Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to “view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time,” said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. The flaw (tracked as CVE-2020-3843)…

Read More

Indian National Gets 20-Year Jail in United States for Running Scam Call Centers

An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel (aka Hitesh Hinglaj), who hails from the city of Ahmedabad, India, was sentenced in connection with charges of fraud and money laundering. He was also ordered to pay restitution of $8,970,396 to identified victims of his crimes. Earlier this January, Patel pleaded guilty to wire fraud conspiracy and general…

Read More

How to Become an Ethical Hacker

How to Become an Ethical Hacker – Ethical hacking is the perfect career choice for those interested in problem solving, communication and IT security. Here’s what it takes to become a white hat hacker. How to Become an Ethical Hacker An essential guide to becoming an ethical hacker I receive lots of emails asking for guidance on how to become an ethical hacker. Most requests are on how to become a black hat hacker which are usually ignored. Let’s take a look at the definition of an ethical hacker. How…

Read More

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. “A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system,” the virtualization software and services firm noted in its advisory. Tracked as CVE-2020-4006, the command injection vulnerability has a CVSS score of 9.1 out of 10 and impacts VMware Workspace…

Read More

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.” The different verticals singled out by the threat actor…

Read More

What is Key Server in Cryptography?

What is Key Server in Cryptography? – At last we turn to key management. This is, without a doubt, the most difficult issue in cryptographic systems, which is why we left it to near the end. We’ve discussed how to encrypt and authenticate data, and how to negotiate a shared secret key between two participants. Now we need to find a way for Alice and Bob to recognize each other over the Internet. As you will see, this gets very complex very quickly. Key management is especially difficult because it…

Read More

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed “Operation Falcon,” was jointly undertaken by the international police organization along with Singapore-based cybersecurity firm Group-IB and the Nigeria Police Force, the principal law enforcement agency in the country. About 50,000 targeted victims of the criminal schemes have been identified so far, as the probe continues to track down other…

Read More

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, 11.90.0.17, and 11.86.0.32 of the software. cPanel and WHM (Web Host Manager) offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing…

Read More

What is Message Authentication Codes?

What is Message Authentication Codes? – A message authentication code, or MAC, is a construction that detects tampering with messages. Encryption prevents Eve from reading the messages but does not prevent her from manipulating the messages. This is where the MAC comes in. Like encryption, MACs use a secret key, K, known to both Alice and Bob but not to Eve. Alice sends not just the message m, but also a MAC value computed by a MAC function. Bob checks that the MAC value of the message received equals the…

Read More

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google’s Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android. In a nutshell, the vulnerability could have granted an attacker who is logged into the app to…

Read More