Web Cache Deception Attacks are Still Around, Says New Research

Web Cache Deception Attacks are Still Around, Says New Research

Web Cache Deception Attacks are Still Around, Says New Research.Web Cache Deception attacks are still impacting many popular websites, says new research.Researchers noticed that 25 of the Alexa Top 5,000 websites were impacted by the Web Cache Deception attack.

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic.

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

Carnival Cruise Lines Hacked

Carnival Cruise Lines Hacked

Investigations into the incident carried out by Princess and Holland America revealed that an unauthorized third party had gained access to a substantial amount of personal information belonging to both passengers and crew.

Following Mitsubishi, Pasco and Kobe Steel Disclose Data Breaches

Following Mitsubishi, Pasco and Kobe Steel Disclose Data Breaches

Both, Pasco and Kobe Steel’s official statements said that no damage has been done in either of the data breach attempts as no information leakage had been discovered so far during the joint investigations carried out by the Ministry of Defense and various government and state authorities.

CacheOut

CacheOut

We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries.We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit

Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit

An October hack of medical testing company LifeLabs exposed the sensitive personal information of an estimated 15 million Canadians.The LifeLabs data breach included lab test results and national health card numbers along with personally identifiable information including names, dates of birth, home addresses and email addresses.

FBI asks Apple for phone data from suspected Florida naval base shooter

FBI asks Apple for phone data from suspected Florida naval base shooter

The FBI asked Apple this week to help extract data from iPhones that belonged to the Saudi aviation student who investigators say fatally shot three sailors at a U.S. naval base in Florida last month.

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.

Apple Watch helps cops catch man lying about synagogue stabbing

Apple Watch helps cops catch man lying about synagogue stabbing

A 26-year-old man faked his own stabbing at the West Bloomfield synagogue where he worked and then reported he was attacked because of his Jewish faith, authorities say.

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

WhatsApp is a “Trojan horse” exploited to snoop on millions of users naive enough to believe that the Facebook-owned messenger differs from its parent company, long beset by privacy scandals, Telegram founder Pavel Durov said.

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app.

Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns

Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns

The Monday's ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others.

New 5G flaws can track phone locations and spoof emergency alerts

New 5G flaws can track phone locations and spoof emergency alerts

Last week, the researchers found several security flaws in the baseband protocol of popular Android models — including Huawei’s Nexus 6P and Samsung’s Galaxy S8+ — making them vulnerable to snooping attacks on their owners.

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave.

Researchers hack Siri, Alexa, and Google Home by shining lasers at them

Researchers hack Siri, Alexa, and Google Home by shining lasers at them

While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.

Tracking NSO, the media shy Israeli firm behind Pegasus

Tracking NSO, the media shy Israeli firm behind Pegasus

October ended with the news that an Israeli spyware called Pegasus was used to snoop around two dozen Indian users of WhatsApp, including notable journalists, lawyers and activists.

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.

Georgia hit by massive cyber-attack

Georgia hit by massive cyber-attack

She added that she had been told by cyber-security experts that Georgian government websites were "poorly protected and vulnerable to attack".More than 15,000 pages were affected, including the presidential website, non-government organisations and private companies.

Malware That Spits Cash Out of ATMs Has Spread World Wide

Malware That Spits Cash Out of ATMs Has Spread World Wide

“In general, we do not comment on dedicated, single cases,” Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call.So far across the different states of Germany, 82 cases of ATM cash out is recorded.

Credit Info Exposed in TransUnion Credential Stuffing Attack

Credit Info Exposed in TransUnion Credential Stuffing Attack

Using a credential stuffing attack, an unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files.

Millions of smartphones vulnerable to SimJacker mobile phone exploit

Millions of smartphones vulnerable to SimJacker mobile phone exploit

At its core, SimJacker works by an attacker sending an SMS message to the target containing special code that is then automatically processed by the SIM card which then allows the attacker to take over the phone through the SIM card’s [email protected] Browser.

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault

NICOLAS ASFOURI/AFP/Getty ImagesHigh-profile Tibetans have seen their Apple iPhones and Android devices targeted by hacks delivered in WhatsApp messages.The latest attacks on the Tibetan community also contained some novel Android spyware, said Citizen Lab researcher Bill Marczak.

North Carolina County Loses $1.7 Million to BEC Scam

North Carolina County Loses $1.7 Million to BEC Scam

The scammers impersonated a building contractor that was constructing a new high school in the County and succeeded in redirecting a $2.5 million payment to their account.Advanced email security solutions such as SpamTitan can identify and block these BEC threats.

Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation

Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation

The main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands, exploiting the presence of a particular piece of software, called the [email protected] Browser on the SIM card .

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers.

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google is finally working on a fix for a security problem that leaves more than a billion Calendar users exposed to attack.The threat actors craft their messages to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.

Over half a million active GPS trackers have ‘123456’ as default password

Over half a million active GPS trackers have ‘123456’ as default password

Back in May, UK cybersecurity firm Fidus Information Security revealed a vulnerability in a popular GPS tracker used by elderly patients that can be tricked into sending its real-time location simply by sending it a text message with a specific command.

Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters

Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters

WASHINGTON (Reuters) - Telegram, a popular encrypted messaging app, will allow users to cloak their telephone numbers to safeguard Hong Kong protesters against monitoring by authorities, according to a person with direct knowledge of the effort.