Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to “view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time,” said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. The flaw (tracked as CVE-2020-3843)…

Read More

How to Become an Ethical Hacker

How to Become an Ethical Hacker – Ethical hacking is the perfect career choice for those interested in problem solving, communication and IT security. Here’s what it takes to become a white hat hacker. How to Become an Ethical Hacker An essential guide to becoming an ethical hacker I receive lots of emails asking for guidance on how to become an ethical hacker. Most requests are on how to become a black hat hacker which are usually ignored. Let’s take a look at the definition of an ethical hacker. How…

Read More

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.” The different verticals singled out by the threat actor…

Read More

What is Key Server in Cryptography?

What is Key Server in Cryptography? – At last we turn to key management. This is, without a doubt, the most difficult issue in cryptographic systems, which is why we left it to near the end. We’ve discussed how to encrypt and authenticate data, and how to negotiate a shared secret key between two participants. Now we need to find a way for Alice and Bob to recognize each other over the Internet. As you will see, this gets very complex very quickly. Key management is especially difficult because it…

Read More

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed “Operation Falcon,” was jointly undertaken by the international police organization along with Singapore-based cybersecurity firm Group-IB and the Nigeria Police Force, the principal law enforcement agency in the country. About 50,000 targeted victims of the criminal schemes have been identified so far, as the probe continues to track down other…

Read More

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, 11.90.0.17, and 11.86.0.32 of the software. cPanel and WHM (Web Host Manager) offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing…

Read More

Capcom hacked in latest cyber-attack on game-makers

Video game-maker Capcom said its computer systems were hacked earlier this week, in the latest cyber-attack to hit the games industry. The Japanese firm is behind major franchises such as Resident Evil, Street Fighter, and Mega Man. It said some of its internal networks had been suspended “due to unauthorised access” from outside Capcom. But it said “at present”, there was no sign that customer information had been accessed. It noticed the attack after its internal networks began to have issues that affected company email and the servers where it…

Read More

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions. The findings were revealed by privacy and security researcher Samy Kamkar over the weekend. “NAT Slipstreaming exploits the user’s browser in conjunction…

Read More

WastedLocker Ransomware hits Boyne Resorts online systems

Boyne Resorts suffered a ransomware attack by the WastedLocker operation that impacted the company-wide reservation systems. Boyne Resorts owns and operates lakeside resorts, mountains, ski areas, golf resorts and attractions spanning from British Columbia to Maine. Many of these properties are situated on well-known ski mountains, including Big Sky, Montana, Sugarloaf, Montana, Maine, Tennessee and Utah. Initially, the ransomware breached the corporate offices and then moved laterally, targeting the IT systems of the resorts they operate. The company was forced to shut down portions of its network to prevent the…

Read More

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server. First documented by the Indian Computer Emergency Response Team (CERT-In) in August 2017 and subsequently by…

Read More