Search results for completely masked | Breaking Cybersecurity News | The Hacker News

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said . "When such an email is detected, it enables an attacker to exfiltrate data, upload files, and execute commands on the victim's computer." The artifact gets its name from the use of the word "Nothing" within the source code, the Spanish cybersecurity company added. The activity highlights the abuse of Outlook as a stealthy communication, data exfiltration, and malware delivery channel. The exact initial access vector used to deliver the malware is currently not known, but analysis shows that it's deployed via Microsoft's OneDrive executable ("onedrive.exe") using a t...

Better Business Bureau has published a list of top 10 scam that seems not only to the biggest scam in 2010, but what to watch in 2011. In no particular order, here they are: Door to door scams Each of the new season of the show to attract new scammer port provides an incredible offer: Roofing in the spring, paving contractors in the summer and heating contractors in the fall. These entrepreneurs fraudulent use of high pressure sales tactics to scare people with expensive even worse - a job that is not the way to contact them if you do not - and often useless. Tip: Do not give in to high pressure sales tactics. Take the time to do your due diligence, to obtain the name and location of the company and ensure all the details and verbal promises are included in the contract. If you do not sign the agreement and would like to change my mind, BC law, if it was door to door sales contract after you have 10 days to withdraw from advising the company. Suspicious door-to-sale must infor...

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as: customer names, hashed passwords, email addresses, residential addresses, GPS locations, list of installed apps, partially-masked credit card numbers, connected bank accounts and associated account numbers, and know your customer (KYC) documents of 3.5 million users. Even worse, the leak also shows that MobiKwik does not  delete the card information  from its servers even after a user has removed them, in what's likely a breach of government regulations. New guidelines issued by India's apex banking institution, the Reserve Bank of India,  prohibit  online merchants, e-commerce websites, and payment aggregators from storing card details of a custom...

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature. That said, exploiting the vulnerability hinges on several moving parts, specifically targeting a now-deprecated JavaScript-disabled version of the Google username recovery form ("accounts.google[.]com/signin/usernamerecovery") that lacked anti-abuse protections designed to prevent spammy requests. The page in question is designed to help users check if a recovery email or phone number is associated with a specific display name (e.g., "John Smith"). But circumventing the CAPTCHA-based rate limit ultimately made it possible to try out all permutations of a Google account's phone number in a short space of time and arrive at t...