The January 2025 Android Security Bulletin has issued important updates regarding critical vulnerabilities that affect Android devices. Users are urged to ensure their devices are updated to the latest security patch level, which as per the bulletin, should be 2025-01-05…
US adds web and gaming giant Tencent to list of Chinese military companies
This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft The US Department of Defense has added Chinese messaging and gaming Tencent to its list of “Chinese military company”, a designation that won’t…
Two Clicks to Chaos: How Double-clickjacking Hands Over Control of Apps without Users Knowing
In our last blog, we discussed how OAuth-based consent phishing attacks have been used to trick users into giving malicious apps the permission to conduct malicious activities via an employee’s account. This attack has been extremely effective due to the…
Eagerbee backdoor targets govt entities and ISPs in the Middle East
Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs)…
Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) Alert
Overview Recently, NSFOCUS CERT detected that the details of Windows LDAP remote code execution vulnerability (CVE-2024-49113) were disclosed. Due to an out-of-bounds read vulnerability in wldap32.dll of Windows LDAP service, an unauthenticated attacker can induce a target server (as an…
What to Do if a Healthcare Database Breach Occurs: A Step-by-Step Guide
Healthcare organizations are prime targets for cybercriminals due to the sensitive and valuable nature of the data they store. Personal health information (PHI) is one of the most sought-after commodities on the dark web. If a healthcare database breach occurs,…
India’s Draft Digital Personal Data Protection Rules
India has unveiled its draft Digital Personal Data Protection Rules, designed to operationalize the Digital Personal Data Protection Act, 2023 (DPDP Act). As the nation strides forward in the digital age, these rules are pivotal in creating a framework that…
INDIA Enacts New Digital Data Protection Rules
INDIA has taken a significant step towards data privacy with the recent enactment of the Digital Personal Data… The post INDIA Enacts New Digital Data Protection Rules appeared first on Hackers Online Club. This article has been indexed from Hackers…
ICAO Investigates Data Breach as Hacker Claims to Sell Sensitive Data gained from Cyber Attack
The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations (UN) headquartered in Canada, has confirmed that its IT team is actively investigating a significant data breach. This breach has led to the unauthorized access and subsequent…
eBay CISO on managing long-term cybersecurity planning and ROI
In this Help Net Security interview, Sean Embry, CISO at eBay, discusses key aspects of cybersecurity leadership. He shares insights on balancing long-term strategic planning with immediate threat response, evaluating the ROI of new technologies, and addressing employee cybersecurity fatigue.…
Making the most of cryptography, now and in the future
Enterprise cryptography faces risks beyond just the advent of quantum computers. For starters, there is no guarantee that the traditional algorithms have not been broken. Though we believe that it is “unlikely” they can be, the reality is that in…
Hackers Compromised Argentina’s Airport Security Payroll System
Hackers have successfully infiltrated Argentina’s Airport Security Police (PSA) payroll system, raising alarms about the safety of sensitive personnel information. This incident has revealed significant vulnerabilities in employee data management, as attackers accessed confidential salary records and tampered with pay…
Greece’s 2024 Cyber Threat Landscape: A Year of Increased and Varied Attacks
The year 2024 proved challenging for cybersecurity in Greece, with a significant surge in the volume and sophistication of cyberattacks. Ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and Advanced Persistent Threats (APTs) all significantly disrupted businesses, government services, and critical infrastructure.…
IT Security News Hourly Summary 2025-01-07 06h : 6 posts
6 posts were published in the last hour 5:3 : Moxa Devices Vulnerable to Cyberattacks, Threatening Industrial Networks 5:3 : When is a RAT, not a RAT? 5:2 : Open source worldwide: Critical maintenance gaps exposed 5:2 : Cyberbro: Open-source…
Moxa Devices Vulnerable to Cyberattacks, Threatening Industrial Networks
Critical vulnerabilities discovered in Moxa’s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks. In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in…
When is a RAT, not a RAT?
Have you heard the story about the RAT that pretended to be a RAT? If not, you’d better sit down for this one. There’s a RAT in my kitchen Last month, a malicious package, ethereumvulncontracthandler, was identified on the npm…
Open source worldwide: Critical maintenance gaps exposed
Lineaje recently released a report identifying the US and Russia as the leading generators of open-source projects, with both countries also having the highest numbers of anonymous open-source contributions. In this Help Net Security video, Nick Mistry, SVP and CISO…
Cyberbro: Open-source tool extracts IoCs and checks their reputation
Cyberbro is an open-source application that extracts IoCs from garbage input and checks their reputation using multiple services. Cyberbro features Input handling: Paste raw logs, IoCs, or fanged IoCs, and let the regex parser do the rest. Multi-service reputation checks:…
PacketCrypt Classic Cryptocurrency Miner on PHP Servers, (Tue, Jan 7th)
The SANS DShield project receives a wide variety of logs submitted by participants of the DShield project. Looking at the ҠURLs page, I observed an interesting URL and dived deeper to investigate. The URL recorded is as follows: This…
How AI and deepfakes are redefining social engineering threats
This article presents key insights from 2024 reports on the rise of phishing attacks, focusing on how advancements in AI and deepfake technology are making social engineering tactics more sophisticated. Cybercriminals exploit file sharing services to advance phishing attacks Examining…
IT Security News Hourly Summary 2025-01-07 03h : 1 posts
1 posts were published in the last hour 1:32 : ISC Stormcast For Tuesday, January 7th, 2025 https://isc.sans.edu/podcastdetail/9268, (Tue, Jan 7th)
ISC Stormcast For Tuesday, January 7th, 2025 https://isc.sans.edu/podcastdetail/9268, (Tue, Jan 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, January 7th, 2025…
IT Security News Hourly Summary 2025-01-07 00h : 3 posts
3 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-01-06 22:32 : Holiday Shopping Meets Cyber Threats: How Source Defense Detected the ESA Store Attack 22:32 : How eBPF is changing appsec | Impart…
IT Security News Daily Summary 2025-01-06
164 posts were published in the last hour 22:32 : Holiday Shopping Meets Cyber Threats: How Source Defense Detected the ESA Store Attack 22:32 : How eBPF is changing appsec | Impart Security 22:4 : New PhishWP Plugin on Russian…