• Beware! Newly registered domains have become latest attack tool for cybercriminals
    Researchers found that more than 70% of NRDs are malicious or suspicious or not safe for work. This is 70 times higher than that observed in Alexa's top 10,000 domains.Read More
  • Hackers can eavesdrop your conversation through smartphones while you are typing on your laptop
    The attack leverages acoustic signals or sound waves that are produced when a user is typing on a computer keyboard. These signals are then picked up by smartphone sensors including the microphone, the accelerometer, and the gyroscope.Read More
  • MoviePass customer credit card records found exposed on unprotected servers
    The exposed records consisted of more than 160 million personal credit card details and over 50,000 MoviePass customers' card numbers. Personal credit card records and MoviePass debit card details belonging to customers were left exposed.Read More
  • Two security flaws detected in Xilinx's Zynq UltraScale+ SoC devices
    Xilinx's Zynq UltraScale+ SoC devices support a secure boot mode referred to as ‘Encrypt Only’ that contains two design flaws. While the second flaw is patchable, the first flaw is unpatchable by a software update and requires ‘a new silicon revision’ from Xilinx.Read More
  • Fargo Public Schools and Rome City School District Hit In Massive Third-Party Data Breach
    The incident has compromised Fargo Public school students’ names, dates of birth and student ID numbers. Meanwhile, students who attended the Rome City District school between 2013 and 2014, had their names, dates of birth, school information, and school district attendance compromised.Read More
  • Magecart credit card skimmers found on PokerTracker software
    Magecart skimmer script was injected into PokerTracker’s subdomain and root domain as both were running an outdated version of Drupal (6.3x). Malwarebytes reported the incident to PokerTracker and they immediately identified the issue and removed the outdated Drupal module.Read More
  • New Payments Platform Australia Exposed PayID Records Due to Client-side Technical Issues
    PayID records were exposed by a vulnerability in one of the financial institutions sponsored by Cuscal Limited. The exposed PayID records include PayID names and the associated account numbers.Read More
  • United States remains the worst-hit country in data breaches that occurred in first half of 2019
    There were 3,816 data breaches in the first six months of 2019, which resulted in the compromise of 4.1 billion records. Eight data breaches in the first half of 2019, accounted for the compromise of 3.2 billion records.Read More
  • Coordinated Ransomware Attack in Texas Seen as Escalation From Prior Hacks
    A coordinated ransomware attack targeted 23 municipalities in Texas over the weekend in what one security expert warns could be a worsening escalation of cyberattacks on local governments. “Why rob a bank when you can rob a local government?” said Alan Shark, the executive director of the Public Technology Institute, which offers cyber security training to local governments. Federal agencies and state government associations issued a warning this summer to encourage state and local governments to take steps to improve resilience against a ransomware attack. The FBI, Department of Homeland Security, Texas authorities and others are actively working to investigate the Texas attack and help bring the 23 governments’ systems back online, according to state officials. When a local government becomes a victim of an attack, federal authorities may be able to help identify the vulnerabilities that were targeted and potential remedies, Joel DeCapua, a supervisory special agent in the FBI’s cyber division, previously told Route Fifty. The FBI encourages local governments not to pay ransoms and also to report all incidents to federal authorities.Read More
  • npm Pulls Malicious Package that Stole Login Passwords
    A malicious package was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on. Critical severity Earlier today, npm pulled the package 'bb-builder' from the repository, marking it as malicious and having critical severity. The researcher told BleepingComputer he found the bad package after scanning the entire npm repository for dangerous entries - about nine million packages that translate to 35TB of decompressed data. Not long ago, ReversingLabs performed a similar scan on the PyPI repository for Python packages and found the 'libpeshnx' library that contained a malicious function that downloaded a backdoor. Action beyond package removal is necessary Pericin told us that 'bb-builder' had been added to npm after compromising the account owner's credentials. "The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it." - npmRead More
  • MyKings Botnet Variant May Have Gone Unnoticed for 2 Years Before Discovery
    A variant of the MyKings botnet that may have been hidden for the last two years could prove even more difficult to remove from infected machines, security researchers warned. How the MyKings Botnet Variant Works Besides taking advantage of the task scheduler, registry and Windows Management Instrumentation objects on a victim’s server, the MyKings botnet variant also makes use of the bootkit. This helps protect MyKings from detection tools and from being removed by IT security teams. The threat becomes even worse as the bootkit writes malware into other areas of the infected machine, reaching functions at the kernel level. The scripts that tie MyKings together and connect to remote servers mean there is a limited window of opportunity to get at its components, the researchers added. Banish the Threat of MyKings Cryptominers and related threats continue to proliferate through malware and browsing sessions.Read More
  • Phishing Attacks Scrape Branded Microsoft 365 Login Pages
    The attackers are also using Microsoft's Azure Blob Storage and Microsoft Azure Web Sites cloud storage solutions to host their phishing landing pages, a common tactic used by phishers to trick their targets into thinking that they're seeing an official Microsoft login page. Phishing email sample The potential victims' emails are checked against huge lists of validated email addresses before redirecting them to the phishing forms, which allows the crooks to scrape their targets' company-branded tenant login pages containing custom backgrounds and banner logos, and have them "dynamically inserted into the phishing landing page." "Further examination of the domains included in the validated email addresses points to a phishing campaign at least initially targeting a spectrum of industry verticals, including financial, insurance, medical, telecom, and energy," add the Rapid7 researchers.Read More
  • Cancer research organizations are now the focus of Chinese hacking groups
    Chinese advanced persistent threat (APT) groups are honing in on cancer research institutes in recent cyberattacks in order to steal their work, researchers say. The World Health Organization (WHO) estimates that one in six deaths annually are caused by cancer, and with these high mortality rates, researchers across the globe are working towards ways to improve detection and treatment. Titled, "Beyond Compliance: Cyber Threats and Healthcare," the research claims that Chinese APTs -- many of which are state-sponsored -- continue to target medical entities, and cancer-related organizations are a common target. If that wasn't enough, APT22, a separate Chinese APT, has also launched attacks against the aforementioned cancer research institution and has, overall, been actively striking healthcare organizations for a number of years. This hacking group, tied to China, has been targeting cancer research organizations since 2013. "Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors."Read More
  • Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program
    However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn't do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform. Security researchers and regular Steam users alike are mad because Valve refused to acknowledge the reported issue as a security flaw, and declined to patch it. When the security researcher -- named Vasily Kravets-- wanted to publicly disclose the vulnerability, a HackerOne staff member forbade him from doing so, even if Valve had no intention of fixing the issue -- effectively trying to prevent the researcher from letting users know there was a proble with the Steam client at all. Furthermore, a well-known and highly respected security researcher named Matt Nelson also revealed he found the same exact bug, but after Kravets, which he too reported to Valve's HackerOne program, only to go through a similar bad experience as Kravets.Read More
  • Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares
    On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships. The hackers had around 10 minutes to publish several tweets before the government regained control over the account; one of them shared some of the “LaGorraLeaks” (“La Gorra” is an Argentinian term used to refer to the police), a set of links that allegedly contained police officers’ personal data along with wiretaps, biometric information and classified documents, among other information. A pinned tweet made public “#LaGorraLeaks2.0.” The user or users, who go by “[S],” claimed to have published 700 GB of information to the “Deep Web”—which, they assured, contained sensitive data relating to the Argentine Federal Police and the Buenos Aires City Police.Read More
  • Can airplanes get hacked?
    A few weeks ago, the Department of Homeland Security (DHS) issued a concerning security alert about the hobbyist aviation industry. The announcement pointed out that hackers with physical access to small planes might be able to interfere with the plane’s critical flight data. By attaching a small device to the airplane’s network, cybercriminals would be able to temper crucial data such as altitude and ground speed. Similar to what has been seen in the car industry over the last few years, networked communications systems are more and more important for the aviation industry. Tampering with airplane systems is not unheard of, and this is not the first aviation cyber vulnerability alert issued by DHS either. With the constant advancement of technology, aviation cybersecurity will continue to be an issue of growing concern as the answer is yes – airplanes can get hacked.Read More
  • Cybersecurity: This trojan malware being offered for free could cause hacking spike
    A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills. Uncovered by security researchers at LMNTRIX Labs, NanoCore v1.2.2 offers users a variety of attacks against Windows systems, including the ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam. Other capabilities include the ability to remotely shutdown or restart the machine, as well as the ability to remotely control the mouse, open web pages and more: ultimately, it provides an attacker with the ability to use the machine as if it was their own and exploit it for the criminal purpose of stealing personal information, passwords and payment details. Like many other hacking campaigns, NanoCore is mainly distributed with email phishing attacks: researchers note that many of the current campaigns distributing the malware are designed to look like invoices or purchase orders with attachment names designed to provoke victims into clicking.Read More
  • Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
    ]workPhishing site mimicking the Ministry of Europe and Foriegn Affairs (MEAE) portalaccount.googlie.com.doc-view[. ]workPhishing site mimicking the Congressional Research Servicedelegate.int.doc-view[. ]workPhishing site mimicking the Ministry of Europe and Foriegn Affairs (MEAE) portalportalis.diplomatie.gouv.fr.doc-view[. ]workPhishing site mimicking the UK think tank RUSIsecuremail.stanford.doc-view[. ]workPhishing site mimicking Stanford Universityubmail.dirco.gov.doc-view[. ]workPhishing siteringken1983[at]gmail[.Read More