Hackers steal personal info of 2 crore BigBasket users, put it for sale on dark web

Online grocer BigBasket was reportedly attacked by hackers and personal details of as many as 2 crore were stolen. The e-commerce grocery firm lodged a police complaint with Bengaluru Cyber Crime Cell of the same and is currently verifying the incident first reported by cyber intelligence firm Cyble, said reports.  Cyble said the Bengaluru-based e-commerce company was the victim of a hacking attack. It also alleged that the hacker put the details of the company’s 2 crore shoppers for sale on the dark web for Rs 30 lakh.  A blog from Cyble…

Read More

Capcom hacked in latest cyber-attack on game-makers

Video game-maker Capcom said its computer systems were hacked earlier this week, in the latest cyber-attack to hit the games industry. The Japanese firm is behind major franchises such as Resident Evil, Street Fighter, and Mega Man. It said some of its internal networks had been suspended “due to unauthorised access” from outside Capcom. But it said “at present”, there was no sign that customer information had been accessed. It noticed the attack after its internal networks began to have issues that affected company email and the servers where it…

Read More

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. The zero-days were discovered and reported to Apple by Google’s Project Zero security team. “Apple is aware of reports that an exploit for this issue exists in the wild,” the iPhone maker…

Read More

North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks

A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims’ machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma stealthily monitor its victims for continued exploitation. Tracked under the codename of “Operation North Star” by McAfee researchers, initial findings into the campaign in July…

Read More

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions. The findings were revealed by privacy and security researcher Samy Kamkar over the weekend. “NAT Slipstreaming exploits the user’s browser in conjunction…

Read More

A ‘Perception Hack’: When Public Reaction Exceeds The Actual Hack

A Russian group acquired U.S. voter data in at least a couple of states. The Iranians reportedly did the same. President Trump’s campaign website was briefly defaced. As expected, this election season has brought a series of computer breaches and disinformation efforts coming from other countries. So how do we sort out the serious threats from mere cyber mischief? There’s no easy answer, but at least there’s a catchphrase: a “perception hack.” This describes a relatively small-scale intrusion that probably won’t cause much actual harm, yet it may have an…

Read More

Google launches new VPN to protect people from hacking

To protect people from hacking via unsecure public wi-fi networks, Google has announced a new virtual private network (VPN) by Google One to provide an extra layer of online protection on Android phones. The VPN by Google One is available for people who have taken 2TB and higher plans. If you’ve shared your 2TB Google One plan with family members (up to five additional people), they can also enable the VPN on their own devices at no extra cost. The VPN by Google One will roll out in the US…

Read More

Wisconsin Republicans say hackers stole $2.3m

The Wisconsin Republican party has said hackers stole $2.3m (£1.7m) from the its effort to support President Donald Trump’s re-election. The party contacted the FBI and agents are investigating the matter, Chairman Andrew Hitt said in a statement on Thursday. Mr Hitt said the hackers manipulated campaign invoices to steal the funds. In the upcoming presidential election Wisconsin is seen as a key state – one Mr Trump won narrowly in 2016. The party’s invoices for vendors were altered so that when they paid the invoices, the money did not…

Read More

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager. “Its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort, and it uses sophisticated methods to camouflage itself, stay undetected, and protect its operation,” Imperva researchers said…

Read More

Google Removes 21 Malicious Android Apps from Play Store

Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list here) were downloaded nearly eight million times from Google’s app marketplace. The apps masqueraded as harmless gaming apps and came packed with HiddenAds malware, a notorious Trojan known for its capabilities to serve intrusive ads outside of the app. The group behind the…

Read More