North Korean hackers abuse legitimate security software and stolen digital certificates to target Internet users in South Korea with RAT malware.
Details: https://thehackernews.com/2020/11/trojanized-security-software-hits-south.html
Details: https://thehackernews.com/2020/11/trojanized-security-software-hits-south.html
Researcher publicly revealed PoCs for as many as 12 Pre-Auth RCE vulnerabilities affecting #Cisco Security Manager (CSM)—a week after company quietly released an updated version without disclosing any of them.
Details: https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html
Details: https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018.
Read details: https://thehackernews.com/2020/11/chinese-apt-hackers-target-southeast.html
Read details: https://thehackernews.com/2020/11/chinese-apt-hackers-target-southeast.html
The Hacker News
Chinese APT Hackers Target Southeast Asian Government Institutions
Chinese APT Hacking Group Found Targeting Southeast Asian Government Institutions
A new feature in macOS Big Sur allows Apple's own apps to bypass firewalls and VPNs—potentially letting malware also exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers.
Read: https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html
Read: https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html
Wanna learn how to hack Bluetooth devices?
Try BLE HackMe, a free tool for Windows 10 that simulates various BLE devices without the need for any dedicated hardware and offers various hands-on hacking challenges for practice.
http://smartlockpicking.com/ble_hackme/
Try BLE HackMe, a free tool for Windows 10 that simulates various BLE devices without the need for any dedicated hardware and offers various hands-on hacking challenges for practice.
http://smartlockpicking.com/ble_hackme/
Smartlockpicking
Bluetooth Low Energy HackMe: the best way to learn BLE security basics while having fun!
Bluetooth Low Energy HackMe is is a free, open source tool: hands-on practical introduction to BLE security - without the need of any special hardware. Application simulates various BLE devices using your laptop's built-in Bluetooth adapter. You can actively…
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP stack could open up the Industrial Control Systems (ICS) to remote cyberattacks.
Read details: https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html
Read details: https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html
WARNING — Don't Share images, videos, or voice messages over the "GO SMS Pro" app.
With over 100 MILLION installs, the popular messaging app contains an UNPATCHED flaw that could let anyone access any media file transferred b/w users.
Details: https://thehackernews.com/2020/11/warning-unpatched-bug-in-go-sms-pro-app.html
With over 100 MILLION installs, the popular messaging app contains an UNPATCHED flaw that could let anyone access any media file transferred b/w users.
Details: https://thehackernews.com/2020/11/warning-unpatched-bug-in-go-sms-pro-app.html
🔥 A Critical Bug in Facebook Messenger App for Android Could've Let Hackers Listen to the Person You Are Calling Before Even They Pick Up.
Read details: https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html
Read details: https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html
🔥 WARNING —— A critical UNPATCHED command injection vulnerability (CVE-2020-4006 / CVSSv3 9.1) affects multiple VMware products, allowing attackers to take control of vulnerable corporates systems.
Details: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html
Details: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html
BEWARE! Stantinko adware and coin-mining botnet is now targeting Linux servers with a new version of PROXY malware to fly under the radar.
Read details: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html
Read details: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html
Two highly popular Android apps from Chinese tech giant Baidu—Maps and Search Box—have been caught collecting sensitive user details, leaving millions of users trackable online.
Read more: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html
Read more: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html
A new two-factor authentication (2FA) bypass flaw reported in cPanel and WHM—popular web hosting administrative software.
Details: https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html
Details: https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html
Interpol arrests 3 Nigerian BEC scammers for compromising over 500,000 government and private sector companies in more than 150 countries.
Read details: https://thehackernews.com/2020/11/interpol-arrest-3-nigerian-bec-scammers.html
Read details: https://thehackernews.com/2020/11/interpol-arrest-3-nigerian-bec-scammers.html
The Hacker News
Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities
Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities
A new version of digitally-signed Bandook Trojan spotted in the wild, once again aiming at high-value targets across multiple sectors, including government, financial, energy, food industry, healthcare, education, IT, and legal institutions.
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html
Limited Time DEAL 🔥
Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF
Details: https://thehackernews.com/2020/11/become-white-hat-hacker-get-10-top.html
Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF
Details: https://thehackernews.com/2020/11/become-white-hat-hacker-get-10-top.html
Indian national gets 20 years in the United States prison for operating fake Call Centers that defrauded U.S. victims out of MILLIONS of dollars.
Read details: https://thehackernews.com/2020/11/indian-national-gets-20-year-jail-in.html
He is also ordered to pay restitution of $8,970,396 to identified victims.
Read details: https://thehackernews.com/2020/11/indian-national-gets-20-year-jail-in.html
He is also ordered to pay restitution of $8,970,396 to identified victims.
Microsoft spotted nation-state hackers leveraging cryptocurrency miners to stay under the radar and hide their cyber-espionage activities against private and government institutions in #France and Vietnam.
Details: https://thehackernews.com/2020/12/nation-state-hackers-caught-hiding.html
Details: https://thehackernews.com/2020/12/nation-state-hackers-caught-hiding.html
Interestingly, GO SMS Pro messaging app developers tried quietly fixing publicly disclosed #vulnerability with incomplete patches and yet again failed to protect millions of its users' sensitive data.
Details: https://thehackernews.com/2020/12/incomplete-go-sms-pro-patch-left.html
Details: https://thehackernews.com/2020/12/incomplete-go-sms-pro-patch-left.html
🔥 Google researcher demonstrates zer0-click Wi-Fi-based "wormable" iOS bug (CVE-2020-9844) that could have let remote attackers gain complete control over targeted iPhones.
https://thehackernews.com/2020/12/google-hacker-details-zero-click.html
https://thehackernews.com/2020/12/google-hacker-details-zero-click.html
⚠️ WARNING: Multiple botnet malware have been found exploiting a critical Oracle WebLogic bug to deploy crypto miners on thousands of unpatched servers, as well as stealing sensitive data.
Read — https://thehackernews.com/2020/12/multiple-botnets-exploiting-critical.html
Read — https://thehackernews.com/2020/12/multiple-botnets-exploiting-critical.html
Researchers today took the wraps off a previously undocumented Russian APT Turla backdoor, dubbed "Crutch," that was deployed against governments, embassies, and military targets from 2015 to early 2020.
Read details: https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html
Read details: https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html