Recent Cyber News Feed Spot
Welcome to our Recent Cyber News Feed:
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Human Resources Firm ComplyRight Breached Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousands of clients on behalf of employees. Cloud-based human resources company ComplyRight said…
‘LuminosityLink RAT’ Author Pleads GuiltyA 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called "LuminosityLink," a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.
Sextortion Scam Uses Recipient’s Hacked PasswordsHere's a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who's compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the…
Notorious ‘Hijack Factory’ Shunned from WebScore one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company's bandwidth providers chose to sever ties with the company.
Patch Tuesday, July 2018 EditionMicrosoft and Adobe each issued security updates for their products today. Microsoft's July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat.
ExxonMobil Bungles Rewards Card DebutEnergy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors.
Hacks
‘IT system issue’ caused cancellation of British Airways cancelled flights at Heathrow British Airways canceled flights at Heathrow due to an ‘IT system issue,’ the incident occurred on Wednesday and affected thousands of passengers. The problem had severe repercussions on the air traffic, many passengers also had their flights delayed. “On one of the busiest days of the summer, British Airways cancelled dozens of flights to and from Heathrow,…
Thousands of Mega account credentials leaked online, it is credential stuffing Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security, discovered in June a text file containing over 15,500 usernames, passwords, and files names. 😢 Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings) 😥🤬…
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws could be exploited by a remote unauthenticated attacker to access…
Expert discovered RoboCent AWS S3 bucket containing US voters’ records exposed online A security researcher has discovered that the US political robocall firm RoboCent exposed personal details of hundreds of thousands of US voters. The US political robocall firm RoboCent exposed personal details of hundreds of thousands of US voters. The researcher Bob Diachenko from Kromtech Security discovered the company database exposed online. The expert was using the online service GrayhatWarfare that could be…
How crooks conduct Money Laundering operations through mobile games Experts uncovered a money laundering ring that leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards. A money laundering ring leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards and then sells these game premiums on online forums and within gaming communities. The money laundering…
US Biggest Blood Testing Laboratories LabCorp suffered a security breach Hackers have breached the network at LabCorp, one of the largest diagnostic blood testing laboratories in the US, millions of Americans potentially at risk. The biggest blood testing laboratories network in the US, LabCorp has suffered a security breach. The company announced the incident on Monday, the security breach occurred over the weekend. The hackers breached into…
QUASAR, SOBAKEN AND VERMIN RATs involved in espionage campaign on Ukraine Security experts from ESET uncovered an ongoing cyber espionage campaign aimed at Ukrainian government institutions and involving three different RATs, including the custom-made VERMIN. Security researchers from ESET uncovered an ongoing cyber espionage campaign aimed at Ukrainian government institutions, attackers used at least three different remote access Trojans (RATs). The campaign was first spotted in January by…
Cyber espionage campaign targets Samsung service centers in Italy Security researchers from Italian security firm TG Soft have uncovered an ongoing malware campaigns targeting Samsung service centers in Italy. “TG Soft’s Research Centre (C.R.A.M.) has analyzed the campaign of spear-phishing on 2 april 2018 targeting the service centers of Samsung Italy.” reads the analysis published by TG Soft. “The campaign analyzed is targeting only the service centers of Samsung…
Researchers show how to manipulate road navigation systems with low-cost devices Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers and manipulate road navigation systems. Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers. The kit could be used to deceive receivers used by navigation systems and suggest drivers the wrong direction. “we explore…
Crooks deployed malicious ESLint packages that steal software registry login tokens Hackers compromised the npm account of an ESLint maintainer and published malicious versions of eslint packages to the npm registry. Crooks compromised an ESLint maintainer’s account last week and uploaded malicious packages that attempted to steal login tokens from the npm software registry. npm is the package manager for JavaScript and the world’s largest software registry. ESLint is open…
Trump – Putin meeting: “I don’t see any reason” for Russia to interfere with the US presidential electionRussian President Vladimir Putin ‘just said it’s not Russia,’ and President Trump believes him. Today the controversial meeting between Russian President Vladimir Putin and US President Donald Trump was held in Helsinki, but as expected Russian President denied any interference with the 2016 US election. After the meeting, Putin and Trump made a joint news conference and…
Cyber Defense Magazine – July 2018 has arrivedCyber Defense Magazine July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here. Cyber Defense eMagazine July 2018 Edition has arrived.We hope you enjoy this month’s edition…packed with 140…
Code hosting service GitHub can now scan also for vulnerable Python codeThe code hosting service GitHub added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. Good news for GitHub users, the platform added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. In March, the code hosting service GitHub confirmed that the introduction…
Director of National Intelligence warns of devastating cyber threat to US infrastructureThe Director of the National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he said that “warning lights are blinking red again.” The Director of National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he used the following words to express his concerns: “warning lights…
ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRsA security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. Anubhav explained that the passwords…
Hacker's Den
Security Information and Event Management (SIEM) – A Detailed Explanation SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications. Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes. Although…
Thousands of US Voters Personal Data Leaked Online Again Thousands of US voters personal details exposed online again form misconfigured Amazon S3 bucket and the data appears to be a part of Robocent, a Virginia-based political campaign, and robocalling company. Security researchers from Kromtech spotted the publically exposed Robocent cloud storage that contains 2594 listed files and opens for anyone to download. The exposed…
The Fundamental Flaw in Security Awareness Programs It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Free New Scanner Aims to Protect Home Networks Free software pinpoints vulnerabilities and offers suggestions for remediation.
Number of Retailers Impacted by Breaches Doubles The retail race for digital transformation is being run without the safety of security measures.
Hackers Compromised Navi Mumbai Hospital Computers Sytems With Ransomware Ransomware attack hits computer systems of Navi Mumbai Mahatma Gandhi Mission Hospital. The attack came into light on Sunday when a receptionist switched on her computer. As soon as they noticed the attack, the hospital authorities tried to disconnect other machines from the network, but it was too late as all the system already infected…
Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products Cisco Released critical Security Updates for many of its product where they addressed 27 new vulnerabilities which categorized under Critical, High and Medium. Some of the critical Vulnerabilities allows a remote attacker could exploit one of these vulnerabilities to take control of an affected system. Security updates released with fixes of 4 Vulnerabilities under “Critical”…
Microsoft Launches Identity Bounty program That Rewards Up to $100,000 Microsoft launches Identity Bounty program that offers bug bounty hunters up to $100,000. For security researchers who discover a security vulnerability in the Identity services would payout between $500 to $100,000. A Bug bounty program is also known as vulnerability rewards program (VRP) is the one where security researchers can disclose vulnerabilities and can receive…
LabCorp Security Breach Puts Millions of Patient Records at Risk LabCorp Security Breach puts millions of patient records at risk, LabCorp serves more than 115 million patient annually. On July 14th hackers got access to the LabCorp’s network and their IT team shut down certain parts of the network to stop the hack. LabCorp says there is no evidence of unauthorized access or misuse of…
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
New Subscription Service Takes on Ransomware Protection Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
Most Advanced Backdoor Obfuscation and Evasion Technique That used by Hackers Cybercriminals are using the most sophisticated techniques to bypass the security controls in a various organization such as IT, medical, manufacturing industries, energy sectors, even government entities. Sometimes developers are creating a backdoor for a legitimate purpose such as maintenance and easy accessibility during the technical issue via a remote location. But the hackers are using…
Oracle Releases Critical Patch Update that Covers 334 Vulnerabilities Across All the Products Oracle Releases Critical Patch Updates that contains security fixes for 334 products across all the families. The Oracle Patch Update covers products including Oracle Database Server, Oracle Global Lifecycle Management, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Virtualization, Oracle MySQL, and Oracle Sun Systems…
Blackgear Cyberespionage Abuses Blogging and Social Media Services To Evade Detection Blackgear Cyberespionage campaign is active at least from 2008, the threat actors behind the campaign use various malware tools such as the Protux and Elirks backdoor. Trend Micro Security researchers spotted the operators behind Blackgear started using their own tools based on the new attacks. As a notable behavior to avoid detection it abuses Social…
ID TheftCyber AttacksCyber NewsCyber Attack and HacksCyber Defense- ‘IT system issue’ caused cancellation of British Airways cancelled flights at Heathrow British Airways canceled flights at Heathrow due to an ‘IT system issue,’ the incident occurred on Wednesday and affected thousands of passengers. The problem had severe repercussions on the air traffic, many passengers also had their flights delayed. “On one of the busiest days of the summer, British Airways cancelled dozens of flights to and from Heathrow,…
- Thousands of Mega account credentials leaked online, it is credential stuffing Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security, discovered in June a text file containing over 15,500 usernames, passwords, and files names. 😢 Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings) 😥🤬…
- Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws could be exploited by a remote unauthenticated attacker to access…
- Expert discovered RoboCent AWS S3 bucket containing US voters’ records exposed online A security researcher has discovered that the US political robocall firm RoboCent exposed personal details of hundreds of thousands of US voters. The US political robocall firm RoboCent exposed personal details of hundreds of thousands of US voters. The researcher Bob Diachenko from Kromtech Security discovered the company database exposed online. The expert was using the online service GrayhatWarfare that could be…
- How crooks conduct Money Laundering operations through mobile games Experts uncovered a money laundering ring that leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards. A money laundering ring leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards and then sells these game premiums on online forums and within gaming communities. The money laundering…
- US Biggest Blood Testing Laboratories LabCorp suffered a security breach Hackers have breached the network at LabCorp, one of the largest diagnostic blood testing laboratories in the US, millions of Americans potentially at risk. The biggest blood testing laboratories network in the US, LabCorp has suffered a security breach. The company announced the incident on Monday, the security breach occurred over the weekend. The hackers breached into…
- QUASAR, SOBAKEN AND VERMIN RATs involved in espionage campaign on Ukraine Security experts from ESET uncovered an ongoing cyber espionage campaign aimed at Ukrainian government institutions and involving three different RATs, including the custom-made VERMIN. Security researchers from ESET uncovered an ongoing cyber espionage campaign aimed at Ukrainian government institutions, attackers used at least three different remote access Trojans (RATs). The campaign was first spotted in January by…
- Cyber espionage campaign targets Samsung service centers in Italy Security researchers from Italian security firm TG Soft have uncovered an ongoing malware campaigns targeting Samsung service centers in Italy. “TG Soft’s Research Centre (C.R.A.M.) has analyzed the campaign of spear-phishing on 2 april 2018 targeting the service centers of Samsung Italy.” reads the analysis published by TG Soft. “The campaign analyzed is targeting only the service centers of Samsung…
- Researchers show how to manipulate road navigation systems with low-cost devices Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers and manipulate road navigation systems. Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers. The kit could be used to deceive receivers used by navigation systems and suggest drivers the wrong direction. “we explore…
- Crooks deployed malicious ESLint packages that steal software registry login tokens Hackers compromised the npm account of an ESLint maintainer and published malicious versions of eslint packages to the npm registry. Crooks compromised an ESLint maintainer’s account last week and uploaded malicious packages that attempted to steal login tokens from the npm software registry. npm is the package manager for JavaScript and the world’s largest software registry. ESLint is open…
- Trump – Putin meeting: “I don’t see any reason” for Russia to interfere with the US presidential electionRussian President Vladimir Putin ‘just said it’s not Russia,’ and President Trump believes him. Today the controversial meeting between Russian President Vladimir Putin and US President Donald Trump was held in Helsinki, but as expected Russian President denied any interference with the 2016 US election. After the meeting, Putin and Trump made a joint news conference and…
- Cyber Defense Magazine – July 2018 has arrivedCyber Defense Magazine July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here. Cyber Defense eMagazine July 2018 Edition has arrived.We hope you enjoy this month’s edition…packed with 140…
- Code hosting service GitHub can now scan also for vulnerable Python codeThe code hosting service GitHub added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. Good news for GitHub users, the platform added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. In March, the code hosting service GitHub confirmed that the introduction…
- Director of National Intelligence warns of devastating cyber threat to US infrastructureThe Director of the National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he said that “warning lights are blinking red again.” The Director of National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he used the following words to express his concerns: “warning lights…
- ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRsA security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. Anubhav explained that the passwords…
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Hacks
Hacker's Den
ID Theft
Cyber Attacks
Cyber News
Cyber Attack and Hacks
Cyber Defense