Blog

Netflix Users Warned Against Phishing Attacks

Netflix Users Warned Against Phishing Attacks

If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week,...
Continue Reading
Zoho Domain Taken Down By Mistake

Zoho Domain Taken Down By Mistake

The domain of India-based software provider Zoho, one of the largest tech companies in the world, was taken offline today for around two hours after the domain registrar overstepped its attributes and took Zoho.com down following a banale phishing complaint. The downtime resulted in nearly 30 million Zoho users being unable to access Zoho’s website, which...
Continue Reading
Google is Tracking Users Even without Location History

Google is Tracking Users Even without Location History

Just when you thought you have disabled location tracking since you have turned off your location settings and history, you were wrong. According to a report by Associated Press last Monday, even though you’ve already disabled your Location History, Google will still be able to track you down – every single time. Google said that while...
Continue Reading
Apple iOS 12 Just Got Jailbroken

Apple iOS 12 Just Got Jailbroken

Yet another terrible news for Apple. Pangu – The Chinese Hacking Team is back and once again and surprised everyone by hacking the just released iOS12 on the iPhone XS. Well, that was awkwardly fast. The Pangu Jailbreak Team has been dormant for a while. Their last jailbreak was the iOS9 back in October 2015. Since...
Continue Reading
Warning: Zombie BotNets on IoT

Warning: Zombie BotNets on IoT

The phantoms and devils of October have traveled every which way, yet the risks hiding behind virtual dividers have barely vanished. The risk of zombie bots is genuine, and it exists 365 days out of the year. Zombie bots, or gadgets that are assumed control by programmers to scatter diverse sorts of malware, infections, or spam...
Continue Reading
IBM WebSphere is a software framework and middleware that hosts Java-based web applications. This means that it’s similar to Adobe’s Flash Player, in a way that it allows Java-based applications to run on a web browser. This also means that since it hosts Java-based content, any and all information on sessions involving such applications will be taken note of, until the next time that the Java application is accessed. This threat is performed through inserting Java-based code on an application being ran, and this code is enough to send copies of information that’s been input towards a different location. For example: you’re playing a Java-based game on your browser and made an in-game purchase. For these purchases to take effect, you will have to input your credit card information, as well as other personal information that they will keep on file. If the vulnerabilities on WebSphere have been exploited, a code has already been inserted towards the page wherein you input the said information, and sends copies of It to a location where the perpetrator has access to, hence, immediately putting your financial security at risk. This is a form of injected phishing that targets a specific platform, and millions have been victims of such an activity. The reported affected versions of WebSphere are as follows: IBM WebSphere Application Server 9.0 versions prior to 9.0.0.10, with an interim fix on version 9.0.0.9 that has since been attacked IBM WebSphere Application Server 8.5 versions prior to 8.5.5.15, with an interim fix on version 8.5.5.14 that has since been attacked IBM WebSphere Application Server 8.0 versions prior to 8.0.0.15 IBM WebSphere Application Server 7.0 versions prior to 7.0.0.45 The interim fixes have been attacked primarily due to government institutions making use of this platform. This issue is due to the unsafe handling of JAVA object de-serialization through the SOAP connector. An attacker can exploit this issue by sending a specially crafted object through the SOAP connector. Upon successful exploitation, the attacker can then have full privileges on the platform, which allows them to edit, create, delete and export data with no inhibitions. That’s a major threat. There are several preventive measures that we can apply to try and mitigate the damage this can cause: Upgrade to the latest version of IBM WebSphere Application Server Verify no unauthorised system modifications have occurred before applying any patches Apply the principle of Least Privilege to all systems and services Remind users not to visit websites or follow links that come from untrusted sources These are not absolute fixes, but these can help reduce the risk of being exposed to this vulnerability. Until IBM designs a vaccine for this threat, this would be our best course of action.

IBM WebSphere Application Vulnerability Remote Code Execution

IBM WebSphere is a software framework and middle ware that hosts Java-based web applications. This means that it’s similar to Adobe’s Flash Player, in a way that it allows Java-based applications to run on a web browser. This also means that since it hosts Java-based content, any and all information on sessions involving such applications will...
Continue Reading
Government Malware Online

The US Military Just Publicly Dumped Russian Government Malware Online

Joint effort In an effort to improve information sharing Cybersecurity professional Russian is now the recipient of this so called “enemies files” from US CYBERCOM. This may have been ironic as enemy usually dump files, this time Russia began publicly freeing unclassified samples of adversaries’ malware it has found out. As per Joseph R. Holstead, acting director of...
Continue Reading
Researchers Create Hack to Unlock Millions of Hotel Room Doors

Researchers Create Hack to Unlock Millions of Hotel Room Doors

Smart door is not spare nowadays as flaw in electronic hotel door locks from Assa Abloy could allow hackers to access guest rooms and other secure locations at millions of assets around the world, F-Secure one of the leading Cyber Security Solutions for home and business researchers have discovered. Software patch were issued to fix the...
Continue Reading
The Crypto-Criminal Bar Brawl

The Crypto-Criminal Bar Brawl

CryptoLocker made it into the scene in 2013 that really opened the age of ransomware on a grand scale. It spread like a wildfire in a form of attachment to spam messages and use RSA public key encryption to seal up users files, and monetizing by decrypting keys. As Avast notes that at its height in...
Continue Reading
Cathay Pacific Hacked! Millions of Passenger Data Exposed

Cathay Pacific Hacked! Millions of Passenger Data Exposed

Hong Kong-based carrier Cathay Pacific has affirmed that it endured an information breach that has bargained 9.4 million travelers’ information. The firm trusts that travelers’ personal data including names, nationality, dates of birth, telephone numbers, email addresses, international ID numbers, character card numbers, regular customer participation numbers, custom administration comments and travel history may have been...
Continue Reading
Critical Vulnerability Crashes Media Streaming Archives

Critical Vulnerability Crashes Media Streaming Archives

A basic remote code-execution bug has been found in the mainstream Live Systems LIVE555‘s spilling media RTSPServer. The powerlessness could enable an aggressor to send an extraordinarily made parcel to helpless frameworks and trigger a stack-based cradle flood, as indicated by cyber security specialists. Initial worries over the bug (CVE-2018-4013) had customer side clients of the...
Continue Reading
Adult Website Hacking Leaks

Adult Website Hacking Leaks 1.2M ‘Wife Lover’ Users

The database housing an erotica site known as “Wife Lovers” has been hacked, grabbing client data secured just by an easy to-split, obsolete hashing method known as the DEScrypt calculation.   Throughout the end of the week, it became visible that Wife Lovers and seven sister websites, all comparably focused to a particular grown-up intrigue (asiansex4u[.]com;...
Continue Reading
Construction Machinery Can Be Hacked? Apparently, YES

Construction Machinery Can Be Hacked? Apparently, YES

The United States Computer Emergency Readiness Team (US-CERT) is instructing a few clients regarding Telecrane development cranes to fix their control frameworks – following the exposure of a security bug that could enable a close-by assailant to remotely capture the gear. The administration security body this week issued a caution on CVE-2018-17935, a security vulnerability in...
Continue Reading
Cobalt Threat Group Dishing Out SpicyOmelette

Cobalt Threat Group Dishing Out SpicyOmelette

Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware – targeting banking and other financial institutions worldwide. Cyber-attacks against banks and its clients alike are spreading and evolving in nature and complexity – it is often financial institutions which bear the burden. Banking customers being deceived by fraudulent schemes or those that become the...
Continue Reading
Cyber Attackers Used NSA Hacking Tools to Penetrate Government Agencies

Cyber Attackers Used NSA Hacking Tools to Penetrate Government Agencies

Cyber scalawags are utilizing a trio of NSA hacking apparatuses, released a year ago by the Shadow Merchants, to taint and keep an eye on PC frameworks utilized in aviation, atomic vitality, and different ventures. This is as indicated by analysts today – they said the American snooping office’s DarkPulsar digital weapon – alongside a couple...
Continue Reading
Emotet Returns with Thanksgiving Theme and Better Phishing Tricks

Emotet Returns with Thanksgiving Theme and Better Phishing Tricks

After a short break, Emotet malware has been watched covered in reports conveyed through messages that pretended to be from financial institutions or masked as Thanksgiving-themed greetings for employees. Toward the beginning of October, Emotet movement dropped off the radar, just to return towards the month’s end with new plugin that exfiltrates email subjects and 16KB...
Continue Reading
Cyber Experts Uncover Triton Malware supported by Kremlin-owned Research Lab

Cyber Experts Uncover Triton Malware supported by Kremlin-owned Research Lab

Triton was found in 2017 and was intended to explicitly target mechanical control frameworks. Triton almost caused a blast at a Saudi petrochemical plant a year ago. Security specialists have found connections between the ground-breaking Triton malware and the Russian government. Triton was found in 2017 and was intended to explicitly target Schneider Electric’s Triconex Safety...
Continue Reading
Cisco WebEx Hacked! Time for another Patch

Cisco WebEx Hacked! Time for another Patch

A very fresh exploitable security bug exists in Cisco Webex Gatherings Work area Application for Windows, and keeping in mind that it’s a benefit acceleration bug one stage underneath “basic”, and sitting beautiful at “high,” CVE-2018-15442 can be remotely manhandled in a few conditions. Cisco depicted the programming screw up along these lines: “The weakness is...
Continue Reading
Fraudulent Retail Activities Spikes Ahead Of the Holiday Season

Fraudulent Retail Activities Spikes Ahead Of the Holiday Season

A gigantic year-over-year increment in retail extortion is spelling terrible news for shops and customers in front of the Christmas season, as indicated by another investigation concentrated on cybercrime in the division. Scientists from IntSights and Riskified joined to dissect danger information from in excess of 20 retailers from Q3 2017 to Q3 2018, and additionally...
Continue Reading
Hernia Institute in California Attacked by Gamma Ransomware – Patient Records Exposed

Hernia Institute in California Attacked by Gamma Ransomware – Patient Records Exposed

The information exposed by the assault incorporates the data of patients who were treated preceding 19th July, 2018. The bargained information incorporates patients’ full names, addresses, dates of birth, social security information, laboratory findings and clinical arrangements. California-based National Ambulatory Hernia Institute was hit by a ransomware assault that traded off an aggregate of 15,974 patient...
Continue Reading
1 14 15 16 17 18 24