#Trusted Cybersecurity News Platform
Follow us
Subscribe to Newsletter
US Cyber Command spots another 20 malware strains targeting Ukraine

US Cyber Command spots another 20 malware strains targeting Ukraine

July 22, 2022 Cyber Security / Hacking and Security
US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months. In an alert this week, the Pentagon's cyberspace wing made public indicators of compromise (IOC) associated with various malware strains that were found in Ukrainian networks by the country's security service. "Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them," US Cyber Command said in a statement on Wednesday. The Feds' alert comes as multiple private security researchers this week issued their own threat research related to the Russian invasion.  Meanwhile, we're also told that Cisco Talos' security researchers in March discovered a "fairly uncommon" type of malware targeting a "large software development company" whose software is used by several Ukrainian state
This Malicious Campaign Targets ICS Systems With Password-Cracking Tools To Create Botnets

This Malicious Campaign Targets ICS Systems With Password-Cracking Tools To Create Botnets

July 21, 2022 Cyber Attack / Cyber Security
Researchers discovered a malicious campaign against ICS systems to create botnets. This relatively small-scale campaign infects industrial systems with password-cracking tools. Malicious Campaign targeting ICS Systems To Create Botnets According to the details shared via a recent post, researchers from the cybersecurity firm Dragos have caught a severe malware campaign targeting industrial control systems. As observed, this malicious campaign targets ICS systems with password cracking tools for programmable logic controllers (PLCs). The threat actors advertise these tools on various platforms, claiming to unlock PLC and HMI terminals from multiple brands. The targets include Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor, Panasonic, LG, and more.  In the campaign that the researchers analyzed, they noticed that the advertised password-cracking tool didn’t actually crack anything. Instead, it recovered the password by exploiting a system vulnerabi
Tor Browser 11.5 Arrives With Multiple Feature Upgrades Attribution

Tor Browser 11.5 Arrives With Multiple Feature Upgrades Attribution

July 21, 2022 Cyber Security / Hacking and Security
The popular privacy browser Tor has recently rolled out its latest 11.5 browser version for the users. This new version brings numerous feature upgrades, including automatic censorship detection and bypass, redesigned settings, HTTPS-only by default, and more. Tor Browser 11.5 Updates   Announcing the updates in a post, The Tor Project officials have shared details about the new Tor browser version 11.5. As elaborated, the latest browser version will have the following new features. Automatic censorship detection and bypass  The most exciting feature of the latest Tor 11.5 browser version is the automatic censorship detection. This process previously obliged users to meddle with the settings and apply bridge to unblock Tor. Now, the browser eases the hassle for the users by introducing a dedicated “Connection Assist” feature. This option will automatically apply the best bridge configuration based on the user’s location. HTTPS-only by default  Tor browser previously came with a built-i
Hacker Targeting Industrial Control Systems

Hacker Targeting Industrial Control Systems

July 20, 2022 Hacking and Security / Malware
A threat actor has been spotted targeting Industrial Control Systems (ICS) to create a botnet network. The attacker is doing so by promoting password-cracking software for PLCs and HMIs via multiple social media accounts. What's happening in the campaign? The campaign offers to unlock PLC and HMI terminals from Automation Direct, Siemens, Fuji Electric, Mitsubishi, Weintek, ABB, and more. Researchers at Dragos have examined one specific incident affecting DirectLogic PLCs from Automation Direct, in which the infected software—not a crack—abused a known vulnerability in the device to steal the password. The exploit (CVE-2022-2003) used by the malicious program was only limited to serial-only communications. This requires a direct serial connection from an Engineering Workstation (EWS) to the PLC. In the background, the tool drops a malware that creates a peer-to-peer botnet for different tasks, named Sality. Let's talk about Sality Sality is an old malware that requires a distri
Another day, another crypto heist: Hacker steals $100 million from Harmony blockchain bridge

Another day, another crypto heist: Hacker steals $100 million from Harmony blockchain bridge

June 26, 2022 Hacking and Security / Tech
$100 million. That's the latest haul from yet another successful crypto heist carried out by hackers finding a weakness to exploit. Harmony, a blockchain bridge that helps facilitate transfers between different cryptocurrency tokens, recently  announced  that $100 million in cryptocurrency was stolen from its Horizon bridge on Thursday morning. In a blog  post  detailing the events, Harmony explained that its Horizon Ethereum Bridge fell victim to a "malicious attack." "Multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge," reads Harmony's statement. Blockchain analytics firm Elliptic told  Techcrunch  that a number of different cryptocurrency tokens were stolen as a result of the compromised bridge. According to Elliptic, Ethereum, Binance Coin, Tether, USD Coin and Dai were all part of the hackers' haul. The stolen tokens have already been converted to Ethereum by the hacker via cryp
Google: 2FA prevented 50 percent of hacked accounts

Google: 2FA prevented 50 percent of hacked accounts

February 20, 2022 Hacking and Security
Two-factor authentication (or 2FA) is quickly becoming a must-have for both individual and corporate users. The verification method adds a significant layer of security for any online account. However, though 2FA creates security, one can also see how it adds some extra, potentially hassling steps for anyone who just wants to get into their accounts quickly. If you follow that line of thinking, you might be wondering if the additional security outweighs the hassle of whipping out your phone every single time. Well, according to Google , it’s totally worth it. Last year, the company automatically applied two-factor authentication to some users, starting a push to eventually get everyone into the security measure. The initiative is reportedly paying off. Google has recently revealed that 2FA has decreased compromised accounts by a whopping 50 percent. It’s a proof of concept for the company. Google is additionally promising that the authentication measure’s rollout will continue this yea
Joker Malware Detected: Delete These Android Apps Right Now

Joker Malware Detected: Delete These Android Apps Right Now

December 21, 2021 Android / Apps
Joker Malware is back on Google Play Store apps. Pradeo, a mobile security firm, has been notified about the new strain of Joker malware infecting Android apps. The malware has infected 15 popular apps on Google Play Store. Last year, this malware created a huge mobile security risk as it infected legal apps on the play store. Despite Google’s involvement, the malware is successfully back with small changes in the codes. This malware was first discovered in 2017, and it’s a huge challenge for Google to handle it. Color Message Android App Has More Than 500,000 Downloads The analyst at Cybersecurity firm Kaspersky, Tatyana Shishkova, found the Joker malware on at least 14 Android apps. The infamous malware has been found on the popular app called Color Message . The app has been downloaded by more than five lakh users from Play Store. A Color Message app makes your SMS texting funnier with the new emojis. However, the team of researchers from the firm Pradeo found that the app is infect
Hackers Attacked 1.6 Million WordPress Sites Via Four Different Vulnerable Plugins Attribution link

Hackers Attacked 1.6 Million WordPress Sites Via Four Different Vulnerable Plugins Attribution link

December 15, 2021 Hacking and Security / Vulnerabilities
Huge Wave Of Attacks On WordPress Sites Via Vulnerable Plugins Wordfence has recently spotted a “drastic uptick in attacks” on WordPress websites. Investigating the matter allowed them to locate a colossal campaign of cyber-attacks going on via vulnerable plugins. As elaborated in their post, the hackers exploited four different vulnerable plugins to target 1.6 million websites over a period of 36 hours. The researchers spotted the campaign as they blocked 13.7 million such attempts. These attacks originated from more than 16,000 IP addresses. Whereas, the attackers targeted multiple Epsilon Framework themes along with the four plugins to execute the attacks. Specifically, the attackers abused Unauthenticated Arbitrary Options Update bugs in the plugins that include Kiwi Social Share, WordPress Automatic, Pinterest Automatic, and PublishPress Capabilities. Whereas for the Epsilon Framework themes, they targeted the Function Injection vulnerability. Wordfence noticed a sudden spike in t
How Extended Security Posture Management Optimizes Your Security Stack

How Extended Security Posture Management Optimizes Your Security Stack

December 15, 2021 Hacking and Security / How to
As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in a position to check it including, against the latest emerging threats. Yet, the bulk of cybersecurity is focused on defensive tools. The combination of the rapid evolution of technology and the multiplication of technology layers, combined with the professionalization of the threat landscape, has led to a profusion of cybersecurity tools tackling different security aspects. Checking the cybersecurity solution stack efficiency is typically done through pen-testing or, more recently, through red teaming – an exercise aimed to map possible loopholes that would lead to a data breach.
10 Ways To Protect Yourself From Online Scams

10 Ways To Protect Yourself From Online Scams

November 28, 2021 Hacking and Security / Tech
Whether working from home or interacting remotely with family and friends, it’s essential to safeguard your online personal and sensitive details. Hackers are taking advantage of the pandemic and have expanded the use of various scams such as phishing, malware, and suspicious institutions. With the increase of social media sites and platforms, consumers make more excellent personal information accessible to the online world and find it incredibly hard to protect critical data. Fortunately, there are several methods to protect your online identity and personal details. You can help safeguard yourself online by using strong passwords, avoiding malicious links, backing up your data, and much more. Here are our ten most important recommendations for staying safe online. {jistoc} $title={Table of Contents} 1.  Create  Strong Passwords The most popular method for protecting your online identity is to focus on constructing solid passwords. When constructing a password, use something that cann
Two Indian Government Websites Have Been Hacked, Revealing Security Flaws

Two Indian Government Websites Have Been Hacked, Revealing Security Flaws

August 26, 2021 Hacking and Security
Recently, two Indian Government websites have been hacked. These websites have been defaced and are having some vulnerabilities. The 2 subdomains that have been hacked belong to the National Council of Science Museum (NCSM) and the Indian Council Of Agricultural Research (ICAR). The issue has been reported by Sourajeet Majumder (@TechCrucio) on Twitter. He on his Twitter handle has reported that threat actors have defaced 2 subdomains – Innovationhub and Sugarcane.  It’s been more than 12 hours but the defaced pages are still on the portals and vulnerabilities is yet to fix http://innovationhub.ncsm.gov.in/index.php/view-event/ https://sugarcane.icar.gov.in/images/vuln.txt When visiting the Sugarcane website, it says a weird message- ‘ Vuln! patch it Now! ‘, and when visiting the Innovationhub website it shows a GIF with a message – (laZy hAcker kill me ;).
Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

August 21, 2021 Cloudflare / Hacking and Security
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company  noted , at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks. $ads={1} Volumetric DDoS attacks are designed to target a specific network with an intention to overwhelm its bandwidth capacity and often utilize reflective amplification techniques to scale their attack and cause as much operational disruption as possible. They also typically originate from a network of malware-infected systems — consisting of computers, servers, and IoT devices — enabling threat ac
Kali Linux Version 2021.1 Download With More Hacking Tools

Kali Linux Version 2021.1 Download With More Hacking Tools

March 03, 2021 Hacking and Security / Linux
Kali Linux’s guardian, Offensive Security has released the first update of Kali Linux this year, version 2021.1.  This updated OS has many new features which are both interesting and highly helpful, also made improvements to existing ones. These include Linux 5.10 LTS, Xfce 4.16, KDE Plasma 5.20, and a feature to correct and suggest relevant commands. Kali Linux v2021.1 Released – Download Right Now Just as every year, Offensive Security has  rolled out the updated version of Kali Linux , which is both the developer’s and hacker’s basic and initial utility tool. The new version includes many tools to help you out with the commands and also improved existing ones to perform better. This includes updating the Linux kernel to version 5.10 LTS. Also, the desktop environments like KDE Plasma and Xfce have been updated to version 5.20 and version 4.16 respectively. These have reflected significantly too as if you can observe with the GTK3 theme in Xfce 4.16, which has been tweaked t