Latest News

2020/06/29

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites.
"We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week.
"This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot."
2020/06/24

Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States.
Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal information.
DDoSecrets, or Distributed Denial of Secrets, is a transparency collective similar to WikiLeaks, which publicly publishes data and classified information submitted by leakers and hackers while claiming the organization itself never gets involved in the exfiltration of data.
2020/06/22

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

Researchers have discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said.

The flaw, a memory-safety issue present in the firmware’s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative (ZDI) by a researcher called “d4rkn3ss” from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.
2020/06/15

Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room

A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.
The findings were published in a new paper by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August.
2020/06/11

Critical Intel Flaws Fixed in Active Management Technology

Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges.

The critical flaws exist in Intel’s Active Management Technology (AMT), which is used for remote out-of-band management of personal computers.

The two critical flaws (CVE-2020-0594 and CVE-2020-0595) exist in the IPv6 subsystem of AMT (and Intel’s Standard Manageability solution, which has a similar function as AMT). The flaws could potentially enable an unauthenticated user to gain elevated privileges via network access. AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 are affected.