Category Archives: Hacking News

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X

Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims' iPhoneX running iOS 12.1.2 and before versions. To do so, all an attacker needs to

Adobe Released Another Patch – This Time For Adobe Experience Manager

This month, Adobe released patches for various products multiple times. However, it seems the vulnerabilities continue to appear in Adobe

Adobe Released Another Patch – This Time For Adobe Experience Manager on Latest Hacking News.

Someone Hacked PHP PEAR Site and Replaced the Official Package Manager

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file

First Large GDPR Fine issued and its to Google for €50 million

Every member state, organisation and almost every individual have been watching supervisory authorities closely to see if and who will

First Large GDPR Fine issued and its to Google for €50 million on Latest Hacking News.

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a

Online Casino Group Leaked Information of Over 108 Million Bets and User Data

Security researcher Justine Paine discovered a data leak this week from an ElasticSearch server. The leak involved over 108 million bets

Online Casino Group Leaked Information of Over 108 Million Bets and User Data on Latest Hacking News.

ThreadX WiFi Firmware Vulnerability Affects Smartphones, Laptops, Gaming Devices, and Routers

A researcher has found several security vulnerabilities in ThreadX WiFi firmware. He discovered these vulnerabilities in the firmware running on

ThreadX WiFi Firmware Vulnerability Affects Smartphones, Laptops, Gaming Devices, and Routers on Latest Hacking News.

Unauthorised Remote Access Vulnerability Discovered on Cisco Small Business Switches

Businesses using Cisco Small Business 200 Series Smart Switches; CSB 300 Series Managed Switches;  Cisco 250 Series Smart Switches; CSB

Unauthorised Remote Access Vulnerability Discovered on Cisco Small Business Switches on Latest Hacking News.

Vulnerability In Telegram Bot API Encryption Allows Access To Messages

Researchers have discovered a serious security vulnerability in the popular messaging Telegram. The vulnerability mainly exists in the Telegram Bot

Vulnerability In Telegram Bot API Encryption Allows Access To Messages on Latest Hacking News.

Latest Hacking News Podcast #206

Google fined $57 million by France for GDPR violations, WPML Wordpress Plug-in developer's site hacked by ex-employee, and a Windows Zero-Day gets a micropodcast on episode 206 of our daily cybersecurity podcast.

Latest Hacking News Podcast #206 on Latest Hacking News.

ES File Explorer Vulnerability Exposed Files Saved On a Victim Android Phone

Researchers have spotted a vulnerability in the popular file manager among Android users, ES File Explorer. The vulnerability could allow

ES File Explorer Vulnerability Exposed Files Saved On a Victim Android Phone on Latest Hacking News.

Ex-employee of WP MultiLingual’s (WPML) Leaks Customer Data Then Defaces Their Website

A former employee of WP MultiLingual’s (WPML) claimed he exploited vulnerabilities over the weekend. The ex-employee sent out mass emails to

Ex-employee of WP MultiLingual’s (WPML) Leaks Customer Data Then Defaces Their Website on Latest Hacking News.

New malware found using Google Drive as its command-and-control server

Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (

Active Exploits Of ThinkPHP Vulnerability Found Even After Patch

In December 2018, we witnessed active exploits of a ThinkPHP vulnerability. After the discoverers of this flaw posted its PoC,

Active Exploits Of ThinkPHP Vulnerability Found Even After Patch on Latest Hacking News.

Data breach following vulnerabilities in RupeeReedee’s data stack on Amazon

“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data

Data breach following vulnerabilities in RupeeReedee’s data stack on Amazon on Latest Hacking News.

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York. Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was

Latest Hacking News Podcast #205: Interview with Noam Kehati of Sixgill

Noam Kehati, Cyber Intelligence Analyst at Sixgill, talks about interesting conversations she's had with cybercriminals on the dark web as well as Sixgills research into dark web criminal activity.

Latest Hacking News Podcast #205: Interview with Noam Kehati of Sixgill on Latest Hacking News.

Oklahoma Department of Securities Breached

The Oklahoma Department of Securities is the latest governmental body to report a breach. This time over a million files

Oklahoma Department of Securities Breached on Latest Hacking News.

Bank Bot Anubis Found Again in Google Play Store

The BankBot trojan, Anubis has once again affected users of the Google Play Store. This occurred when users downloaded a battery power saving app,

Bank Bot Anubis Found Again in Google Play Store on Latest Hacking News.

Twitter Android App Bug Revealed Private Tweets Spanning Five Years

Social media giant Twitter has just announced a bug fix that has been affecting users of its Android App. However,

Twitter Android App Bug Revealed Private Tweets Spanning Five Years on Latest Hacking News.

North Korean hackers get access to Chile’s ATM after employee falls for fake job interview over Skype

Employee tricked into giving North Korean hackers access to Chile’s ATM over fake Skype job interview

North Korean hackers fooled a Redbanc employee into a fake job interview over Skype and then tricked him into downloading malware onto his work computer to get access to the company’s interbank network, according to a report by Chilean news site trendTIC.

For those unaware, Redbanc is an interbank network in Chile that connects the ATMs of all the banks in Chile.

It all began when the Redbanc employee in question responded to a developer job advertisement on the job website, LinkedIn. When the Redbanc professional clicked to apply for the position, he was contacted by the hackers for an interview, which they conducted in Spanish via a Skype call.

During the interview, the employee was asked to download, install, and run a program named ApplicationPDF.exe on the computer. He was told that it was a part of the recruitment process and would generate a standard application form online in PDF format.

However, the program instead installed malware on the computer, which in turn allowed hackers to gain access to the employee’s work computer username, hardware and OS, and proxy settings. This information was later used to deliver a second-stage payload to the device.

Although this attack took place in December last year, it was only made public after Chilean Senator Felipe Harboe used Twitter to accuse Redbanc of not disclosing the breach in time.

In a statement, the company says “the event had no impact on our operations, keeping our services running smoothly”.

Security company Flashpoint linked the malware strain to PowerRatankba, a malware toolkit that was previously used by North Korea-affiliated hacker group Lazarus. This hacking group which is behind the infamous Sony hack in 2014, have also been accused of attempting to steal money from Banco de Chile last year.

The post North Korean hackers get access to Chile’s ATM after employee falls for fake job interview over Skype appeared first on TechWorm.

New Android Malware Apps Use Motion Sensor to Evade Detection

Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have

Hackers Exploit Chile’s ATM Network Under The Guise of a Skype Job Interview

Lazarus, a network of hackers who target financial organizations, has recently been identified as the prime suspect with regards to

Hackers Exploit Chile’s ATM Network Under The Guise of a Skype Job Interview on Latest Hacking News.

Latest Hacking News Podcast #204

Twitter bug exposed protected tweets of some Android users, ES File Explorer potentially exposes data of 100 million users, and Microsoft launched Azure DevOps bug bounty program on episode 204 of our daily cybersecurity podcast.

Latest Hacking News Podcast #204 on Latest Hacking News.

VOIPO Data Leak – Unprotected Server Left Calls Logs/SMS Exposed

Despite several incidents of data exposure from unprotected servers, many firms still seem complacent towards database protection. Once again, an

VOIPO Data Leak – Unprotected Server Left Calls Logs/SMS Exposed on Latest Hacking News.

NanoCore Trojan Malware Cannot be Killed By Users

Most people are now familiar with how destructive and damaging computer viruses such as a Trojan can be. Many are

NanoCore Trojan Malware Cannot be Killed By Users on Latest Hacking News.

Barracuda Boosts Total Email Protection With Forensics And Incident Response.

Barracuda, the trusted partner and leading provider for cloud-enabled security solutions, today announced the introduction of Forensics and Incident Response. Available to Barracuda Total Email Protection customers as a value-add, the solution automates incident response and provides remediation options, helping organizations address issues faster, more efficiently, and more effectively.

Attackers often attempt to bypass traditional email security measures by using social engineering tactics — emails that contain no malicious code, attachments, or links, or accounts — or by trying to reuse credentials stolen in an outside data breach or compromised through another threat vector. When an attack like this does slip through an organization’s defenses, administrators need to response quickly.

With Forensics and Incident Response, when users report targeted attacks, administrators can investigate the attacks, find all the affected users, remove malicious emails directly from users’ inboxes, and send alerts to users impacted by an incident with just a few clicks. Plus, discovery and threat insights provided by the platform help identify anomalies in delivered email, giving customers and channel partners more proactive ways to detect email threats.

“Today when security teams learn about email-borne attacks, for most companies, security incident response is a time-consuming, manual process that can take hours or days, which can often lead to further spread of an attack,” said Asaf Cidon, VP of Content Security, Barracuda. “Forensics and Incident Response addresses these problems by arming businesses with the tools and insights they need to handle incidents in a faster, more proactive, and ultimately more effective way that takes minutes instead of hours or days.”

Wilbur-Ellis, a leading global agribusiness company, deployed Forensics and Incident Response to strengthen email security, and their IT team is already seeing the benefits. Before introducing the solution, the IT team at Wilbur-Ellis relied on users to report email attacks that may have slipped past email security. Each day users reported a few attacks, most of which relied on social engineering tactics, and for every one of those attacks the team had to search through tens of thousands of emails to see if any of their 4,000 other users had gotten the same message.

“Barracuda Forensics and Incident Response allows us to find the emails that slip through the filters and remove them as needed,” said Rick Cahoon, Director of Enterprise Security and Support at Wilbur-Ellis. “Knowing who got the bad email in our enterprise is now all in the same tool, and remediation is just a couple clicks.”

Learn more about Forensics and Incident Response, now available with Barracuda Total Email Protection: URL TK

The post Barracuda Boosts Total Email Protection With Forensics And Incident Response. appeared first on IT Security Guru.

WhatsApp – Are You Getting Someone Elses Messages?

WhatsApp is one of the biggest message platforms in the world. It has always prided itself on being reliable and

WhatsApp – Are You Getting Someone Elses Messages? on Latest Hacking News.

Watch as hackers take over a construction crane

By Waqas

Trend Micro Researchers Prove How Easy it is Hackers to Hack a Construction Crane and Cause Destruction. Hacking a crane at a construction site might seem to you like an impossible act from cybercriminals. It just appears so unbelievable. After all, what would they get by hacking a crane? However, researchers at Trend Micro, a […]

This is a post from HackRead.com Read the original post: Watch as hackers take over a construction crane

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

Hackers infect e-commerce sites by compromising their advertising partner

Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as "Magecart Group 12," recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles. Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud

Cryptopia cryptocurrency exchange hacked; suffers “significant losses”

By Waqas

Cryptopia, a New Zealand based cryptocurrency exchange has undercome a cyber attack leading to “significant losses.” The incident took place on January 14 and upon detecting the attack Cryptopia was forced to halt services by taking their website and exchange offline. Initially, on its Twitter account, Cryptopia claimed that the website has been taken down for “unscheduled maintenance” and displayed a […]

This is a post from HackRead.com Read the original post: Cryptopia cryptocurrency exchange hacked; suffers “significant losses”

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online filing system wherein companies submit their financial filings. The system processes around 1.7

How to Secure Your Mid-Size Organization From the Next Cyber Attack

If you are responsible for the cybersecurity of a medium-sized company, you may assume your organization is too small to be targeted. Well, think again. While the major headlines tend to focus on large enterprises getting breached – such as Sony, Equifax, or Target the actual reality is that small and mid-sized companies are experiencing similar threats. According to Verizon’s 2018 Data

Unpatched vCard Flaw Could Let Attackers Hack Your Windows PCs

A zero-day vulnerability has been discovered and reported in the Microsoft's Windows operating system that, under a certain scenario, could allow a remote attacker to execute arbitrary code on Windows machine. Discovered by security researcher John Page (@hyp3rlinx), the vulnerability was reported to the Microsoft security team through Trend Micro's Zero Day Initiative (ZDI) Program over 6

Does WhatsApp Have A Privacy Bug That Could Expose Your Messages?

In-short conclusion—Whatsapp service or its 45-days deletion policy doesn't seem to have a bug. For detailed logical explanation, please read below. An Amazon employee earlier today tweeted details about an incident that many suggest could be a sign of a huge privacy bug in the most popular end-to-end encrypted Whatsapp messaging app that could expose some of your secret messages under

DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years

A simple DDoS attack could land you in jail for 10 years or even more. A Massachusetts man has been sentenced to over 10 years in prison for launching DDoS attacks against the computer network of two healthcare organizations in 2014 to protest the treatment of a teenager at the centers. Beyond serving 121 months in prison, Martin Gottesfeld, 34, was also ordered by U.S. District Judge

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection

Get 10 Popular Books To Learn Advanced Hacking [2018 Bundle]

It should come as no surprise that cybersecurity is one of the most important and lucrative fields in the world right now, and it’s becoming more important every day—thanks to a growing number of cyber attacks that are targeting everything from individuals and startups to Fortune 500 companies and entire government agencies. So it should also come as no surprise that demand for talented and