spoofing | Breaking Cybersecurity News | The Hacker News

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That's where vPenTest , Vonahi Security's automated network pentesting platform, comes in. Designed to simulate real-world attack scenarios, vPenTest helps organizations find exploitable vulnerabilities before cybercriminals can. These aren't complex, zero-day exploits. They're misconfigurations, weak passwords, and unpatched vulnerabilities that attackers routinely exploit to gain access, move laterally, and escalate privileges within networks. Here's how these risks break down: 50% stem from misconfigurations – Default settings, weak access controls, and overlooked security policies. 30% are due to m...

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs, and even photo IDs from hundreds of victims, mostly in the United States," Lookout  said  in a report. Targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. More than 100 victims have been successfully phished to date. The phishing pages are designed such that the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus pre...

End-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. "If you use Signal, your phone number will no longer be visible to everyone you chat with by default," Signal's Randall Sarafa  said . "People who have your number saved in their phone's contacts will still see your phone number since they already know it." Setting a new username requires account holders to provide two or more numbers at the end of it (e.g., axolotl.99) in an effort to keep them "egalitarian and minimize spoofing." Usernames can be changed any number of times, but it's worth noting that they are not logins or handles. Put differently, a username is an anonymous way to initiate conversations on the chat platform without having to share phone numbers. The feature is opt-in, although Signal said it's also taking steps to hide by default users' phone ...

The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows — CVE-2021-41830  /  CVE-2021-25633  - Content and Macro Manipulation with Double Certificate Attack CVE-2021-41831  /  CVE-2021-25634  - Timestamp Manipulation with Signature Wrapping CVE-2021-41832  /  CVE-2021-25635  - Content Manipulation with Certificate Validation Attack Successful exploitation of the vulnerabilities could permit an attacker to  manipulate the timestamp  of signed ODF documents, and worse,  alter the contents  of a document or  self-sign a document  with an untrusted signature, which is then tweaked to change the  signature algorithm  to an invalid or un...

A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers. This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source. Generally, to spoof email addresses, an attacker needs: A working SMTP (Simple Mail Transfer Protocol) server to send email A M ailing Software However, an independent security researcher, Yan Zhu , discovered a similar bug in official Gmail Android app that allowed her to hide her real email address and change her display name in the account settings so that the receiver will not be able to know the actual sender. How to Send Spoofed Emails via Gmail Android App? To demonstrate her finding, Zhu sent an email to someone by changing her display name to yan ""security@google.com" (w...

Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher  Danor Cohen (An7i)   discovered the WinRAR file extension spoofing vulnerability. WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format. Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window. Danor manipulated the second filename and extension to prepare a special Z...

Cryptographer Professor Jean-Jacques Quisquater has become the part of a targeted attack by the US National Security Agency (NSA) and its British counterpart GCHQ, first reported on Saturday morning by De Standaard . A few months back in September 2013 it was revealed that, Belgacom , the largest telecommunications company in Belgium was hacked and number of employees on Belgacom's network, including their servers were compromised. Later in November 2013 , it was revealed that the NSA and GCHQ were behind the infiltration of the company's computers, according to the document provided by the former NSA contractor Edward Snowden . The document detailed that the British intelligence agency GCHQ created fake ' LinkedIn ' and ' Slashdot ' pages to spy on computers of Belgacom network engineers. They used a method called " quantum insert ", to redirect employees to fake websites that contained malware using Man in the middle attack to a spoofed server ( codenamed "...

File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet. But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It's a known fact that FTP doesn't provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be. Using FTP for official file transfer can leave your data transmission exposed to many security attacks: FTP Bounce Attack Gener...

This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate...

It's the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google's web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the procedure to update its Certificate Trust list (CTL) and all versions of its OSs to revoke the certificate. Microsoft has also decided to revoke other two certificates for the same reason, it seems that some attacks using the first certificate have been already detected, fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Microsoft has issued a security advisory " Microsoft Security Advisory ( 2798897 ) -Fraudulent Digital Certificates Could Allow Spoofing " that states: "Microsoft is aware of active attacks using one fraudulent digital certificate is...

Samsung which is currently believed to the highest Smartphones Seller in the World is now providing a Remote tracking solution in all its smartphones to Track the lost phone with the name " Samsung Dive ". The Service is based on the Architecture which primarily acquires precise location of the smart phone using it GPS and other subsidiary location acquisition techniques. The Service is basically meant to be used by the users to track their phone in case of theft or lost phone. Security Researcher Jiten Jain discovered that this GPS based location tracking service provided by manufacturer (Samsung) is also vulnerable to Theft and Malwares. To use this inbuilt tracking Service, User has to simply create an account with Samsung (www.samsungdive.com). Users than have to enable remote services to track device and wipe data remotely. The permission can be disabled or modified only by the Samsung account holder after logging in and cannot be disabled by anyone else...

Instagram - Facebook's popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim's iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to "eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim's con...