Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• Tracing the Supply Chain Attack on Android Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or "Blazefire." What follows is a deep dive into the…Krebs on SecurityJun 25 2019
• Tracing the Supply Chain Attack on Android Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or "Blazefire." What follows is a deep dive into the…Krebs on SecurityJun 25 2019
• Collections Firm Behind LabCorp, Quest Breaches Files for BankruptcyA medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing "enormous expenses" from notifying affected consumers and the loss of its four largest customers.Krebs on SecurityJun 20 2019
• Microsoft Patch Tuesday, June 2019 EditionMicrosoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There's also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And…Krebs on SecurityJun 12 2019

Hacks

• OSX/Linker, a new piece of Mac malware that exploits Gatekeeper bypass Mac security software firm Intego has spotted a new Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper vulnerability. Experts at Mac security software firm Intego discovered a new piece of Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper bypass vulnerability. The Apple Gatekeeper is designed to protect OS X users by…Security Affairs by Pierluigi PaganiniJun 25 2019
• Anonymous Belgium hacker identified after dropping USB drive while throwing Molotov cocktail Belgium police have identified a member of the Anonymous Belgium collective while investigating an arson case at a local bank. The Anonymous member is a 35-year-old man from Roeselare, Belgium, was arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, back in 2014. According to ZDnet, the hacker has been exposed…Security Affairs by Pierluigi PaganiniJun 25 2019
• Iran denies attack against its infrastructure has ever succeeded After media reported a cyber offensive launched by the US against Iran, Teheran announced that alleged cyber attack against its infrastructure has ever succeeded. Last week, media reported that the United States has launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. US President Donald Trump…Security Affairs by Pierluigi PaganiniJun 25 2019
• SocialEngineered forum hacked and data leaked online SocialEngineered.net is a forum dedicated to social engineering discussions, it has been compromised data of its users was leaked on a hacker forum. SocialEngineered.net, the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago. Hackers accessed data from tens of thousands of members and leaked them online on…Security Affairs by Pierluigi PaganiniJun 25 2019
• Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory Researchers at Microsoft uncovered a malicious campaign that delivers the infamous FlawedAmmyy RAT directly in memory. Experts at Microsoft uncovered a malicious campaign that delivers the FlawedAmmyy RAT directly in memory. The FlawedAMMYY backdoor borrows the code of the Ammyy Admin remote access Trojan, it allows attackers to get full access to a victim’s machine.…Security Affairs by Pierluigi PaganiniJun 25 2019
• Free proxy service runs on top of Linux Ngioweb Botnet Researchers from Netlab, discovered a website offering free and commercial proxy servers leveraging a huge botnet (Ngioweb) of hacked WordPress sites. Researchers from Netlab, discovered that Free-Socks.in proxy service is leveraging a huge botnet of hacked WordPress sites. According to the experts, traffic managed by the proxy service is routed through a network of hacked…Security Affairs by Pierluigi PaganiniJun 24 2019
• CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server…Security Affairs by Pierluigi PaganiniJun 24 2019
• WeTransfer incident: file transfer emails were sent to unintended email addresses Problems for the popular file transfer service WeTransfer, its staff discovered that some file transfer emails were sent to the wrong people. WeTransfer, the popular file transfer service, issued a security notice to inform users that file transfer emails were sent to unintended email addresses on June 16 and 17. In response to the incident,…Security Affairs by Pierluigi PaganiniJun 24 2019
• OpenSSH introduces a security feature to prevent Side-Channel Attacks OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution. Memory side-channel vulnerabilities continue to threaten modern processors, Spectre, and Meltdown, Rowhammer, and RAMBleed are just some samples,  Now OpenSSH encrypts secret keys in memory against Side-Channel attacks. Many experts demonstrated variants of side-channel attacks against OpenSSH application…Security Affairs by Pierluigi PaganiniJun 24 2019
• US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing. The attacks are targeting U.S. industries and government agencies, the statement was also…Security Affairs by Pierluigi PaganiniJun 24 2019
• Hundreds of million computers potentially exposed to hack due to a flaw in PC-Doctor component Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an…Security Affairs by Pierluigi PaganiniJun 23 2019
• Trump secretly ordered cyber attacks against Iran missile systems The United States launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. The military response to Iran, after the Iranian army has downed an American surveillance drone, started from the cyberspace. US President Donald Trump first approved military strikes against Iran in retaliation for downing a…Security Affairs by Pierluigi PaganiniJun 23 2019
• Security Affairs newsletter Round 219 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Bella Thorne published her private nude photos before a hacker that was threatening her Linux worm spreading via Exim servers hit Azure customers New Echobot Botnet targets Oracle, VMware…Security Affairs by Pierluigi PaganiniJun 23 2019
• NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report…Security Affairs by Pierluigi PaganiniJun 23 2019
• Expert released PoC for Outlook for Android flaw addressed by Microsoft Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. The vulnerability is a stored cross-site scripting issue that is related to the way…Security Affairs by Pierluigi PaganiniJun 23 2019

Hacker's Den

• How to Avoid Becoming the Next Riviera Beach Be prepared by following these five steps so you don't have to pay a ransom to get your data back.Hacker's DenJun 25 2019
• Companies on Watch After US, Iran Claim Cyberattacks With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries - such as those in the oil and gas and financial industries - need to bolster their security efforts, experts say.Hacker's DenJun 25 2019
• The Essential Role of Payment Gateways in Detecting Credit Card Fraud Cybercrimes such as credit card fraud are kept on raising in this digital Era since selling and buying process over online dramatically increasing. Selling goods exclusively over the internet is not as easy as it sounds. E-commerce merchants always need to be prepared for certain unexpected situations, such as losing their products and having to…Hacker's DenJun 25 2019
• Microsoft Warns about the new Campaign that Delivers FlawedAmmyy RAT via Weaponized MS Excel Documents Microsoft uncovered a new campaign with a sophisticated infection chain delivering notorious FlawedAmmyy RAT as a final payload. The attack starts with an email that contains .XLS attachments and the contents of the email in the Korean language. Previous campaigns that involve FlawedAmmyy RAT are carried out by TA505 threat actors, upon successful execution of…Hacker's DenJun 25 2019
• Most Important Steps to Keep Your Mobile Safe From Sophisticated Cyber Threats Mobile phones have become a part of everyday life, and their functionality continues to develop at a rapid pace. You can switch from monitoring work emails to playing the latest games, to live streaming sports events simultaneously. Improved high-speed internet and enhanced connectivity indicate that we’re also connected more than ever before and continuously online,…Hacker's DenJun 25 2019
• Top 8 Best Web Security and Hacking Software for Security Professionals in 2019 Hacking software is not only used by hackers for criminal activities but it’s equally used by white hat hackers and security professionals to identify a vulnerability in a network or an endpoint. There is several hacking software available on the internet, including commercial and non-commercial offerings. It’s always good to test your network security from…Hacker's DenJun 25 2019
• A Socio-Technical Approach to Cybersecurity's Problems Researchers explore how modern security problems can be solved with an examination of society, technology, and security.Hacker's DenJun 24 2019
• scanless – A Pentesting Tool to Perform Anonymous open Port Scan on Target Websites Network Penetration Testing determines vulnerabilities on the network posture by discovering Open ports, Troubleshooting live systems, services, port scans and grabbing system banners. Port Scanner is an application used to perform an open port scan with server or hosts. Open ports are the gateway for attackers to enter in and to install malicious backdoor applications. Also…Hacker's DenJun 24 2019
• Critical DLL Hijacking Vulnerability in PC-Doctor For Windows Let Hackers Attack Hundreds of Million DELL Computers A critical DLL hijacking vulnerability resides in PC-Doctor Dell Hardware Support Service software allows attackers to escalate the vulnerable systems privilege and gain persistence access. Dell SupportAssist is pre-installed software on hundreds of million Dell PCs that helps to check both software and hardware system health which requires higher level permission to provide effective health…Hacker's DenJun 24 2019
• Hackers Take Complete Control of Your Android Device by Launching MobOk Malware via Fake Photo Editing Apps in Google Play Researchers discovered a fake photo editing apps which are used by cybercriminals to launch MobOk Malware that takes complete control of the infected Android device. Threat actors are targeting Android users through legitimate Google play store app and hiding this malware to steal money by letting users subscribe to premium services. Two photo editor apps…Hacker's DenJun 24 2019
• NASA Hacked Through an Unauthorized Raspberry Pi Computer Connected to the NASA Servers NASA confirmed that hackers gained access to the Jet Propulsion Laboratory (JPL) last year and they able to steal 500MB of data that related to Mars missions. The hackers breached into NASA network in April 2018 and intrusion remains undetected nearly for a year. According to the OIG report, an Unauthorized Raspberry Pi Computer Connected…Hacker's DenJun 24 2019
• Tor Browser 8.5.3 Released With Fixes for Critical Zero-day Security Update in Firefox Tor Browser 8.5.3 released with the fixes for critical Sandbox Escape zero-day vulnerability in Firefox, and it results in executing arbitrary code on the user’s computer. Mozilla recently released Firefox 67.0.3 with a security update for a type of confusion zero-day vulnerability. Tor Browser 8.5.2 released soon after the Mozilla a patch for first zero-day, a…Hacker's DenJun 23 2019
• Nmap – A Detailed of Explanation Penetration Testing Tool to Perform Information Gathering Nmap is an open source network monitoring and port scanning tool to find the hosts and services in the computer by sending the packets to the target host for network discovery and security auditing. Numerous frameworks and system admins additionally think that its helpful for assignments, for example, network inventory, overseeing administration overhaul timetables, and…Hacker's DenJun 23 2019
• U.S Launched Cyber Attack on Iranian Military Computers After U.S Military Drone Shot Down by Iran United States Military launched a cyber attack on the Iranian Military computers that used to control the Iran missiles after the $240 million Worth U.S drone shootdown by Iran. The attack was mainly targeting the Iran military computer systems with the approval of U.S president Trump and the cyber-attack disabled computer systems controlling rocket and…Hacker's DenJun 23 2019
• New Google Dorks List Collection for SQL Injection – SQL Dorks 2019 Google helps you with Google Dorks to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google SQL dorks. More than a million of people searching for google dorks for various purposes for database queries, SEO and for SQL injection. SQL injection is a technique which attacker takes non-validated…Hacker's DenJun 23 2019

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

Cyber Defense

• OSX/Linker, a new piece of Mac malware that exploits Gatekeeper bypass Mac security software firm Intego has spotted a new Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper vulnerability. Experts at Mac security software firm Intego discovered a new piece of Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper bypass vulnerability. The Apple Gatekeeper is designed to protect OS X users by…Security DefenseJun 25 2019
• Anonymous Belgium hacker identified after dropping USB drive while throwing Molotov cocktail Belgium police have identified a member of the Anonymous Belgium collective while investigating an arson case at a local bank. The Anonymous member is a 35-year-old man from Roeselare, Belgium, was arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, back in 2014. According to ZDnet, the hacker has been exposed…Security DefenseJun 25 2019
• Iran denies attack against its infrastructure has ever succeeded After media reported a cyber offensive launched by the US against Iran, Teheran announced that alleged cyber attack against its infrastructure has ever succeeded. Last week, media reported that the United States has launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. US President Donald Trump…Security DefenseJun 25 2019
• SocialEngineered forum hacked and data leaked online SocialEngineered.net is a forum dedicated to social engineering discussions, it has been compromised data of its users was leaked on a hacker forum. SocialEngineered.net, the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago. Hackers accessed data from tens of thousands of members and leaked them online on…Security DefenseJun 25 2019
• Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory Researchers at Microsoft uncovered a malicious campaign that delivers the infamous FlawedAmmyy RAT directly in memory. Experts at Microsoft uncovered a malicious campaign that delivers the FlawedAmmyy RAT directly in memory. The FlawedAMMYY backdoor borrows the code of the Ammyy Admin remote access Trojan, it allows attackers to get full access to a victim’s machine.…Security DefenseJun 25 2019
• Free proxy service runs on top of Linux Ngioweb Botnet Researchers from Netlab, discovered a website offering free and commercial proxy servers leveraging a huge botnet (Ngioweb) of hacked WordPress sites. Researchers from Netlab, discovered that Free-Socks.in proxy service is leveraging a huge botnet of hacked WordPress sites. According to the experts, traffic managed by the proxy service is routed through a network of hacked…Security DefenseJun 24 2019
• CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server…Security DefenseJun 24 2019
• WeTransfer incident: file transfer emails were sent to unintended email addresses Problems for the popular file transfer service WeTransfer, its staff discovered that some file transfer emails were sent to the wrong people. WeTransfer, the popular file transfer service, issued a security notice to inform users that file transfer emails were sent to unintended email addresses on June 16 and 17. In response to the incident,…Security DefenseJun 24 2019
• OpenSSH introduces a security feature to prevent Side-Channel Attacks OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution. Memory side-channel vulnerabilities continue to threaten modern processors, Spectre, and Meltdown, Rowhammer, and RAMBleed are just some samples,  Now OpenSSH encrypts secret keys in memory against Side-Channel attacks. Many experts demonstrated variants of side-channel attacks against OpenSSH application…Security DefenseJun 24 2019
• US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing. The attacks are targeting U.S. industries and government agencies, the statement was also…Security DefenseJun 24 2019
• Hundreds of million computers potentially exposed to hack due to a flaw in PC-Doctor component Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an…Security DefenseJun 23 2019
• Trump secretly ordered cyber attacks against Iran missile systems The United States launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. The military response to Iran, after the Iranian army has downed an American surveillance drone, started from the cyberspace. US President Donald Trump first approved military strikes against Iran in retaliation for downing a…Security DefenseJun 23 2019
• Security Affairs newsletter Round 219 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Bella Thorne published her private nude photos before a hacker that was threatening her Linux worm spreading via Exim servers hit Azure customers New Echobot Botnet targets Oracle, VMware…Security DefenseJun 23 2019
• NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report…Security DefenseJun 23 2019
• Expert released PoC for Outlook for Android flaw addressed by Microsoft Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. The vulnerability is a stored cross-site scripting issue that is related to the way…Security DefenseJun 23 2019