Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• Patch Tuesday, January 2020 Edition Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of…Krebs on SecurityJan 15 2020
• Cryptic Rumblings Ahead of First 2020 Patch TuesdaySources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets…Krebs on SecurityJan 13 2020
• Phishing for Apples, Bobbing for LinksAnyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a…Krebs on SecurityJan 13 2020
• Alleged Member of Neo-Nazi Swatting Group ChargedFederal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in "swatting" attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target's…Krebs on SecurityJan 11 2020
• Lawmakers Prod FCC to Act on SIM SwappingCrooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via "SIM swapping," a particularly invasive form of fraud that involves tricking a target's mobile carrier into transferring someone's wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless…Krebs on SecurityJan 09 2020
• Tricky Phish Angles for Persistence, Not PasswordsLate last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.…Krebs on SecurityJan 07 2020
• The Hidden Cost of Ransomware: Wholesale Password TheftOrganizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single…Krebs on SecurityJan 06 2020

Hacks

• Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. The Great Firewall project already blocked access to more hundreds of the world’s 1,000 top…Security Affairs by Pierluigi PaganiniJan 17 2020
• Law enforcement seized WeLeakInfo.com for selling access to data from data breaches The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.…Security Affairs by Pierluigi PaganiniJan 17 2020
• Expert released PoC exploits for recently disclosed Cisco DCNM flaws A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service…Security Affairs by Pierluigi PaganiniJan 17 2020
• Hundreds of million users installed Android fleeceware apps from Google Play Security experts from Sophos discovered 25 Android apps on the official Google Play that were involved in financial fraud, 600 million affected. Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users. Fleeceware apps are malicious applications uploaded to the official Google Play…Security Affairs by Pierluigi PaganiniJan 16 2020
• Two PoC exploits for CVE-2020-0601 NSACrypto flaw released Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). Microsoft Patch Tuesday updates for January 2020 address a…Security Affairs by Pierluigi PaganiniJan 16 2020
• Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time…Security Affairs by Pierluigi PaganiniJan 16 2020
• 5ss5c Ransomware emerges after Satan went down in the hell The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the Satan, DBGer and Lucky ransomware and likely Iron ransomware, is back with a new piece of malware named ‘5ss5c’. The Bart Blaze believes that the threat actors have…Security Affairs by Pierluigi PaganiniJan 16 2020
• VMware addresses flaws in VMware Tools and Workspace ONE SDK VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for Windows. VMware has released VMware Tools 11.0.0 that addresses a local privilege escalation issue in Tools 10.x.y tracked as CVE-2020-3941. The issue, classified as a race condition flaw that could be exploited by an attacker to access…Security Affairs by Pierluigi PaganiniJan 15 2020
• P&N Bank data breach may have impacted 100,000 West Australians P&N Bank discloses data breach, customer account information, balances exposed The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident…Security Affairs by Pierluigi PaganiniJan 15 2020
• Hacker offers for sale 49 million user records from US data broker LimeLeads 49 million user records from US data broker LimeLeads were available for sale on a hacking forum. 49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server. Exposed LimeLeads data contains full name, title, user email, employer/company name, company address,…Security Affairs by Pierluigi PaganiniJan 15 2020
• Iranian Threat Actors: Preliminary Analysis Nowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a…Security Affairs by Pierluigi PaganiniJan 15 2020
• Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions.…Security Affairs by Pierluigi PaganiniJan 15 2020
• January 2020 Adobe Patch Tuesday updates fix issues in Illustrator, Experience ManagerAdobe released its January 2020 Patch Tuesday updates that address several flaws in Illustrator and Experience Manager products. Adobe releases its first 2020 patch Tuesday software updates that address several vulnerabilities in Illustrator and Experience Manager products. “Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest…Security Affairs by Pierluigi PaganiniJan 14 2020
• Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The Russian cyberspies, operating under Russia’s GRU military intelligence agency (aka Fancy Bear) carried out a spear-phishing campaign in November aimed at accessing the email of Burisma Holdings employees. The attack was detailed by…Security Affairs by Pierluigi PaganiniJan 14 2020
• Cisco addressed a high-severity bug in Webex that could allow Remote Code ExecutionTech giant Cisco has recently addressed two high-severity vulnerabilities affecting its Webex and IOS XE Software products. Cisco Systems has released security fixes for two high-severity vulnerabilities in its products, including a remote code execution flaw in the Webex video conferencing platform. The Webex flaw resides in the web-based management interface of Cisco Webex Video…Security Affairs by Pierluigi PaganiniJan 14 2020

Hacker's Den

• Mobile Banking Malware Up 50% in First Half of 2019 A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.Hacker's DenJan 17 2020
• ADP Users Hit with Phishing Scam Ahead of Tax Season Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.Hacker's DenJan 17 2020
• Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.Hacker's DenJan 17 2020
• How AI is Revolutionizing Cyber Security AI in Cyber attacks — once relegated to flashy movie scenes and TV dramas — are now becoming a part of our everyday lives. Nearly every week, news breaks out about another data breach at a major corporation, and every now and then, we receive emails from service providers about updating our information in light…Hacker's DenJan 17 2020
• Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability – CVE-2020-0601 Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, security researchers have published PoC Exploit that explains how attackers can exploit the Windows CryptoAPI Spoofing bug with cryptographically impersonate any website or server on the Internet. Microsoft’s January Patch Tuesday security bulletin disclosed the importance – severity vulnerability. It…Hacker's DenJan 17 2020
• With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.Hacker's DenJan 16 2020
• NY Fed Reveals Implications of Cyberattack on US Financial System A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.Hacker's DenJan 16 2020
• 17 Malicious Android Apps Discovered in Google Play Store that Infects 550,000 Android Devices Researchers discovered 17 malicious Android apps from the Google play store that infects nearly 550,000 Android devices around the world. These malicious app developers added features to hide their presence on the user’s device, and constantly display aggressive ads once the app gets installed on the victims android devices. The adware programs will tend to…Hacker's DenJan 16 2020
• 4 Most Important Security Features Your Web Hosting Provider Must Have to Know Did you realize that a hack occurs every 39 seconds? One of the most common targets for cyber-criminals attempting to gain access to sensitive information is a business website. The only way to keep your website functional and safe is by getting the best possible web hosting on the market. There are so many different…Hacker's DenJan 16 2020
• Security Information and Event Management (SIEM) – A Detailed Explanation SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications. Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes. Although…Hacker's DenJan 15 2020
• How to Comprehend the Buzz About Honeypots Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.Hacker's DenJan 15 2020
• New Report Spotlights Changes in Phishing Techniques Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.Hacker's DenJan 15 2020
• ISACs Join Forces to Secure the Travel Industry Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.Hacker's DenJan 15 2020
• Malicious Fleeceware apps on the Google Play Found Installed More than 600 Million Downloads Fleeceware apps continue to be a problem on Google Play, these app publishers overcharge users for basic functionality if they don’t cancel the subscription before the trial ends. The app publishers take advantage of the business model in which user downloads and use the app for a short trial period for no charge. If the…Hacker's DenJan 15 2020
• 10 Best Free Password Manager to Secure Your Password For 2020 Free Password Manager always helps to make Strong passwords to protect your devices, online banking accounts and other data sources from unauthorized access. In this article, we highlight the Best open source Password Manager for Android, Mac and iPhone. Do I really need a password manager? Manage different password for so many accounts in online…Hacker's DenJan 15 2020

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

Cyber Defense

• Hack the Army bug bounty program paid $275,000 in rewards Hack the Army bug bounty program results: 146 valid vulnerabilities were reported by white hat hackers and more than $275,000 were paid in rewards. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along…Security DefenseJan 17 2020
• Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. The Great Firewall project already blocked access to more hundreds of the world’s 1,000 top…Security DefenseJan 17 2020
• Law enforcement seized WeLeakInfo.com for selling access to data from data breaches The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.…Security DefenseJan 17 2020
• Expert released PoC exploits for recently disclosed Cisco DCNM flaws A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service…Security DefenseJan 17 2020
• Hundreds of million users installed Android fleeceware apps from Google Play Security experts from Sophos discovered 25 Android apps on the official Google Play that were involved in financial fraud, 600 million affected. Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users. Fleeceware apps are malicious applications uploaded to the official Google Play…Security DefenseJan 16 2020
• Two PoC exploits for CVE-2020-0601 NSACrypto flaw released Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). Microsoft Patch Tuesday updates for January 2020 address a…Security DefenseJan 16 2020
• Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time…Security DefenseJan 16 2020
• 5ss5c Ransomware emerges after Satan went down in the hell The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the Satan, DBGer and Lucky ransomware and likely Iron ransomware, is back with a new piece of malware named ‘5ss5c’. The Bart Blaze believes that the threat actors have…Security DefenseJan 16 2020
• VMware addresses flaws in VMware Tools and Workspace ONE SDK VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for Windows. VMware has released VMware Tools 11.0.0 that addresses a local privilege escalation issue in Tools 10.x.y tracked as CVE-2020-3941. The issue, classified as a race condition flaw that could be exploited by an attacker to access…Security DefenseJan 15 2020
• P&N Bank data breach may have impacted 100,000 West Australians P&N Bank discloses data breach, customer account information, balances exposed The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident…Security DefenseJan 15 2020
• Hacker offers for sale 49 million user records from US data broker LimeLeads 49 million user records from US data broker LimeLeads were available for sale on a hacking forum. 49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server. Exposed LimeLeads data contains full name, title, user email, employer/company name, company address,…Security DefenseJan 15 2020
• Iranian Threat Actors: Preliminary Analysis Nowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a…Security DefenseJan 15 2020
• Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions.…Security DefenseJan 15 2020
• January 2020 Adobe Patch Tuesday updates fix issues in Illustrator, Experience ManagerAdobe released its January 2020 Patch Tuesday updates that address several flaws in Illustrator and Experience Manager products. Adobe releases its first 2020 patch Tuesday software updates that address several vulnerabilities in Illustrator and Experience Manager products. “Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest…Security DefenseJan 14 2020
• Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The Russian cyberspies, operating under Russia’s GRU military intelligence agency (aka Fancy Bear) carried out a spear-phishing campaign in November aimed at accessing the email of Burisma Holdings employees. The attack was detailed by…Security DefenseJan 14 2020