Technology Solutions

 

IT Security Alert

The Hacker News Tue, 20 Aug 2019 12:30:03 PDT
  • Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data 

    Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social

  • iOS 12.4 jailbreak released after Apple 'accidentally un-patches' an old flaw 

    A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed "unc0ver 3.5.0," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version 12.4.

  • How Activity Logs Help WordPress Admins Better Manage Website Security 

    Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or your customers, you need a WordPress activity log plugin. This post explains how to use the WP Security

  • Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers 

    Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into

  • European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked 

    The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself

  • Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again 

    If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available

  • Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps 

    In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding credit card skimmers, including: Gas pump skimmer found at a 7-Eleven in Pinellas County Credit

  • Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online 

    In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint

  • New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections 

    Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices

  • 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks 

    Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of

  • 4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered 

    If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability. Discovered by Microsoft's security team itself, all

  • Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows 

    Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back

  • Cerberus: A New Android 'Banking Malware For Rent' Emerges 

    After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses. Dubbed "Cerberus," the new remote access Trojan allows remote attackers to take total control over the infected Android devices and

  • Let Experts Do Their Job – Managed WAF by Indusface 

    WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has

  • Epic Games Hit With Class Action Lawsuit Over Hacked 'Fortnite' Accounts 

    Epic Games, the creator of the popular 'Fortnite' video game, is facing a class-action lawsuit from gamers over hacked Fortnite accounts, accusing the company of failing to maintain adequate security measures and notify users of the security breach in a timely manner. The lawsuit, filed by 'Franklin D. Azar and Associates' in the United States District Court in North Carolina on behalf of

  • Android Users Can Now Log in to Google Services Using Fingerprint 

    If you're using Chrome on Android, you can now sign-in to your Google account and some of the other Google services by simply using your fingerprint, instead of typing in your password every time. Google is rolling out a new feature, called "local user verification," that allows you to log in to both native applications and web services by registering your fingerprint or any other method

  • Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019 

    With the migration of governments and enterprises towards controller-based architectures, the role of a core network engineer has become more important than ever. Today, majority of interconnected wide area networks (WANs) and local area networks (LANs) in the world run on Cisco routers and other Cisco networking equipment, and therefore most organizations need network engineers to maintain

  • Canon DSLR Cameras Can Be Hacked With Ransomware Remotely 

    The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage

  • Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs 

    If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed. A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware

  • Apple will now pay hackers up to $1 million for reporting vulnerabilities 

    Apple has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday. One of the most attractive updates is… Apple has enormously increased the maximum reward for its bug bounty program from $200,000 to $1 million—that's by far the biggest bug bounty offered by any major tech company for reporting

  • Facebook Sues Two Android App Developers for Click Injection Fraud 

    Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users' smartphones to fraudulently click on Facebook ads. According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as "click injection

  • Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V 

    Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. (You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP

  • Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer 

    Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers. The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC information of 10,000 users if the company did not pay 300 Bitcoins—that's equivalent to almost $3.5

  • KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files 

    If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's

  • SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs 

    A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned. Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the

Quick Heal Blog | Latest computer security news, tips, and advice Mon, 19 Aug 2019 10:31:48 +0000
  • Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store 

    Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week. These apps continuously show installation prompt for fake “Google Play Store”. If any user falls…

  • Alert! Income tax refund SMS – Newest way of conducting bank fraud by cyber criminals 

    Scammers are literally on their toes all year round, but for all the wrong reasons, devising ways and means to trick innocent people. In their latest attempt at fraud, cyber criminals are using fake SMS pretending to be from Income Tax Department to trick innocent victims into sharing bank account…

  • Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners 

    The rapid pace at which connected smart home devices are increasing, have opened the gates for a new era of cyber-attacks on IoT devices including smart phones, TVs, IP cameras, etc. These attacks are mostly in the form of crypto mining attacks wherein cryptocurrency-mining botnet enters the targeted device via…

  • MegaCortex Returns… 

    MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key…

  • Trinity Miner using open ADB port to target IoT devices 

    In the 21st century, life is becoming smart and evolving at a fast pace. Even day to day gadgets are becoming smarter. All these IoT devices are powered by ARM-based processor and run on android and unix operating system. These IoT devices include mobiles, smart T.V., routers, IP cameras and…

  • Webcam Hacking – How to prevent webcam from hacking into your privacy? 

    Imagine a day when you open your inbox and there’s this one mail containing obscene pics of you flashing on the screen. Right below is a message asking you to pay a hefty ransom to prevent your pics from getting shared with all your accounts. The thought itself is enough…

  • Ransomware As A Tool – LockerGoga 

    Ransomware authors keep experimenting with the development of payload in various dimensions. In the timeline of ransomware implementations, we have seen its evolution from a simple screen locker to multi-component model for file encryption, from novice approach to a sophisticated one. The Ransomware as a Tool has evolved in wild…

  • Beware! Email attachments can make you victim of spear phishing attacks 

    In the last few months, we’ve seen a sudden increase in Spear Phishing attacks. Spear phishing is a variation of a phishing scam wherein hackers send a targeted email to an individual which appears to be from a trusted source. In this type of attack, the attacker uses social engineering tricks and some…

  • The website I visited behaves weirdly. I wonder if I’m hacked? 

    After a busy day at office or business, you settle down on the sofa at home with coffee and you want to catch your favourite show on your phone or TV. While streaming you want to make a payment for your bills that are due. You connect to your Wi-Fi…

  • Beware! The padlock icon and HTTPS are no more indicators of safe website 

    The evolving cyber threat landscape has taken a new leap. The recent past shows a startling rise in the number of incidences of phishing attacks, where visitors have been lured into clicking fraudulent links, under the cover of security marks like padlock icon and ‘HTTPS’. Considering the rising number of…

Troy Hunt's Blog Tue, 20 Aug 2019 14:03:46 GMT
WeLiveSecurity Tue, 20 Aug 2019 19:14:23 +0000
How can we help
  • Virus Removal Experts
  • All Desktop & Notebook Repairs
  • Screens, Motherboards, Hard drives
  • Soldering Jobs
  • Networking
  • Custom Builds
  • Website Design
What We Do