Recent Cyber News Feed Spot
Welcome to our Recent Cyber News Feed:
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency ServicesFraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned.
Convicted SIM Swapper Gets 3 Years in JailA 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a…
Trump Fires Security Chief Christopher KrebsPresident Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.
Be Very Sparing in Allowing Site NotificationsAn increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the user's mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
Hacks
Belden discloses data breach as a result of a cyber attack Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information…
Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, and Group-IB’s APAC Cyber Investigations Team has resulted in the…
Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers…
Watch out, WAPDropper malware could subscribe you to premium services Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from legitimate telecommunications…
Group-IB Hi-Tech Crime Trends 2020/2021 report Group-IB, a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity.…
UK NCSC’s alert urges orgs to fix MobileIron CVE-2020-15505 RCE The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of…
2FA bypass in cPanel potentially exposes tens of millions of websites to hack 2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel, a popular…
Baidu Android apps removed from Play Store because caught collecting user details Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive…
A new Stantinko Bot masqueraded as httpd targeting Linux servers Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the…
TrickBot operators continue to update their malware to increase resilience to takedown Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Even if Microsoft and its partners have brought down the TrickBot…
Microsoft fixes Kerberos Authentication issues with an out-of-band Update Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known…
Crooks social-engineered GoDaddy staff to take over crypto-biz domains Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings…
Credential stuffing attack targeted 300K+ Spotify users Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million records, including login credentials and other data for…
VMware discloses critical zero-day CVE-2020-4006 in Workspace One VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux…
Computer Security and Data Privacy, the perfect alliance Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats. Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of digital culture is needed…
Hacker's Den
Do You Know Who's Lurking in Your Cloud Environment? A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Look Beyond the 'Big 5' in Cyberattacks Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Spotify Hack – Over 300k Accounts Hacked in Credential Stuffing Attack Spotify is a Swedish-based audio streaming and media services provider, with over 299 million active monthly users in 2020. Noam Rotem and Ran Locar, vpnMentor’s research team have discovered a potential credential stuffing operation whose origins are unknown, but that affected some online users who even have Spotify accounts. Credential stuffing is a hacking technique that takes advantage of…
Telsa Flaw Let Attackers to Steal Vehicles in Minutes 90 seconds and $195 is all it takes to steal your brand new $100,000 Tesla Model X!! Computer Security and Industrial Cryptography (COSIC) Researchers from the University of Leuven, Belgium have discovered a few major security flaws in the keyless entry system of the Tesla Model X. Tesla Model S was also hacked by the…
CISA Warns of Holiday Online Shopping Scams The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
Cloud Security Startup Lightspin Emerges From Stealth The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
Malware Operators Arrested for Running Services To Bypass Antivirus Software Romanian police forces have arrested two individuals this week, for allegedly running two malware crypting services like CyberSeal and DataProtector to escape antivirus software detection. These services were purchased by quite 1560 criminals and used for crypting several different types of malware, including Remote Access Trojans, Information stealers, and Ransomware. The pair used the Cyberscan…
Ransomware Grows Easier to Spread, Harder to Block Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
How Retailers Can Fight Fraud and Abuse This Holiday Season Online shopping will be more popular than ever with consumers... and with malicious actors too.
Facebook Messenger Bug Let Android Users Spy On Each OtherTamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in Facebook Messenger which allows a call to connected much before the callee has answered the call. The bug seems to exist on the Android Facebook messenger app only. Facebook…
10 Best WiFi Hacking Apps for Android – 2020 EditionIn this article, we are sharing the top “Wifi Hacking Apps“ for Android applicants. With the help of this, anyone can hack Wifi network around them. Wireless Fidelity, In short, “WIFI“. Security researchers and hackers penetrate the network to find possible vulnerabilities and to take control of the device. WiFi poses more security challenges when…
Facebook Messenger Flaw Enabled Spying on Android CalleesA critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
ID TheftCyber AttacksCyber NewsCyber Attack and HacksCyber Defense- Belden discloses data breach as a result of a cyber attack Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information…
- Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, and Group-IB’s APAC Cyber Investigations Team has resulted in the…
- Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers…
- Watch out, WAPDropper malware could subscribe you to premium services Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from legitimate telecommunications…
- Group-IB Hi-Tech Crime Trends 2020/2021 report Group-IB, a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity.…
- UK NCSC’s alert urges orgs to fix MobileIron CVE-2020-15505 RCE The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of…
- 2FA bypass in cPanel potentially exposes tens of millions of websites to hack 2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel, a popular…
- Baidu Android apps removed from Play Store because caught collecting user details Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive…
- A new Stantinko Bot masqueraded as httpd targeting Linux servers Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the…
- TrickBot operators continue to update their malware to increase resilience to takedown Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Even if Microsoft and its partners have brought down the TrickBot…
- Microsoft fixes Kerberos Authentication issues with an out-of-band Update Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known…
- Crooks social-engineered GoDaddy staff to take over crypto-biz domains Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings…
- Credential stuffing attack targeted 300K+ Spotify users Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million records, including login credentials and other data for…
- VMware discloses critical zero-day CVE-2020-4006 in Workspace One VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux…
- Computer Security and Data Privacy, the perfect alliance Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats. Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of digital culture is needed…
- All
- Threats
- Hacks
- Hacker's Den
- ID Theft
- Cyber Attacks
- Cyber News
- Cyber Attack and Hacks
- Cyber Defense
Threats
Hacks
Hacker's Den
ID Theft
Cyber Attacks
Cyber News
Cyber Attack and Hacks
Cyber Defense