An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative...
Read More
Description: Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.facebook.com/security/advisories/cve-2019-3568
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few “selected” smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices. According to...
Read More
“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site. We want to update you on what we’ve learned from our ongoing investigation, including which Hub accounts are impacted, and what actions users should take. Here is what we’ve learned: During a brief...
Read More
The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers. Since it first came out, samples of the RobbinHood ransomware have not been easy to come...
Read More
Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the users. The databases also contain internal data, such as the type of...
Read More
Microsoft announced the configuration baseline settings draft release for Windows 10 v1903 (19H1) and Windows Server v1903, as well as the intention to drop password expiration policies starting with the Windows 10 May 2019 Update. Once removed, the preset password expiration settings should be replaced by organizations with more modern and better password-security practices such as multi-factor authentication, detection of password-guessing attacks, detection of anomalous log on attempts, and...
Read More
Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service’s free repositories to deliver them to their targets via github.io domains. This technique allows crooks to take advantage of the GitHub Pages service to bypass both whitelists and network defenses, just like the “use of large consumer cloud storage sites, social networking, and commerce services such as Dropbox, Google Drive, Paypal,...
Read More
Security researchers have discovered the full source code of the Carbanak malware—yes, this time it’s for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks against banks, financial institutions, hospitals, and restaurants. In July last year, there was a rumor that the source code of Carbanak was leaked to the...
Read More
An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the oldest and leading local search engine...
Read More
