• Debug Mode in Laravel PHP Framework Exposes Over 750 Websites
    This incident has exposed over 768 websites, of which, 10 to 20 percent of them contain sensitive configurations. Researchers noted that most of the exposed websites belong to charities and small businesses.Read More
  • UC Browser Puts Over 500 Million Android Users at Risk by Violating Google Play Store Policies
    The browser downloaded an additional Android Package Kits (APKs) from a third party domain over an unsecured channel. The use of unprotected channels could allow attackers to install an arbitrary payload on a device and perform a variety of malicious activities.Read More
  • Zappos Enters Preliminary Settlement in 2012 Data Breach Lawsuit
    The agreement was approved on September 19 by the U.S. District Court of Nevada. The data breach had affected the personal information of about 24 million customers.Read More
  • Rise in Payment Fraud Techniques Should Be Everyone’s Concern Now
    CNP (card-not-present) fraud continues to top the payment fraud charts and also remains a contributor to other forms of illegal activity. Skimming is on the rise with criminals adapting to new security measures and upgrading their tools. Moreover, Jackpotting is spreading across the world and attackers are becoming more successful.Read More
  • US Lawyer Resorted to Cyberattack to Intimidate Critics, Pleads Guilty
    Bradley Pistotnik, the accused attorney, pleaded guilty to three counts including computer fraud, conspiracy, and making false statements to the FBI. The co-defendant David Dorsett has a change-of-plea hearing set for Monday.Read More
  • Rocke Threat Actor Group Switches to New Tactics to Evade Detection
    The Chinese group has changed its Command and Control (C&C server). It has made some updates to the LSD malware’s source code that includes the addition of the “StartHttpServer” function.Read More
  • New Cryptojacking Worm ‘Graboid’ Found On Unsecured Docker Hosts
    Researchers noted that Graboid is the first cryptojacking worm that is spread using containers in the Docker Engine. Researchers determined that it takes about 60 minutes for Graboid to reach all the 1,400 vulnerable hosts.Read More
  • Over 100 Million Attacks Were Detected on IoT Devices in H1 2019
    Such attacks have increased by nine times than the numbers (about 12 million) recorded in H1 2018. Mirai-like botnet attacks accounted for 39% of the total attacks recorded.Read More
  • Hackers Backdoor Sites by Hiding Fake WordPress Plugins
    Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites. Fake UpdraftPlus WordPress plugin Hiding from strangers The malicious plugin does not show up when using the compromised website's WordPress dashboard as it is designed to stay out of sight until someone who knows it's there wonders around. These fake plugins' main purpose is to act as backdoors on the compromised WordPress websites and to provide the attackers with access to the servers even after the original infection vector was removed. Sucuri observed the attackers dropping web shells — malicious scripts providing remote access to the server — in random locations on the compromised sites' servers. "While none of the approaches used by this attack are new, it clearly demonstrates how cleaning only the visible parts of an infection is not enough," conclude the Sucuri researchers. "Sometimes backdoors come in the form of WordPress plugins that might not even be visible from the admin interface.Read More
  • Pulse VPN patched their vulnerability, but businesses are trailing behind
    It states: “Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). This advisory also includes a remote code execution vulnerability that can allow an authenticated administrator to perform remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways.” Pulse Connect Secure is a VPN solution for organizations and offers remote users a secure connection to the corporate network so they can remotely log in and work. The vulnerability in Pulse Secure was presented along with a few vulnerabilities in other SSL VPN products. But there are a few essential steps in the delivery chain after the patch is released: Customers need to be made aware of the patch and the required urgency.Security providers or resellers need to make sure their customers are aware of the existence of the patch and the possible consequences of not applying it.Organizations need to have a department or external provider that is responsible for keeping the security software updated.Read More
  • Pentagon Receives 2,000 Comments on Vendor Cyber Certification Program
    The Defense Department is less than three months away from finalizing its framework for measuring vendors’ cybersecurity practices, and industry has a lot to say about the program. Over the past six weeks, the Pentagon received more than 2,000 comments on the first public draft of the Cybersecurity Maturity Model Certification, or CMMC, according to Ellen Lord, the department’s undersecretary for acquisition and sustainment. The framework would serve as a yardstick for measuring the strength of different contractors’ digital defenses, allowing Pentagon officials to ensure vendors are appropriately protecting the sensitive military data that resides on their networks. The department will use the feedback to inform the next iteration of the CMMC, which officials plan to publish in the first week of November, Lord said during a press conference on Friday. After another round of public comments, the Pentagon will release the final framework sometime in January, and contracting officers will start assimilating certifications into the acquisition process by summer 2020, she said.Read More
  • New Android Warning: 40M Users Installed Video App Hiding Devious Malware—Delete Now
    The app this time is SnapTube, a video downloader that lets users select YouTube and Facebook videos to play offline. The disclosure against SnapTube has been made by researchers at Upstream, who say that their Secure-D platform detected and blocked “more than 70 million suspicious mobile transaction requests” from SnapTube installs on 4.4 million devices. The ads are hidden from users as they do not appear on-screen.” Generating returns from adware or click fraud is one thing, but the report claims that SnapTube has gone further, to the triggering of premium calls and texts, and subscribing users to paid services. But Mobiuspace still claims 40 million active users who have installed the app from third-party stores. Upstream says it discovered SnapTube’s activities when the team observed “extremely huge volumes of suspicious transactions originating in multiple countries coming from the same Android application.” The team intercepted “subscription verification SMS messages” being sent to the devices infected with the SnapTube malware—part of the process to fraudulently purchase new subscriptions without any user knowledge.Read More
  • Italians Rocked by Ransomware
    The emails include a Visual Basic script (.vbs) file that downloads and blasts out Rammstein hits while encrypting files on the victim's computer. "The .vbs file initially launches PowerShell to download and play an mp3 file from archive.org. Once the files on the user's computer have been encrypted, a note is left on the victim's desktop, directing the user to download, install, and visit an onion site for further instructions. In an attempt to establish trust with the user and show that decryption is actually possible, the onion site offers the visitor a chance to test file decryption with one file before they pay the full ransom. He said: "Users should be vigilant to never click on or open unsolicited links or documents, especially with file types they aren’t familiar with, such as script files (.vbs, .js, .ps1, .bat, etc. "Any Office file that, once opened, urges the user to Enable Content or Enable Editing should be treated with the utmost caution and verified from the sender out of band before doing so.Read More
  • US Girl Scouts Launch First National Cybersecurity Challenge
    Girls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow. Presenting the challenge is US defense contractor Raytheon, which in November 2018 committed to a multi-year partnership with GSUSA to encourage girls to pursue computer science careers. A spokesperson for Raytheon said: "Our future needs innovators, engineers and cybersecurity experts and we're finding them right here in today's Girl Scouts. "Thanks to events like the Girl Scouts Cyber Challenge brought to you by Raytheon, more girls are seeing themselves as tomorrow’s innovators, engineers, cybersecurity experts and tech leaders." A spokesperson for GSUSA said: "Raytheon is collaborating with Girl Scouts to help close the gender gap in STEM fields by helping prepare girls to pursue careers in fields like cybersecurity, computer science, artificial intelligence, and robotics. "Together, Raytheon and Girl Scouts are reaching girls during formative school years, where research shows peer pressure can sometimes deter girls from pursing their interest in STEM."Read More
  • Equifax used 'admin' as username and password for sensitive data: lawsuit
    Equifax (EFX) used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads. The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website. When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, “it left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data.” The lawsuit was filed by people who bought shares of Equifax between Feb. 25, 2016 and Sept. 15, 2017.Read More
  • Tennessee Cybersecurity Unit Checks 1 Billion Threats Daily
    "Across all industries cybersecurity threats are increasing both in number and sophistication and the energy sector is one of the most sought after sectors for cyberattackers," said Andrea Brackett, a 26-year TVA employee who serves as director of TVA cybersecurity in Chattanooga. "Our threat intelligence unit here is constantly maintaining an awareness of what the cyberlandscape looks like, analyzing what attacks are happening not only across the electric sector but also industries as well," Chad Tyler, a senior information security specialist for TVA, said Wednesday during a tour of TVA's cybersecurity facilities as part of the agency's recognition of National Cybersecurity Awareness month. TVA also works with other utilities to meet standards and evaluate new programs by the Department of Energy for cybersecurity. TVA's own internal watchdog, the Office of Inspector General, also evaluates TVA cybersecurity activities. An audit of TVA web sites and email earlier this year found that among 116 TVA registered internet domains tested for email security requirements, 115 did not meet Department of Homeland Security standards for cybersecurity.Read More
  • CenturyLink Customer Data Exposed
    CenturyLink Customer Data Exposed Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report. A CenturyLink customer information database with some 2.8 milliion records was found exposed on the public Internet, exposing personal details of hundreds of thousands of its customers. According to the researchers, the database - which was affiliated with a third-party notification platform used by CenturyLink - had been exposed for 10 months. Customer names, addresses, email addresses, and phone numbers were exposed. "The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised," CenturyLink said in a statement to Comparitech.Read More
  • Army AI task force looks for cyber project as industry day nears
    Army AI task force looks for cyber project as industry day nears The Army Artificial Intelligence Task Force is looking to start a cyber defense project this year, according to director Brig. "Our network defense piece, [artificial intelligence] is used to help us sort of do the situational awareness — to understand what the network is to start with," Easley told reporters during an Oct. 14 briefing at the Association of the U.S. Army's annual conference in Washington, D.C. Easley said the task force is looking to expand its portfolio and has been in talks with Army Cyber Command and it's been decided that the task force and its data scientists will lead the project, which is still in the formation phase. Easley's comments come as the Army plans on hosting its third annual AI industry day Nov. 13, courtesy of Army Research Lab, the Algorithmic Warfare Cross-Functional Team (known as Project Maven), and the Pentagon's Joint Artificial Intelligence Center.Read More