Hackers News, Articles and Updates

Defending against cross-site scripting vulnerabilities

Cross site scripting vulnerabilities are easy to exploit. The best way to prevent exploitation is by applying input and output sanitation as well as ensuring the security basics are carried out.

Massive data breach of Rail Europe's servers lasted nearly three months

Hackers were able to gain unauthorised access to the IT platform of Rail Europe's e-commerce websites for three long months before the firm was alerted to a possible breach by one of its banks.

Vulnerability in Electron could pose danger to Skype and Wordpress web apps

A security vulnerability has been discovered in a software framework used web apps that could enable hackers to execute remote code. The problem could affect many web apps that use the framework.

Multiple flaws in TP-Link EAP controller could give hackers free-rein

Privilege escalation and cross-site scripting vulnerabilities discovered allowing WiFi network takeover and with mitigations for all vulnerabilities difficult, patching is required.

Phishing campaign aimed at Airbnb guests uses GDPR hook

Hackers are playing off of the impending implementation of GDPR, posing as Airbnb hosts in emails saying victims must accept new privacy policy based on the regulation before further bookings can be made.

Millions of fibre broadband routers open to remote control by hackers

Critical vulnerability allows attackers to bypass authentication. Security researchers have found flaws in fibre-optic broadband routers that enable hackers to bypass security and takeover devices.

PUBG Corp. says 15 Chinese hackers arrested

PUBG (PlayerUnknown's Battlegrounds) Corp. announced the arrest of 15 hackers in China who were accused of developing, selling, promoting, and using unauthorised hacking/cheating programs on the platform.

PoC code can crash Windows systems, even when locked

Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.

Candy bar security posture leaves enterprises soft on the inside

71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.

SirenJack flaw exposes problems in emergency alert system

Security researchers have found a flaw in the emergency alert warning siren system used by many local authorities - could be sounded by hackers, research finds.

Hackers using flaw in Cisco switches to attack

US Homeland Security warned Russian state actors behind attacks on US energy grid. Security researchers have warned that hackers are using badly-configured Cisco switches to gain entry into the infrastructure of organisations.

Hackers still exploiting the human factor to carry out ransomware attacks

Nearly 70 percent of successful ransomware attacks in 2017 were the result of hackers gaining access to enterprise networks by phishing via email or social media network.

Malware attacks leveraging MS Word documents grew by 33% in Q4

Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems.

Fancy Bear suspected in United Kingdom's Anti-Doping Agency cyber-attack

Fancy Bear hackers are suspected of launching a foiled cyber-attack on the UK's Anti-Doping Agency.

Iranians indicted over state-sponsored IP theft, hacking US universities

The US Dept of Justice has charged nine Iranians from the Mabna Institute with stealing more than 31 terabytes of files from US, UK and other universities, companies, government agencies and non-governmental organisations.

Pro-establishment Iranian hackers gaining prominence in the Persian Gulf

The rising capabilities of Iranian hackers came to the fore in 2017 when hacker groups like Helix Kitten, Charming Kitten, and Volatile Kitten launched several crippling cyber-attacks on Saudi Arabian entities.

Gwent Police sat on data breach exposure for a year before informing ICO

Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.

Hacking Team reunion samples found in 14 countries

The Hacking Team is back: previously unreported samples of its infamous surveillance tool, the Remote Control System (RCS), were spotted in the wild throughout fourteen countries, according to ESET researchers.

Phishing campaign found to be targeting humanitarian organisations

Security researchers recently uncovered a phishing campaign that suspected Korean hackers had, since August 2017, unleashed on humanitarian aid organisations by using topics on North Korean politics.

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

Lazarus Group back from the dead - again - with renewed phishing campaign

Hacker group Lazarus has renewed a phishing campaign it launched, but instead of injecting malware to access enterprise IT environments, the group is now injecting implants to identify those running Bitcoin-related software.

2018 Winter Olympics hit with destroyer malware during opening ceremony

Warnings that the 2018 Winter Olympic Games would be the target for hackers came true almost immediately as the Pyeongchang computer system was hit with a "destroyer" cyber-attack knocking its website and other services offline.

Criminals ramps up server-side attacks

Hackers are increasingly turning to server-side attacks, according to a new report. Report notes fall in use of client-side exploit kits.

All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.

Hackers using sophisticated malware to target Winter Olympics organisations

Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.

Active Directory attack could enable malicious domain controller set up

DCShadow attack allows installation of backdoor. Hackers could set up their own fake domain controller in an existing corporate network to distribute malware and leave a backdoor.

Cisco warns of a critical vulnerability in its SSL VPN solution

Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.

Owners of hacked Tokyo cryptocurrency exchange owed £302 million

On Sunday it was announced that Coincheck Inc would return 46.3 billion Yen (£302 million) of virtual money to its owners after hackers stole the amount last week in one of the biggest-ever virtual money thefts, according to Reuters.