Android bug lets hackers plant malware via NFC beaming

All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019. Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam.…

Read More

GandCrab RaaS Was a Training Ground for Malware Distributors

GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals. Instead of keeping the operation private, limited to a small circle of experienced cybercriminals, they opened the doors to newcomers, advertised, built a relationship with customers and affiliates, and communicated with victims and researchers…

Read More

¿Usas Chrome? Exploit 0-Day activo

Google está adviertiendo de forma urgente a sus millones de usuarios que instalen la versión Chrome 78.0.3904.87, para parchear dos vulnerabilidades de alta gravedad, una de las cuales los atacantes están explotando activamente. Sin revelar detalles técnicos de la vulnerabilidad, el equipo de seguridad de Chrome dice que ambos problemas son vulnerabilidades del tipo use-after-free, uno…

Read More

Una base de datos de Adobe vulnerable compromete a millones de usuarios de Creative Cloud

Datos personales de 7,5 millones de clientes de Creative Cloud fueron expuestos públicamente en una base de datos de Adobe vulnerable a cualquier usuario o atacante, según el descubrimiento de Comparitech. Con un número de suscriptores estimados en 15 millones, Adobe Creative Cloud o Adobe CC es uno de los servicios de suscripción de software especializado en edición más popular…

Read More

Falla crítica en PHP con PHP-FPM sobre Nginx

Si está ejecutando un sitio web basado en PHP en el servidor NGINX y tiene habilitada la función PHP-FPM para un mejor rendimiento, debe tener cuidado con una nueva vulnerabilidad que permitiría que atacantes no autorizados accedan a su servidor de forma remota. PHP-FPM es una implementación alternativa de PHP FastCGI que ofrece un procesamiento avanzado y altamente eficiente…

Read More

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over…

Read More

Pwn2Own Hacking Event Expands to Industrial Control Systems

The Pwn2Own hacking competition that will take place in Miami South Beach in January 2020 will also include popular Industrial Control Systems (ICS) protocols and software for the first time. This year, as part of the 2019 contest that took place in Vancouver, ethical hacking teams also had the chance to hack their way into a Tesla Model 3’s Chromium-based infotainment…

Read More

Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords

Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from…

Read More

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it’s American voting machines during the 2016 presidential election or India’s EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to…

Read More

Hacker Breached Servers Belonging to Multiple VPN Providers

Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.  Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked…

Read More