Elastic Stack API Security Vulnerability Exposes Customer and System Data
E Hacking News
by ishaan
1y ago
  The mis-implementation of Elastic Stack, a collection of open-source products that employ APIs for crucial data aggregation, search, and analytics capabilities, has resulted in severe vulnerabilities, according to a new analysis. Researchers from Salt Security uncovered flaws that allowed them to not only conduct attacks in which any user could extract critical customer and system data, but also to create a denial of service condition in which the system would become inaccessible.  “Our latest API security research underscores how prevalent and potentially dangerous API vulnerabi ..read more
Visit website
The expert assessed the prospects of cybersecurity company Group-IB after the arrest of its founder
E Hacking News
by E Hacking News
1y ago
Experts believe that the arrest of Ilya Sachkov, the founder and CEO of Group-IB, will not affect the company's work, nor will it affect the Russian information security market. Criminal cases against the heads of companies working in the field of information security have already happened in Russia. On September 28, the office of Group-IB was searched, and the next day the court put the businessman in custody for two months on charges of treason. He might face up to 20 years in prison. It is still unclear what exactly Ilya Sachkov's crime was. Group-IB lawyers are studying the court order, a ..read more
Visit website
Analysts Warn of Telegram Powered Bots Stealing Bank OTPs
E Hacking News
by Samarth Mishra
1y ago
  In the past few years, two-factor verification is one of the simplest ways for users to safeguard their accounts. It has now become a major target for threat actors. As per Intel 471, a cybersecurity firm, it has observed a rise in services that allow threat actors to hack OTP (one time password) tokens. Intel 471 saw all these services since June which operate via a Telegram bot or provide assistance to customers via a Telegram channel. Through these assistance channels, users mostly share their feats while using this bot and often walk away thousand dollars from target accounts.  ..read more
Visit website
Newly Discovered 'Tomiris’ Backdoor Linked to SolarWinds Attack Malware
E Hacking News
by Viplav Kushwah
1y ago
  Kaspersky security researchers have unearthed a new backdoor likely designed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack.  The new malware, dubbed Tomiris, was first identified in June 2021 from samples dating back to February, a month before the “sophisticated second stage backdoor” Sunshuttle was spotted by FireEye and linked to Nobelium. Nobelium is also known by the monikers UNC2452, SolarStorm, StellarParticle, Dark Halo, and Iron Ritual.  "While supply-chain attacks were already a documented attack vector leverage ..read more
Visit website
Ransomware Attack On Major European Bookseller
E Hacking News
by Shivani Tiwari
1y ago
  Recently a ransomware attack targeted a leading book supplier software, the attack interrupted regular functions of thousands of bookstores in Europe including France, Belgium, and the Netherlands. The data stolen may have included not only personally identifiable information but also payment details.  The ransomware group targeted TiteLive, a French company that provides cloud-based software for book sales and inventory management. Bookstores that have been affected by the ransomware attack included Libris, Aquarius, Donner, Malperthuis, and Atheneum Boekhandels. Additionally, so ..read more
Visit website
RansomEXX Comes into Action Encrypting Files Using AES-CBC
E Hacking News
by Anushka Agnihotri
1y ago
  In the latest Profero report - Senior Incident Responder Brenton Morris states that RansomeXX decryptors have failed to encrypt different files for the victims that have paid for the ransom demanded by the Linux Vmware ESXI malicious attacker. Profero has found that this RansomExx organization does not lock Linux files appropriately, which might contribute to damaged data during encryption.  Following a reverse engineering process of the RansomExx Linux encrypter, Profero found that perhaps the problem was created by the inadequate encryption of Linux files. The encrypted file wo ..read more
Visit website
GriftHorse Malware has Infected More than 10 Million Android Devices
E Hacking News
by ishaan
1y ago
  A new malware named GriftHorse is said to have infected over 10 million Android cell phones. According to the research at mobile security firm Zimperium, the threat group has been executing the campaign since November 2020. The GriftHorse malware was propagated through both Google Play and third-party application stores, according to the research group, and it stole "hundreds of millions of Euros" from victims.  GriftHorse will produce a significant number of notifications and popups when a user downloads any of the malicious programmes, luring consumers in with exceptional disco ..read more
Visit website
Turkish National Charged for DDoS Attack on U.S. Company
E Hacking News
by Shruti Jain
1y ago
  Authorities in the United States charged a Turkish national for launching distributed denial-of-service (DDoS) assaults against a Chicago-based multinational hospitality company using a now-defunct malware botnet.  Izzet Mert Ozek, 32, is accused of launching attacks against the Chicago multinational in August 2017 using WireX, a botnet developed using Android malware.  According to authorities, Ozek's attacks caused infected Android devices to transmit massive volumes of online traffic to the company's public website and online booking service, leading servers to crash. As ..read more
Visit website
Cybersecurity experts have discovered a new hacker group
E Hacking News
by E Hacking News
1y ago
Cybersecurity experts have discovered a new hacker group ChamelGang, which attacks institutions in ten countries around the world, including Russia. Since March, Russian companies in the fuel and energy sector and the aviation industry have been targeted, at least two attacks have been successful. Experts believe that pro-government groups may be behind the attacks. According to Positive Technologies, the first attacks were recorded in March. Hackers are interested in stealing data from compromised networks. India, the United States, Taiwan and Germany were also victims of the attacks. Compro ..read more
Visit website
Scammers are Using Twitter Bots for PayPal and Venmo Scams
E Hacking News
by Viplav Kushwah
1y ago
  Internet scammers are using Twitter bots to trick users into making PayPal and Venmo payments to accounts under their possession. Venmo and PayPal are the popular online payment services for users to pay for things such as charity donations or for goods such as the resale of event tickets. This latest campaign, however, is a stark warning against making or revealing any sort of transaction on a public platform. How fraudsters operate?  The fraud campaign begins when a well-meaning friend asks the person in need for a specific money transferring account — PayPal or Venmo. Then th ..read more
Visit website

Follow E Hacking News on Feedspot

Continue with Google
OR