Technology Solutions

 

IT Security Alert

The Hacker News Mon, 09 Dec 2019 01:47:54 PST
  • New Linux Bug Lets Attackers Hijack Encrypted VPN Connections 

    A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating

  • Facebook Sued Hong Kong Firm for Hacking Users and Ad Fraud Scheme 

    Following its efforts to take legal action against those misusing its social media platform, Facebook has now filed a new lawsuit against a Hong Kong-based advertising company and two Chinese individuals for allegedly abusing its ad platform to distribute malware and Ad fraud. Facebook filed the lawsuit on Thursday in the Northern District of California against ILikeAd Media International

  • FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware 

    The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years. Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as 'Bugat'

  • Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD 

    OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group,

  • ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector 

    Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups—APT34, also known as ITG13 and Oilrig, and Hive0081,

  • Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices 

    Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take

  • Europol Shuts Down Over 30,500 Piracy Websites in Global Operation 

    In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects. Among other things, the seized domains reportedly offered various counterfeit goods and pirated products and services, including pirated movies, illegal television streaming, music, electronics,

  • Avast and AVG Browser Extensions Spying On Chrome and Firefox Users 

    If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than

  • Top 5 Cybersecurity and Cybercrime Predictions for 2020 

    We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable

  • Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild 

    Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a

  • New Facebook Tool Let Users Transfer Their Photos and Videos to Google 

    Facebook has finally started implementing the open source data portability framework as the first phase of 'Data Transfer Project,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter. Facebook today announced a new feature that will allow its users to transfer their Facebook photos and videos to their Google Photos accounts—directly and

  • Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests 

    In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to

  • Magento Marketplace Suffers Data Breach Exposing Users' Account Info 

    If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

  • Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019 

    As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a report published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with "credential phishing emails" that tried to trick

  • The Hacker News 2020 Cybersecurity Salary Survey – Call for Participation 

    For the first time, The Hacker News launches a comprehensive Cybersecurity Salary Survey aimed to provide insights into the payment standards of security positions, enabling security professionals to benchmark their salaries against their peers, as well as get clear insights into the leading roles, certifications, geo- and industry- components that factor a cybersecurity position payroll.

  • Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers 

    You can relate this: While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid. Let's go undercover: If you're in love with the Kali Linux operating system for hacking and penetration testing, here we have pretty awesome news for you. Offensive

  • Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data 

    Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users' personal

  • Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software 

    Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to

  • OnePlus Suffers New Data Breach Impacting Its Online Store Customers 

    Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website. The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident. According

  • Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals 

    If you're like most consumers, you're probably looking forward to the upcoming Black Friday and Cyber Monday sale events. Who wouldn't want to get all sorts of products and services at massive discounts? But while most consumers are typically eyeing personal gadgets and entertainment appliances, you may want to consider scoring deals on personal security software and devices. Everyone's

  • Google offers up to $1.5 million bounty for remotely hacking Titan M chip 

    With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million. Starting today, Google will pay $1 million for a "full chain remote code execution exploit with persistence which compromises the Titan

  • Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison 

    A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. Stanislav Vitaliyevich Lisov, 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the

  • T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers 

    Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection. The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some of the customers using its prepaid services. What happened? In a statement posted on its website

  • The Ultimate 2019 Security Team Assessment Template 

    Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead. 'The Ultimate 2019 Security Team Assessment Template' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and

  • Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware 

    What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the

Quick Heal Blog | Latest computer security news, tips, and advice Mon, 09 Dec 2019 10:41:06 +0000
  • Cybercrime not limited to Metro cities – Wake up call for Smaller cities of India! 

    Cyber-attacks and cybercrimes are no more only about metro cities of India. In fact, cyber criminals are quick to shift their attention to smaller cities, owing to the fact that people/businesses in smaller cities are less familiar with the need or importance of cyber security. This makes it easier for…

  • Pegasus like spyware could be snooping on you right now!! 

    The recent news of Pegasus spyware attack via WhatsApp that targeted lawyers, journalists and human rights activists, offers an astonishing revelation on the kind of havoc such spyware can create. We covered the topic extensively, recently. The frequent media buzz about the recent incident of snooping by Pegasus spyware which…

  • Quick Heal Supports Windows 10 November 2019 Update 

    Microsoft has recently come up with a new update for Windows 10 PCs, called Windows 10 November 2019 Update (Build Version 1909). Here we’ll list down some of the highlights of this update and see how Quick Heal is compatible with this OS. Highlights of Windows 10 November 2019 Update Enhanced…

  • This Children’s Day, pledge the online security of your kids! 

    It’s Children’s Day and there couldn’t be a better day to pledge the security of our young minds, not just in the physical world but also virtual world. While technology has improved our lives in ways beyond our control and provided our kids with an ocean of knowledge, we cannot…

  • Think loud! Can the regular delivery boy at your office launch a malware? 

    Most companies employ strict security practices when it comes to the security of their office and infrastructure. There are security guards to monitor the entry and exit, surveillance cameras in place for 360° view and system administrators to keep a check on the security of systems and networks. While most…

  • BlueKeep Attacks seen in the wild! 

    CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly,…

  • Have you updated your browser yet? Severe Chrome Zero-day vulnerability getting actively exploited 

    Attention! Are you using Chrome as your web browsing software on your Windows, Linux and Mac? High time you update your browser!! That’s right. With Google recently releasing Chrome version 78.0.3904.87 for Windows, Mac, and Linux, there come’s an urgent warning, requesting billions of users to update their software immediately. The warning comes after…

  • KKNPP Attack: Tracking the DTrack! 

    The recent cyber-attack on Kudankulam Nuclear Power Plant (KKNPP) has been confirmed by the officials and yet again security of critical infrastructure has become the talk of the cyber world. The officials mentioned that there is no damage to control systems of the plant as the core processing controls are…

  • Attacker uses tricky technique of Excel 4.0 in Malspam campaign 

    Use of Phishing emails is not new for cyber-attack and is still one of the classic strategies to compromise a victim’s machine. Cyber criminals lure victims to open email attachments (mostly Doc and XLS files) by faking them to look like important one using keywords like invoice, payment, finance, order…

  • The infamous Spyware – Pegasus, The NSO Group and The WhatsApp snooping saga 

    The Indian media is abuzz these days with several news and allegations around snooping on several Indian citizens through a spyware named Pegasus, allegedly delivered through WhatsApp. It’s reported widely that Facebook Inc., the parent company of popular messaging app -WhatsApp, reached out to few users from India (and other…

Troy Hunt's Blog Mon, 09 Dec 2019 05:44:46 GMT
WeLiveSecurity Mon, 09 Dec 2019 10:30:13 +0000
How can we help
  • Virus Removal Experts
  • All Desktop & Notebook Repairs
  • Screens, Motherboards, Hard drives
  • Soldering Jobs
  • Networking
  • Custom Builds
  • Website Design
What We Do