A flaw in the popular TikTok app could allow attackers to hijack any user account just by knowing the mobile number of the victim. Security experts from CheckPoint have discovered a critical vulnerability in the popular TikTok app that could…
Category: Security Affairs
SNAKE Ransomware is targeting business networks
A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi,…
Facebook declares war to Deepfake videos
Monika Bickert, Facebook for global policy management, announced that Facebook will ban deepfake videos and manipulated content. Facebook has announced it will ban deepfake videos, which are media that take a person in an existing image or video and replace…
Medical info of 49,351 patients exposed in Alomere Health hospital breach
Minnesota-based Alomere Health discloses a data leak that exposed personal and medical information of 49,351 patients. Personal and medical information of 49,351 patients of Minnesota-based Alomere Health might have been exposed following the compromise of two employees’ email accounts. Alomere Health is…
MageCart gang compromised popular Focus Camera website
A new MageCart attack made the headlines, this time the gang compromised the website of popular Focus Camera. The Magecart group has compromised the website of the photography and imaging retailer Focus Camera. The hack took place last year, the…
Google blocks Xiaomi integrations on Nest hub over privacy concerns
Google has recently disabled all Xiaomi smart home integrations on Nest Hub after being informed that some users could access other people’s camera feeds. On January 1st, 2020, a Reddit user (‘/u/Dio-V’) posted a discussion revealing that Nest Hub was…
China-based Bronze President APT targets South and East Asia
A cyber-espionage group tracked as Bronze President has been targeting countries in South and East Asia, Secureworks experts warn. Researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a cyber espionage campaign carried out by an APT group tracked as…
Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March
Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android. Maddie Stone published technical…
HappyHotel, popular search engine for love hotels in Japan discloses data breach
HappyHotel, a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December. HappyHotel is a popular Japanese search engine for “love hotels,” it is used by married couples and…
Microsoft report: around 0.08% of RDP brute-force attacks are successful
Microsoft published an interesting analysis of RDP brute-force attacks that targeted the 45,000 have analyzed in months of study. Researchers from Microsoft have analyzed several months’ worth of data to investigate RDP brute force attacks occurring across Microsoft Defender ATP…
DHS warns of Iran-linked attacks in a National Terrorism Advisory System bulletin
The U.S. Department of Homeland Security (DHS) has issued warnings about the possibility of cyber-attacks launched by Iran-linked hackers. The U.S. Department of Homeland Security (DHS) has issued warnings about the possibility of cyber-attacks launched by Iran-linked threat actors. The…
School software provider Active Network discloses data breach
The US-based School management software provider Active Network disclosed a severe security breach last week. Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach. The hackers…
Austria’s foreign ministry is facing a ‘serious cyberattack’
Austria’s foreign ministry announced it was facing a “serious cyberattack” and that it could be the work of a nation-state actor. Austria’s foreign ministry was the victim of a cyber-attack that is suspected to have been conducted by a foreign…
California IT service provider Synoptek pays ransom after Sodinokibi attack
Synoptek, A California-based IT service provider decided to pay the ransom to decrypt its files after being infected with the Sodinokibi ransomware. Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files…
Federal Depository Library Program Govn agency breached by Iranian hackers
A group of alleged Iranian hackers claims to have breached the website of a US government agency, Federal Depository Library Program, on Saturday after the killing of Qasem Soleimani. A group of Iranian hackers claims to have breached the website…
DeathRansom ransomware evolves encrypting files, but experts identified its author
DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement…
U.S. CISA Agency warns of possible cyber attacks from Iran
US Government fears a new wave of cyber attacks from Iran as retaliation for the airstrike that killed Maj. Gen. Qassim Suleimani at the Baghdad airport in Iraq. Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA) warned of a…
BusKill, a $20 USB Dead Man’s Switch for Linux Laptop
‘BusKill‘ is a cheap kill cord Dead Man Switch to trigger the machine to self-destruct in case the laptop is stolen, it was designed by the software engineer Michael Altfield. The idea is very simple, the BusKill cable connects a Linux…
Facebook fined $1.65 by Brazil Governenment over Cambridge Analytica
Early this week, Brazil fined Facebook $1.65 million for improperly sharing users’ data in a case linked to the Cambridge Analytica privacy scandal. Brazil fined Facebook $1.65 million for improperly sharing users’ data in a case linked to the Cambridge…
Cisco Talos discovered 2 critical flaws in the popular OpenCV library
Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. OpenCV…
US Army banned the popular TikTok app over China security concerns
The U.S. Army this week has banned the popular TikTok app from government mobile amid fear of China-linked cyberespionage. The US Army has banned the use of the popular TikTok app on mobile phones used by its personnel for security…
Travelex currency exchange suspends services after malware attack
The Travelex currency exchange has been forced offline following a malware attack launched on New Year’s Eve. This week, the UK-based currency exchange Travelex announced that it has shut down its services as a “precautionary measure” following a malware attack.…
Cisco addresses several flaws in its DCNM product
Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues. Cisco has released software updates that address several critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) product.…
Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers
Experts disclosed PoC exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. Security researchers Miguel Méndez Zúñiga and Pablo Pollanco from Telefónica Chile recently published Proof-of-concept (PoC) exploits for remote command execution and information disclosure vulnerabilities…
US restaurant chain Landry’s discloses payment card breach
The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems. The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems…
Poloniex forces password reset following a data leak
The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a…
Crooks use Star Wars saga as bait in Phishing and malware attacks
Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full…
Watch out, sextortion scammers are using a new tactic
Sextortion cybercrimes continue to threaten Internet users, scammers are using new tactics to bypass spam filters and secure email gateways. Sextortion scams continue to evolve to bypass security measures such as spam filters and secure email gateways. Sextortion messages threaten…
Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords
Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto, discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys.…
Mariah Carey ‘s Twitter Hacked on New Year’s Eve
Another celebrity was the victim of the hackers, Mariah Carey ‘s Twitter account appears to have been hacked on New Year’s Eve. The Twitter account of Mariah Carey was hacked on New Year’s Eve, attackers posted a series of offensive,…
Irish National Cyber Security Strategy warns of attacks on Irish data centres
The Irish government has published its National Cyber Security Strategy, it is an update of the country’s first Strategy which was published in 2015. The 2019 National Cyber Security Strategy aims to allow Ireland to continue to safely enjoy the…
Expert finds Starbucks API Key exposed online
Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used…