker's DenAug 17 2019
• Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.Hacker's DenAug 16 2019
• Behind the Scenes at ICS Village ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.Hacker's DenAug 16 2019
• Newly Discovered Hacking Tools Remotely control the Hacked Computers via a GUI & Command-Line Interface Researchers discovered two new malicious hacking tools (BalkanRAT, BalkanDoor) from the ongoing campaign Balkans that act as a remote access trojan and backdoor. Malware authors developed these Tools with two different features. BalkanRAT, a remote access trojan that controls the compromised computer remotely via a graphical interface and the BalkanDoor performing the same operation using…Hacker's DenAug 16 2019
• Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security ProfessionalsThreat Intelligence & Endpoint Security Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Endpoint Security list that covers Performing Penetration testing Operation in all the Corporate Environments. Also Read: Take Best Cyber security and Ethical Hacking Online courses Endpoint Security Tools…Hacker's DenAug 16 2019
• NSA Researchers Talk Development, Release of Ghidra SRE ToolNSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.Hacker's DenAug 15 2019
• Adware, Trojans Hit Education Sector HardStudents continue to be weak links for schools and universities, according to data from security firm Malwarebytes.Hacker's DenAug 15 2019
• The Threat Hacking Poses To Your Business’s ReputationCyber-criminals are increasingly aggressive about targeting businesses of every size. Even if your own company is a small one, hacking can cause serious reputation damage if you don’t take steps to protect it. The real cost of hacking was made clear in a 2015 BBC report. Using data assembled by antivirus software company McAfee and…Hacker's DenAug 15 2019
• Hackers use Backdoor and Trojan to Attack Financial Departments of OrganizationsHackers use backdoor and remote access trojan that let attackers gain complete remote control over the compromised computer. The campaign particularly targets the financial departments of the organization in the Balkans region. The campaign is financially motivated, it includes two tools dubbed BalkanDoor and BalkanRAT and distributed through tax themed malicious emails. Active for a…Hacker's DenAug 15 2019
• 7 Biggest Cloud Security Blind SpotsCloud computing boon is for innovation, yet security organizations find themselves running into obstacles.Hacker's DenAug 15 2019
• 5 Things to Know About Cyber InsuranceMore businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.Hacker's DenAug 15 2019
• Biometric Security Platform Data Breach Leaked Millions of Users Facial Recognition & Fingerprinting DataSecurity researchers discovered the biggest data breach in Biometric Security Platform BioStar 2 that leaks millions of users facial recognition records, fingerprints, log data, and other personal information. BioStar 2, a web-based biometric security smart lock platform by world’s biggest bio-access B2B company Suprema, and the platform used by UK Metropolitan police, defense contractors and…Hacker's DenAug 15 2019

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

Cyber Defense

• At least 23 Texas local governments targeted by coordinated ransomware attacks At least 23 local governments were impacted by a wave of ransomware attacks that according to the experts are the result of a coordinated effort. Texas is the victim of an ongoing wave of ransomware attacks that are targeting local governments. At least 23 local government organizations were impacted by the ransomware attacks, the Department…Security DefenseAug 18 2019
• Security Affairs newsletter Round 227 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 10-year-old vulnerability in Avaya VoIP Phones…Security DefenseAug 18 2019
• Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law…Security DefenseAug 18 2019
• Intel addresses High-Severity flaws in NUC Firmware and other tools Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that…Security DefenseAug 18 2019
• Capital One hacker suspected to have breached other 30 companies Federal prosecutors revealed that Paige Thompson, who was arrested after the Capital One data breach, may have hacked more than 30 other organizations. In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breach that exposed personal information from 106 million Capital One credit applications. A hacker that goes…Security DefenseAug 18 2019
• New DanaBot banking Trojan campaign targets Germany The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries.  DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The…Security DefenseAug 17 2019
• Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. Security expert Peleg Hadar from SafeBreach discovered a DLL hijacking vulnerability in the Trend Micro Password Manager that could be exploited to execute arbitrary code with the permissions of the most privileged…Security DefenseAug 17 2019
• Expert shows how to bypass a fix for a recently discovered Steam flaw A security researcher demonstrated how to bypass a fix released by Valve for a recently discovered Steam vulnerability re-enabling the attack. A few days ago, the security experts Matt Nelson and Vasily Kravets separately disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative…Security DefenseAug 17 2019
• USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$ USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. (Wanna know how to make it? Read the article below.)  All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable…Security DefenseAug 16 2019
• 700,000 records belonging to Choice Hotels customer leaked online. Crooks demanded ransom Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return.  Experts at Comparitech with the help of the popular researcher Bob Diachenko discovered an unsecured database containing 700,000 records from the hotel franchise Chain Hotel. The experts discovered the unsecured MongoDB archive containing 5.6 million records…Security DefenseAug 16 2019
• Hurry Up! Update your LibreOffice because 2 patches have been bypassed The latest version of LibreOffice (6.2.6/6.3.0) addresses three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice has released a new version of the popular open-source office software that addressed three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice attempted to fix one of…Security DefenseAug 16 2019
• European Central Bank (ECB) discloses data breach in BIRD Newsletter The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter The ECB was the victim of a data breach, the bank announced that hackers had access for several months to the contact information of hundreds of financial industry subscribers…Security DefenseAug 16 2019
• Mozilla addresses “master password” security bypass flaw in Firefox The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox (Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “When a master password…Security DefenseAug 16 2019
• Biometric data of 1M leaked via an unsecured Suprema owned databaseResearchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company.…Security DefenseAug 15 2019
• A flaw in Kaspersky Antivirus allowed tracking its users onlineA vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The…Security DefenseAug 15 2019