web designing | Breaking Cybersecurity News | The Hacker News

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international architectural and video production company that had all the hallmarks of a carefully orchestrated campaign. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today. "The investigation also found that the Command and Control infrastructure used by the cybercriminal group to test their malicious payload against the organization's security solution, is located in South Korea." Although there have been previous instances of APT mercenary gr...

From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing attacks aimed at hijacking popular browser extensions. Just two days ago, we reported how cyber criminals managed to compromise the Chrome Web Store account of a German developer team and hijacked Copyfish extension , and then modified it with ad-injection capabilities to distribute spam correspondence to users. Now just yesterday, another popular Chrome extension ' Web Developer ' was hijacked by some unknown attackers, who updated the software to directly inject advertisements into the web browser of over its 1 million users. Chris Pederick , the creator of Web Developer Chrome extension that offers various w...

Google is reportedly testing out some new UI changes for its popular email service, Gmail on the desktop browser that would redesign your inbox in totally different Interface. So, the traditional Gmail we all know may soon get a new makeover and we hope users will definitely love it. Google has invited a selected team of users to test a completely new user friendly interface for the webmail client which appears as a part of the trial, according to the leaked screenshots obtained by Geek 's website. According to the report, we can only presume that the new feature will enable a user to have a fancy access to Google's Gmail with a brand-new fly-in menu system that flies in and out of the browser window replaces Google's otherwise static sidebar on the left bolted into Gmail last year that organizes your inbox, chats, and labels. In the beginning of the April, the Geek also provided the screenshots revealing a series of new feature for the mobile Gmail clien...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...