] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Kmart Latest Victim of Egregor Ransomware – Report

(Thursday December 03, 2020)
The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays.

Common Container Manager Is Vulnerable to Dangerous Exploit

(Thursday December 03, 2020)
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.

BrandPost: Cybersecurity Best Practices for Protecting Brand Trust

(Thursday December 03, 2020)
Your brand is a valuable asset, but it’s also an attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business. Something else should be obvious as well: guarding your _digital trust_ – public confidence in your digital security – is make-or-break for your business, not just part of your...

objtree - tree (the Unix command) but for Objective-C messages

(Thursday December 03, 2020)
tree but for Objective-C messages. Contribute to hot3eed/objtree development by creating an account on GitHub.

Ubuntu Security Notice USN-4661-1

(Thursday December 03, 2020)
Ubuntu Security Notice 4661-1 - It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library.

Red Hat Security Advisory 2020-5342-01

(Thursday December 03, 2020)
Red Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote...

Red Hat Security Advisory 2020-5341-01

(Thursday December 03, 2020)
Red Hat Security Advisory 2020-5341-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote...

Red Hat Security Advisory 2020-5340-01

(Thursday December 03, 2020)
Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote...

Red Hat Security Advisory 2020-5344-01

(Thursday December 03, 2020)
Red Hat Security Advisory 2020-5344-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote...

Cloud Security Threats for 2021

(Thursday December 03, 2020)
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

(Thursday December 03, 2020)
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.

CVE-2020-25988: UPnP Feature or Abuse ? You decide.

(Thursday December 03, 2020)
There are references to various blogs of super awesome folks in Infosec, huge shoutouts to you! Thank you for the awesome work! Product: Genexis Platinum 4410 Router v2.1 Version Affected…

A 3D Printed Shell - CVE-2019-14450

(Thursday December 03, 2020)
Skip to content Search for: Search for: A 3D Printed Shell A 3D PRINTED SHELL WITH 3D PRINTERS GETTING A LOT OF ATTENTION WITH THE COVID-19 PANDEMIC, I THOUGHT I’D SHARE A POST ABOUT AN INTERESTING HANDFUL OF BUGS I DISCOVERED LAST YEAR. THE BUGS WERE FOUND IN A PIECE OF SOFTWARE THAT IS USED FOR REMOTELY MANAGING 3D PRINTERS. CHAINING THESE VULNERABILITIES TOGETHER ENABLED ME TO REMOTELY EXPLOIT THE WINDOWS SERVER HOSTING THE SOFTWARE WITH SYSTEM LEVEL PRIVILEGES. LET ME...

Cyber Criminals Tried to Gain Access to COVID-19 Vaccine ‘Cold Chain’

(Thursday December 03, 2020)
The COVID ‘cold chain’ is now under attack, likely a nation state, although the identity of the threat actors remains unknown for now, according to an IBM report. Ever since the start of the research into the COVID-19 pandemic, threat actors have been trying either hamper the efforts into finding cure or tried to steal […]

US Officials Take Action Against 2,300 Money Mules

(Thursday December 03, 2020)
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.

Researchers Bypass Next-Generation Endpoint Protection

(Thursday December 03, 2020)
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.

Easy to use NAT slipstream implementation/PoC

(Thursday December 03, 2020)
Contribute to jrozner/slipstream development by creating an account on GitHub.

Unleash Your EC2 Instances CVE Scanning with ++ Red-Detector: AWS EC2 CVE Scanner Open Source ++

(Thursday December 03, 2020)
Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/) - lightspin-tech/red-detector

DeathStalker APT Spices Things Up with PowerPepper Malware

(Thursday December 03, 2020)
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.

Carnivore: is a tool for assessing on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb. Carnivore’s functionality covers every stage an attacker would follow – from discovering relevant subdomains, to uncovering username format and username enumeration, to password spraying etc.

(Thursday December 03, 2020)
Carnivore is a tool for assessing on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb. Carnivore's functionality covers every stage an attacker would follow - from discovering relevant subdomains, to uncovering username format and username enumeration, to password spraying and additional post authentication activities for Skype such as retrieving the global address list or…

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

(Thursday December 03, 2020)
The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the influences that are shaping the cyber landscape, and hearing from security experts, industry thought leaders, our… The post Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our...

Reverse Engineering Tools: Evaluating the True Cost

(Thursday December 03, 2020)
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

(Thursday December 03, 2020)
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.

Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference

(Thursday December 03, 2020)
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a client-side protection bypass due to an insecure direct object reference vulnerability.

Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure

(Thursday December 03, 2020)
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.

Ubuntu Security Notice USN-4660-1

(Thursday December 03, 2020)
Ubuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Invision Community 4.5.4 Cross Site Scripting

(Thursday December 03, 2020)
Invision Community version 4.5.4 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2020-5333-01

(Thursday December 03, 2020)
Red Hat Security Advisory 2020-5333-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a code execution vulnerability.

Digital Signage Systems - The Modern Hacker's Outreach

(Thursday December 03, 2020)
Whitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.

mojoPortal Forums 2.7.0.0 Cross Site Scripting

(Thursday December 03, 2020)
mojoPortal Forums version 2.7.0.0 suffers from a persistent cross site scripting vulnerability.

Online Matrimonial Project 1.0 Remote Code Execution

(Thursday December 03, 2020)
Online Matrimonial Project version 1.0 authenticated remote code execution exploit.

EgavilanMedia Address Book 1.0 SQL Injection

(Thursday December 03, 2020)
EgavilanMedia Address Book version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Coaster CMS 5.8.18 Cross Site Scripting

(Thursday December 03, 2020)
Coaster CMS version 5.8.18 suffers from a persistent cross site scripting vulnerability.

Data Of 243 Million Brazilians Exposed Online

(Thursday December 03, 2020)

Manage, govern, and get more value out of your data with Azure Purview

(Thursday December 03, 2020)
Today we are excited to announce Azure Purview, a unified data governance service that sets the foundation for data governance across your operational and analytical data estate. The post Manage, govern, and get more value out of your data with Azure Purview [https://www.microsoft.com/security/blog/2020/12/03/manage-govern-and-get-more-value-out-of-your-data-with-azure-purview/] appeared first on Microsoft Security.

Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs

(Thursday December 03, 2020)
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.

As Modern Mobile Enables Remote Work, It Also Demands Security

(Thursday December 03, 2020)
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.

S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]

(Thursday December 03, 2020)
Latest episode - listen now!

From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now

(Thursday December 03, 2020)
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.

Clop Gang Makes Off with 2M Credit Cards from E-Land

(Thursday December 03, 2020)
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.

Aircraft maker Embraer admits hackers breached its systems and stole data

(Thursday December 03, 2020)
Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data in what sounds like a ransomware attack. Read more in my article on the Tripwire State of Security blog.

Xerox DocuShare Bugs could result in major data leaks

(Thursday December 03, 2020)
Xerox released a fix for two vulnerabilities in regards to DocuShare, their document management platform. If these bugs were exploited they could have made DocuShare users vulnerable to a malicious attack resulting in sensitive data loss. Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin to alert users and administrators to urgently […] The post Xerox DocuShare Bugs could result in major data leaks [https://www.itsecurityguru.org/2020/12/03/xerox-docushare-bugs-could-result-in-major-data-leaks/] appeared first on IT Security Guru...

Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr

(Thursday December 03, 2020)
Incydr lets you monitor your high-risk users without impeding their ongoing work.

Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw

(Thursday December 03, 2020)
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.

Ransomware gang steals 2 million credit cards from E-Land

(Thursday December 03, 2020)
The ransomware gang Clop has claimed to be responsible for a cyberattack on E-Land Retail. Clop have said that they have stolen around 2 million credit card’s details over the past year, with the attack ending last month. E-Land Retail is a subsidiary of E-Land Global, which manages a number of retail clothing stores, such […] The post Ransomware gang steals 2 million credit cards from E-Land [https://www.itsecurityguru.org/2020/12/03/ransomware-gang-steals-2-million-credit-cards-from-e-land/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Aerospace firm hit by cyber attack

(Thursday December 03, 2020)
Embraer, a Brazilian defence and aerospace group has recently been a target of a cyber attack which has halted the company’s operations. According to a statement released by Embraer this week, the attack forced the “disclosure of data allegedly attributed to the company”. The incident was only reported to the Brazilian Securities and Exchange Commission […] The post Aerospace firm hit by cyber attack [https://www.itsecurityguru.org/2020/12/03/aerospace-firm-hit-by-cyber-attack/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

FBI warns of hackers abusing email forwarding rules in recent attacks

(Thursday December 03, 2020)
The FBI has warned businesses of the threat posed by cybercriminals who create auto-forwarding rules on their victims' web-based email services, in an attempt to make them more susceptible to Business Email Compromise (BEC). Read more in my article on the Bitdefender Business Insights blog.

Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks

(Thursday December 03, 2020)
In this post, we will explore how Kubernetes container isolation impacts privilege escalation attacks using common kernel exploitation techniques.

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

(Thursday December 03, 2020)
TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known

Google Play Apps Remain Vulnerable to High-Severity Flaw

(Thursday December 03, 2020)
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.

TrickBot gets new UEFI attack capability that makes recovery incredibly hard

(Thursday December 03, 2020)
Researchers have seen a worrying development recently in TrickBot, a and other cybercriminal groups. A new module enables the malware to scan for vulnerable UEFI configurations on infected systems and could enable attackers to brick systems or deploy low-level backdoors that are incredibly hard to remove. [ How well do you know these ! ]

How attackers exploit Window Active Directory and Group Policy

(Thursday December 03, 2020)
Active Directory, part of Windows Server since Windows 2000, is the foundation for many, many businesses. It allows firms to authenticate and authorize all users and computers in a Windows domain. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. It allows administrators to set many security policies and settings to enforce certain actions and preferences.(Insider Story)

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

(Thursday December 03, 2020)
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector, are still vulnerable and can be hijacked to 

Smashing Security podcast #207: Cyber biowarfare, giant ladybugs, and strippers

(Thursday December 03, 2020)
Fears are raised about cyber bioterrorists, there's a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States's computer crime laws? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Frida 14.1 is out with upgraded dependencies, iOS 14.2 support, Windows inprocess injection, many Stalker ARM improvements, and much more

(Thursday December 03, 2020)
Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Open Source Flaws Take Years to Find But Just a Month to Fix

(Wednesday December 02, 2020)
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.

Cybersecurity in the Biden Administration: Experts Weigh In

(Wednesday December 02, 2020)
Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal."

Weaponizing Windows Sandbox To Bypass Defender

(Wednesday December 02, 2020)
INTRODUCTION I’ve not posted on here since May, as I’ve been busy with (well, life in general) projects and whatnot. This short blog post may be useful for a Red Team by living-of-the-land for the execution of payloads on a machine where Windows Sandbox can be enabled; Windows Sandbox is designed to work this way - no exploitation of anything is covered in this post. With this technique in terms of executing within a VM, we don’t need to load an external ISO onto the machine, as all of...

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks

(Wednesday December 02, 2020)
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.

FBI: BEC Scammers Could Abuse Email Auto-Forwarding

(Wednesday December 02, 2020)
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.

Loyal Employee ... or Cybercriminal Accomplice?

(Wednesday December 02, 2020)
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.

Machine Learning Attack Series

(Wednesday December 02, 2020)
Posted on Nov 26, 2020 #machine learning What a journey it has been. I wrote quite a bit about machine learning from a red teaming/security testing perspective this year. It was brought to my attention to provide a conveninent “index page” with all Husky AI and related blog posts. Here it is. [ML Attack Series] MACHINE LEARNING BASICS AND BUILDING HUSKY AI [/blog/posts/2020/machine-learning-basics/] [/blog/posts/2020/husky-ai-walkthrough/] [/blog/posts/2020/husky-ai-building-the-machin

ELFPatch: A library to patch ELFs

(Wednesday December 02, 2020)
A library for patching ELFs. Contribute to ret2jazzy/ELFPatch development by creating an account on GitHub.

Running OWASP Juice Shop with Root-the-Box on Google Cloud Platform

(Wednesday December 02, 2020)
Andreas Happe sometimes blogs about development, life or security.

Automated Pen Testing: Can It Replace Humans?

(Wednesday December 02, 2020)
These tools have come a long way, but are they far enough along to make human pen testers obsolete?

Security Slipup Exposes Health Records & Lab Results

(Wednesday December 02, 2020)
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.

I2P 0.9.48

(Wednesday December 02, 2020)
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Red Hat Security Advisory 2020-5325-01

(Wednesday December 02, 2020)
Red Hat Security Advisory 2020-5325-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Ubuntu Security Notice USN-4659-1

(Wednesday December 02, 2020)
Ubuntu Security Notice 4659-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this...

Ksix Zigbee Devices Playback Protection Bypass

(Wednesday December 02, 2020)
Ksix Zigbee devices playback protection bypass proof of concept exploit.

Ubuntu Security Notice USN-4658-1

(Wednesday December 02, 2020)
Ubuntu Security Notice 4658-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this...

Simple College Website 1.0 Local File Inclusion

(Wednesday December 02, 2020)
Simple College Website version 1.0 suffers from a local file inclusion vulnerability.

Red Hat Security Advisory 2020-5317-01

(Wednesday December 02, 2020)
Red Hat Security Advisory 2020-5317-01 - PostgreSQL is an advanced object-relational database management system.

Car Rental Management System 1.0 Local File Inclusion / SQL Injection

(Wednesday December 02, 2020)
Car Rental Management System version 1.0 suffers from local file inclusion and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2020-5316-01

(Wednesday December 02, 2020)
Red Hat Security Advisory 2020-5316-01 - PostgreSQL is an advanced object-relational database management system.

How to steal photos off someone’s iPhone from across the street

(Wednesday December 02, 2020)
The bug at the heart of this is already patched - but there's a lot to learn from this story anyway.

UK NCSC - Zero trust principles - beta release

(Wednesday December 02, 2020)
You need to enable JavaScript to run this app.

Protect your SQL Server on-premises, in Azure, and in multicloud

(Wednesday December 02, 2020)
Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services (AWS), and Google Cloud Platform (GCP), and in virtual machines on Azure. Azure Defender for SQL constantly monitors your SQL Server for known vulnerabilities and threats. Microsoft recommends that customers protect their production… The post Protect your SQL Server on-premises, in Azure, and in multicloud [https://www.microsoft.com/security/blog/2020/12/02/protect-your-sql-server-on-premises-in-azure-and-in-multi-cloud/] appeared first on Microsoft...

Taylor Swift Fan Hacks Artist Spotify Pages

(Wednesday December 02, 2020)

Watch This Google Hacker Pwn 26 iPhones

(Wednesday December 02, 2020)

Account Hijacking Site OGUsers Hacked, Again

(Wednesday December 02, 2020)
For at least the third time in its existence, OGUsers -- a forum overrun with people looking to buy, sell and trade access to compromised social media accounts -- has been hacked.

Mac users warned of more Ocean Lotus malware targeted attacks

(Wednesday December 02, 2020)
Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you're a Mac user, I really hope you're running anti-virus software.

Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet

(Wednesday December 02, 2020)
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.

Indian Telefraud Boss Gets 20 Years Behind Bars

(Wednesday December 02, 2020)
The US Department of Justice has announced the sentencing of an Indian national for masterminding several India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel, aka Hitesh Hinglaj, 44, of Ahmedabad, India, was sentenced to 20 years in prison and three years of supervised release […]

Introducing monsoon - a lean and versatile HTTP enumerator

(Wednesday December 02, 2020)
2 DECEMBER 2020 INTRODUCING MONSOON ‒ A LEAN AND VERSATILE HTTP ENUMERATOR Share via: We recently released our first open-source project, monsoon command-line _HTTP enumerator_: A tool that iterates over a list of values, for example a word list or a range of integers, and sends one HTTP request per item towards a given server. The target server, path and HTTP headers can be configured on the command line. There, one can replace parts of the HTTP request with the placeholder FUZZ. All...

422 Individuals Arrested in Global Money Laundering Scheme, According to Europol

(Wednesday December 02, 2020)
More than 400 people have been arrested following a three-month global investigation into money laundering schemes, Europol disclosed today. The European Money Mule Action ‘EMMA 6’ identified 4,031 money mules and 227 money mule recruiters, and resulted in 422 individual arrests between September and November 2020. “During the span of the operation, 1 529 criminal investigations […]

Free Mobile App Measures Your Personal Cyber Risk

(Wednesday December 02, 2020)
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

(Wednesday December 02, 2020)
Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

(Wednesday December 02, 2020)
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device

WriteHat, reporting tool by pentesters, for pentesters

(Wednesday December 02, 2020)
WriteHat is a reporting tool which removes Microsoft Word (and many hours of suffering) from the reporting process. Markdown –> HTML –> PDF.

Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

(Wednesday December 02, 2020)
Matt Travis, the former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency ( Summit yesterday with a keynote interview by journalist Kara Swisher. Travis provided an insider’s view of the events leading up to the firing of CISA director Christopher Krebs and discussed the fallout from President Donald Trump’s attempts to undermine the agency.

FBI warn that email forwarding rules are being abused by hackers

(Wednesday December 02, 2020)
The US Federal Bureau of Investigation (FBI) says that it is getting more common for cyber-criminals to use email forwarding rules in order to disguise themselves inside hacked email accounts. The FBI sent out a PIN (Private Industry Notification) alert last week, which was made public yesterday, which said that the technique has been seen […] The post FBI warn that email forwarding rules are being abused by hackers [https://www.itsecurityguru.org/2020/12/02/fbi-warn-that-email-forwarding-rules-are-being-abused-by-hackers/] appeared first on IT Security Guru...

Cyber Attack at US Mental Health Services Provider Exposes Sensitive Info of Over 290,000 Individuals

(Wednesday December 02, 2020)
Attackers stole protected health information (PHI) and personally identifiable information (PII) of 295,617 patients of Colorado Springs-based mental healthcare provider AspenPointe in a data breach, the company said. According to a letter sent to victims, the criminals gained access to the organization’s network in September 2020. “We recently discovered unauthorized access to our network occurred between […]

Malicious npm packages were installing remote access trojans

(Wednesday December 02, 2020)
The security team in charge of the ‘npm’ repository used for JavaScript libraries has removed two of the npm packages on Monday after they were found to contain malicious code that installed a remote access trojan (RAT) onto computers of developers who were working on JavaScript projects. The names of the packages were jdb.js and […] The post Malicious npm packages were installing remote access trojans [https://www.itsecurityguru.org/2020/12/02/malicious-npm-packages-were-installing-remote-access-trojans/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

4 tips for partnering with marketing on social media security

(Wednesday December 02, 2020)
If you ask cybersecurity execs where the biggest risk to their companies lies, 41.33% will tell you it’s marketing tech. At least, that’s what research provider Pollfish contends in its October 2020 report of 600 American professionals. Not just any martech, though: 25.67% are specifically worried about executives’ personal social media accounts.(Insider Story)