Search results for Security | Breaking Cybersecurity News | The Hacker News

Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of  LIGHTWIRE . "CHAINLINE is a Python web shell backdoor that is embedded in a Ivanti Connect Secure Python package that enables arbitrary command execution," the company  said , attributing it to UNC5221, adding it also detected multiple new versions of  WARPWIRE , a JavaScript-based credential stealer. The infection chains entail a successful exploitation of  CVE-2023-46805 and CVE-2024-21887 , which allow an unauthenticated threat actor to execute arbitrary commands on the Ivanti appliance with elevated privileges. The flaws have been abused as zero-days since early December 2023. Germany's Federal Office for Information Security (BSI)  said

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger —promoted as one of the most secure messengers in the world—isn't any exception. Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver's end without requiring his/her interaction. In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user's device and listen to all surrounding conversations. However, the Signal vulnerability can only be exploited if the receiver fails to answer an audio call over Signal, eventually forcing the incoming call to be automatically answered on the receiver's device

Two attackers were more than 100,000 e-mail users Apple iPad, including politicians and famous journalists, federal prosecutors said Tuesday notifying the prosecution of men. AT & T has revealed a vulnerability of months ago, and U.S. Attorney Paul Fishman said there was evidence that the two men have used the information obtained for criminal purposes. Authorities warned, however, that information can be dissolved in the hands of spammers and scammers. Daniel Spitler, a guard from the library 26-year-old from San Francisco and Andrew Auernheimer, 25, of Fayetteville, Ark., is accused of fraud and conspiracy to access a computer without authorization. Fishman characterizes men and their cohorts that participation in a "malicious upsmanship, as they sought to impress others and others in the online community. "We do not tolerate crimes committed for street cred," said Fishman. "Hacking is not a competitive sport, and security breaches is not a game."

Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A  v CISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services will cater to SME requirements and concerns. By answering this market gap, they can grow their customer base as well as upsell to existing clients. This will lead to recurring revenue and increased profitability. Developing and scaling vCISO services requires a well-thought-out plan. This will help guide you through the required processes, anticipate and overcome challenges and optimize resource use. To aid you, we introduce a comprehensive and actionable  guide: "How to Scale Your vCISO Services Profitably" . The guide was developed based on the experience of industry leader  Cynom i, who has helped hun

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed " Operation Pawn Storm " by security experts, was first detected on Windows computers late last year, but has now made its way to iOS devices , a report by security researchers at TrendLabs noted. The researchers linked the campaign to the Russian government. XAGENT SPYWARE APP One of the two spywares used in the campaign is actually an application, the firm dubbed the app XAgent, that attempts to install and run on iOS devices. " The XAgent app is fully functional malware ," the researchers noted . " The exact methods of installing these malware is unknown; however, we do know that the iOS device doesn't have to be jailbroken ... We have seen one in

Discovered the biggest Facebook phishing in French Two Days before we publish that Geeks at Security Web-Center Found 25 Facebook phishing sites. Security Web-Center found another biggest Facebook phishing site in French which steal more then 5000 usernames and passwords, using the fake domain www.frfacebook.fr to scam the victims. All phished passwords are stored here Security Web-Center suggests that potential victims: Change all exposed passwords; Contact the company or organization that was being spoofed (Facebook, in this case); Alert it that your personal information was exposed; Ask it to cancel any accounts affected (Note: We don't recommend this for Facebook, obviously, but view it more as a general tip); and If the information provided can be used to access other institutions, such as credit-card companies, contact them, as well. [ Read More ]

Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada's Bank of Montreal, BMO Harris Bank is  launching  the U.S.'s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card informat

Have to lose $ 2? Then you can buy a stolen credit if you pay in advance and in cash. Or start your own spam campaign by hiring a botnet, with prices starting at $ 15 and up slightly if you want VPN access to control panel botnet for greater anonymity. It says "Black Market Cybercrime: uncovered," the report released Thursday the security software maker Panda Software. Overall, security company has found a thriving black market for stolen data, and provides the tools for an attack. "The credit card can be purchased for as little as $ 2 per card, but this level does not provide additional information or check account balance available," said the report's author, Luis Corrons, technical director of Panda Security. "If the buyer wants a guarantee for the available line of credit account or a bank, the price rises to $ 80 for balances of smaller banks and more than $ 700 for access to accounts with a balance of $ 82,000 guaranteed." Spend even more -

Last month the popular torrent website The Pirate Bay caused some uproar by adding a Javascript-based cryptocurrency miner to its site with no opt-out option, utilizing visitors' CPU power to mine Monero coins in an attempt to gain an extra source of revenue. Now D-Link has been caught doing the same, although there's high chance that its website has been hacked. D-Link's official website for Middle East (www.dlinkmea.com) has been found secretly adding a JavaScript-based cryptocurrency miner, according to a blog post published by security firm Seekurity on Tuesday. Seekurity team was made aware of the issue after Facebook user Ahmed Samir reported that visiting on D-Link Middle East website caused his web browser utilizing a "super high CPU" power usage. As shown in the screenshot below, a separate domain was loaded using a hidden iFrame for each page view, which included the cryptocurrency mining script. Five days after Seekurity team reported th

A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications. Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store. Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week. An attacker only needs to be on the same network as the person who is using the App Store. From there, they can intercept the communications between the device and the App Store and insert their own commands. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks i.e steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intende

Security researchers from Core Security has reportedly found a Denial of Service ( DoS ) attack vulnerability in Android WiFi-Direct. Android's WiFi-Direct is a wireless technology that allows two devices to establish a direct, peer-to-peer Wi-Fi connection without requiring a wireless router. Smartphones have been able to support Wi-Fi Direct for a while now. According to the advisory , the remotely exploitable denial-of-service vulnerability is affecting a wide number of Android mobile devices when it scans for WiFi Direct devices. If exploited, the vulnerability would let an attacker force a reboot of a device. " An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class ," advisory states. The Android WiFi-Direct vulnerability (CVE-2014-0997) affects: Nexus 5 - Android 4.4.4 Nexus 4 - Android 4.4.4 LG D806 - Android 4.2.2 Samsung SM-T310 - Android

Last year, Just after Snowden leaks, the U.S Government warned that NSA surveillance revelations will make harder to track bad guys trying to harm the United States, as disclosures can be helpful to terrorist groups. In response to the NSA revelations, the terrorists at Al-Qaeda have started using strongest encryption techniques in order to bypass the standard cryptographic protections in its various communications, according to the recent report released by the Threat Intelligence  company, Recorded Future . The analysis carried out by the intelligence firm revealed that the Infamous Terrorist Organizations, Al-Qaeda that attacked civilian and military targets in various countries, has switched to new encryption software for the first time in seven years, following the revelations of the US National Security Agency (NSA) by former contractor Edward Snowden . Al-Qaeda is a global militant Islamist and takfiri organization which operates as a network comprising both a

Anonymous attack on Israeli government  & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. " Your actions are illegal, against democracy, human rights, international, and maritime laws ," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. " Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world. " " If you continue blocking human

The terrible terrorist attacks in France forced the British Prime Minister David Cameron to consider banning the popular encrypted online messaging apps like Snapchat , CryptoCat ,  WhatsApp and Apple's iMessage unless the companies don't give the UK government backdoor access to their encrypted communications. Speaking at a public event in the UK this morning, Cameron said that if he wins the next election and re-elected, he would seek to ban the encrypted communication apps as part of his plans for new surveillance powers in the wake of the Charlie Hebdo shootings in Paris . The British Prime Minister said the Paris terror attacks, including the one last week on satirical newspaper Charlie Hebdo, outlined the need for greater access on the encrypted communications. In his remarks, the attacks were aimed at messaging apps that encrypt messages to secure users' communications. " The attacks in Paris demonstrated the scale of the threat that we face and th

Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system. According to the advisory , just opening a maliciously crafted web content using any vulnerable WebKit-based application could allow remote attackers to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device. Among the WebKit vulnerabilities include a consistency issue (CVE-2019-6222) that allows malicious websites to potentially access an iOS device microphone without the "microphone-in-use" indicator being shown. A similar vulnerability (CVE-2019-8566) has been patched in Apple's Replay

Japan under Heavy Cyber Attack ! In last two days several Cyber attacks breach corporate and National Security of Japan. First, Japanese parliament hit by cyber attack from China according to Report. A server located in China was used for the attack on the Japanese Lower House. This led to an extraordinary meeting of a key subcommittee after it emerged that hackers had access to emails and documents belonging to the chamber's 480 legislators for at least one month. The personal computers and servers of Japanese lower house lawmakers have been hit by a cyber attack, and passwords and user IDs may have been stolen. Next, Information on military aircraft and nuclear power plants may have been stolen in a series of cyberattacks on Japanese defence contractor Mitsubishi Heavy. Mitsubishi Heavy said late last month that 83 computers at 11 of its facilities had been hit by cyberattacks but no leakage of information on products and technologies had been confirmed. Christophe Bianco

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer  said  in a report. "In most cases, these extra protections have been applied to injections used in the process of online banking fraud — TrickBot's main activity since its inception after the  Dyre Trojan 's demise." TrickBot , which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that's employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a " Trickboot " module that can modify the UEFI firmware of a compromised device. In the fall of 2

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were  detailed  by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login cr

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis , the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users' login credentials and the secret code for two-factor authentication. According to security researchers at Kaspersky Lab s, the criminal group behind the Roaming Mantis campaign has broadened their targets by adding phishing attacks for iOS devices, and cryptocurrency mining script for PC users. Moreover, while the initial attacks were designed to target users from South East Asia–including South Korea, China Bangladesh, and Japan–the new campaign now support 27 languages to expand its operations to infect people across Europe and the Middle East. How the Roaming Mantis Malware Works Similar to the previous version, the new Roaming Mantis

A Serious vulnerability in Facebook has recently been reported that could allow anyone to delete your complete Facebook photo album without having authentication. Security Researcher Laxman Muthiyah told The Hacker News that the vulnerability actually resides in Facebook Graph API mechanism, which allows "a hacker to delete any photo album on Facebook . Any photo album owned by an user or a page or a group could be deleted." DELETING FACEBOOK PHOTO ALBUMS According to Facebook developers documentation, its not possible to delete albums using the Graph API, but Indian security researcher has found a way to delete not just his own, but also others Facebook photo albums within few seconds. " I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API ," he said. In general, Facebook Graph API requires an access tok

German Hacker Cracks GSM Call Encryption Code A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards. Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication. The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs." With our technology we can capture GPRS data communications in a radius of 5