Beware: New Android Spyware Found Posing as Telegram and Threema Apps
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware.
"Compared to...
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week.
Yevgeniy Aleksandrovich...
Critical Flaws Discovered in Popular Industrial Remote Access Systems
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets.
The flaws, discovered by...
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by...
Chinese APT Group Targets Media, Finance, and Electronics Sectors
Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China.
Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec's Threat...
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks.
For those unaware, in brief, all supported versions of the Windows Server operating...
Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information.
Dubbed "Operation SideCopy" by Indian cybersecurity firm Quick Heal, the attacks have...
Red Team — Automation or Simulation?
What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean?
While both programs are performed by ethical hackers,...
FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations
Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.
Developed by a German company, FinSpy is extremely powerful spying...
Microsoft Windows XP Source Code Reportedly Leaked Online
Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003.
Yes, you heard that right.
The source code for Microsoft's 19-year-old operating...
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks.
Now according to network security platform...
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
Ever wonder how hackers can hack your smartphone remotely?
In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a...
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller.
Dubbed 'Zerologon'...
A New Hacking Group Hitting Russian Companies With Ransomware
As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers...
Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others.
The logging database, however, doesn't include any personal details such as names or...
British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies
A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri.
Nathan Francis Wyatt...
A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles...
U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence
The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.
According...
A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store.
ESET security researcher Lukas Stefanko yesterday tweeted an...
Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information.
The threat actor, suspected to...
Microsoft on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft’s Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson,...
FBI, CISA Say DDoS Attacks Won’t Prevent Voting
While they might hinder access to information, distributed denial-of-service (DDoS) attacks against election infrastructure won’t prevent voting, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert issued this week.
read more
How organizations can reduce their reliance on passwords
Passwordless authentication can be an effective option, though introducing such a method poses its own challenges, says LastPass.
#DTXNOW: Time to Remove Security from IT
#DTXNOW: Time to Remove Security from IT
Speaking on a session titled “Is top level security possible on a shoestring budget?” as part of Digital Transformation Expo, security specialists were asked by moderator Jeremy White what their top tips were...
HP Offering Big Rewards for Cartridge Vulnerabilities
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges.
read more
