Most Nuclear Facilities Have Not Been Se...

A new analysis shows that there is hardly any security to help protect nuclear facilities against cyberattacks. The third edition of the Nuclear Threat Initiative’s (NIT) Nuclear Security Index has claimed that nearly half the countries they assessed do not have any security mechanisms to protect nuclear facilities from attacks. The maximum score for cybersecurity was achieved only by 9 of the 24 countries with ‘weapons-usable nuclear materials’ suggesting that many have not understood the depth of the threat. The countries that were lacking of security included...

Hot Potato Breaking Multiple Windows Ver...

This is especially for the Windows users. With the combination of three types of attacks, the exploit, named Hot Potato was created. This is a way to break into almost all of Microsoft’s recent versions of Windows. All these security flaws have been left unpatched by Microsoft because apparently it could have broken the compatibility among different versions of their operating systems. The three security problems that form the Hot Potato exploit are a local NBNS (NetBIOS Name Service) spoofing technique that’s 100% effective, another security hole that allows...

Remote Access Trojans (RAT) Used Against...

Small businesses in India, UK and US have been hit with two types of remote access Trojans (RATs) since early 2015. The target has been employees responsible for accounts and fund transfers. The attackers only use a few resources and mostly use social engineering techniques rather than exploits. The publicly available RATs Backdoor.Breut and Trojan.Nancrat with multipurpose capabilities was used for these attacks. Even with these few resources, the attackers have managed to get control and steal money. For most of 2015, the targets were mainly located in India, while some...

Did You Come Across the Rogue Google Ext...

  The security firm Malwarebytes has discovered a rogue Google extension called iCalc which was tricking users through a malvertising campaign. It grants invasive permissions and let the app spy on user activity. It guises itself as a calculator and over 1,000 downloads have been made before it was removed from the official web store. Jérôme Segura, senior security researcher at Malwarebytes said, “One of the main points of entry is via rogue browser extensions which are increasingly becoming a problem and are being leveraged in various types of attacks...

Zero-day Vulnerability in Linux...

Hello all, A Zero-day vulnerability has been discovered in the Linux kernel by Security researchers from Perception Point. This affects both the Linux operating system and the Android mobile OS and if exploited can give root access to the attackers. This vulnerability is dubbed (CVE-2016-0728). This zero-day is a local privilege escalation vulnerability in the Linux kernel that originates from a reference leak in the keyring utility that is used to encrypt and store login information making it available for other applications and drivers. The researchers explained that...

Ring My Wi-Fi Bells...

Hello everybody, An IOT device known as the Ring Wi-Fi Doorbell that allows the person at the doorbell to be viewed through the internet, was found to have a vulnerability. This vulnerability if exploited can reveal the Wi-Fi password of the homeowner. Its easy to detach this doorbell and an orange button on the bell will set the wireless component to an Access Point mode when pressed. When the doorbell is in the AP mode, an attacker can use their mobile device to connect to the server. Then use a specific URL to gain access to the homeowner’s wireless network. The...

BlackBerry Secure Emails Can Be Decrypte...

Hi all, According to documents from a Netherlands-based national forensics agency, Dutch investigators have the technology to ‘crack’ the PGP-enabled BlackBerry handsets and decrypt secure emails. It has been reported that Netherlands Forensic Institute (NFI) is capable of uncovering communications from custom-made BlackBerry handsets sold with strong encryption and enabled via third-party BES servers. These handsets are marketed to security conscious buyers but law enforcement believes that criminals use these too. NFI press officer Tuscha Essed has mentioned...

Clapper Got His Calls Hacked...

Hey guys, The online telephone and internet account of James R. Clapper, Director of National Intelligence has been hacked by a teenage hacker calling himself “Cracka”. According to what Cracka has told a reporter, Lorenzo Francheschi-Bicchierai, he has broken into Clapper’s home telephone and internet, his personal email, and his wife Susan’s Yahoo account. After hacking into his Verizone account, the calls have been allegedly forwarded to the Free Palestine Movement. “Cracka provided me with what he claimed to be Clapper’s home number. When I called it on...

eBay Had An XSS Bug...

Hi all, A scam with a very similar eBay login page and a URL starting with ebay.com is tricking users into entering their usernames and passwords. But once the credentials are entered an error message is displayed and credentials are stolen. Last Monday, eBay had patched the XSS (Cross-Site Scripting) vulnerability that hackers could have used to inject parasitic code into its sign-in page. It was reported that a researcher, who goes by the name MLT discovered this flaw and informed it to eBay on the 11 of December 2015. MLT followed with a post titled “A tale of eBay...

“Bogus Boss” Email Scam...

Hello all, An email scam is causing bosses to “give” instructions to send monetary transactions. Carole Gratzmuller, boss of a medium-sized French company called Etna Industrie which manufactures industrial equipment for outskirts of Paris, was a victim of this scam dubbed CEO fraud, or “fraude au president” as known in France. ‘Confidential transaction’ “My accountant was called on Friday morning…Someone said: ‘You’re going to get an email from the president, and she’s going to give you instructions to...

« Previous Entries