Download, Hacking and Information Security

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

DECEMBER 2, 2022

SecurityAffairs – hacking, Android Keyboard). The post Android Keyboard Apps with 2 Million downloads can remotely hack your device appeared first on Security Affairs. . “The CyRC recommends removing the applications immediately.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Hacking

Hacking Authentication Mobile Passwords

Ukrainian hackers are behind the Free Download Manager supply chain attack

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. org subdomain. collect) that launches the /var/tmp/crond file every 10 minutes.”

Malware

Malware Backups Software Passwords

Information Security News headlines trending on Google

CyberSecurity Insiders

MAY 4, 2023

Therefore, computer admins are being warned to be aware of phishing emails, malicious downloads, and be wary of other social engineering attacks. According to sources, a hack has exposed data of over 780,000 children who were patients of Brightline.

Information Security

Information Security Healthcare Social Engineering Ransomware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org subdomain. org subdomain. ” reported Kasperksy. freedownloadmanager[.]org

Malware

Malware Software Cryptocurrency Passwords

WordPress Download Manager Plugin was affected by two flaws

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking

Hacking Data breaches Cybercrime Information Security

4 Malicious apps on Play Store totaled +1M downloads

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware

Adware Phishing Mobile Malware

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. The security firm reported its findings to Google, which notified the development teams. The third-party library can perform ad fraud by clicking advertisements in the background without the user’s consent.

Data collection

Data collection Mobile Malware Education

Android app with over 5m downloads leaked user browsing history

Security Affairs

DECEMBER 8, 2022

Web Explorer – Fast Internet is a browsing app with over five million downloads on the Google Play store. SecurityAffairs – hacking, Android app). The post <strong>Android app with over 5m downloads leaked user browsing history</strong> appeared first on Security Affairs. De-anonymize users.

Internet

Internet Internet Mobile Authentication

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

Security Affairs

APRIL 17, 2022

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Hacking

Hacking Accountability Cybersecurity Authentication

Phishing with hacked sites

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing

Phishing Hacking Banking Scams

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware

Malware Mobile Antivirus Hacking

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security Affairs

JANUARY 4, 2021

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. SecurityAffairs – hacking, PowerShell).

Antivirus

Antivirus Malware Accountability Hacking

How to hack the Airbus NAVBLUE Flysmart+ Manager

Security Affairs

FEBRUARY 5, 2024

” Pen Test Partners researchers were able to exploit the issue to view the data being downloaded from the NAVBLUE Servers. Most of the files downloaded by the researchers were SQLite databases containing information on specific aircraft, and many of them included take-off performance data (PERF).

Hacking

Hacking Engineering Encryption Software

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Malware

Malware Cryptocurrency Accountability Software

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device. The full list of apps is available here.

Spyware

Spyware Advertising Malware Marketing

Twitter reveals that hackers also downloaded data from eight compromised accounts

Security Affairs

JULY 19, 2020

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them. The social media platform Twitter suffered one of the biggest cyberattacks in its history, multiple high-profile accounts were hacked. SecurityAffairs – hacking, social engineering).

Accountability

Accountability Social Engineering Media Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The registered DLL will be loaded at system startup by the spoolsv.exe with SYSTEM privileges.

Malware

Malware Telecommunications Advertising Encryption

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Docker). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Accountability Architecture Software

Alert! Patch your TeamCity instance to avoid server hack

Security Affairs

SEPTEMBER 25, 2023

we have also released a security patch plugin so that you can still patch your environment. The security patch plugin can be downloaded using one of the links below and installed on TeamCity 8.0+. ” The link for the Security patch plugin are for TeamCity 2018.2 For TeamCity 2019.2 to 2023.05.3 | for TeamCity 8.0

Hacking

Hacking Software Authentication Internet

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. A threat actor that goes online with the moniker Adrastea , and that defines itself as a group of independent cybersecurity specialists and researchers, claims to have hacked MBDA. “Hello!

Manufacturing

Manufacturing Hacking Passwords Cybersecurity

OpenWRT forum hacked, intruders stole user data

Security Affairs

JANUARY 18, 2021

The attack took place on Saturday, around 04:00 (GMT), when threat actors compromised an administrator account and downloaded a copy of the list of users. “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. .”

Hacking

Hacking Data breaches Passwords Accountability

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker stealer and NetSupport RAT , to compromised hosts. SecurityAffairs – hacking, ransomware). The alert includes indicators of compromise and mitigations.

Ransomware

Ransomware Hacking Malware Encryption

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

Security Affairs

SEPTEMBER 12, 2023

” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Repojacking attack ) The post A new Repojacking attack exposed over 4,000 GitHub repositories to hack appeared first on Security Affairs.

Hacking

Hacking Risk Accountability Information Security

Adobe fixes over a dozen flaws in Media Encoder, Download Manager

Security Affairs

JULY 14, 2020

Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products. Adobe has addressed over a dozen vulnerabilities in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion, and Download Manager products. SecurityAffairs – hacking, Adobe).

Media

Media Advertising Hacking Information Security

LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems

Security Boulevard

MARCH 27, 2022

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1

Phishing

Phishing Software Hacking Social Engineering

WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware

Security Affairs

SEPTEMBER 29, 2019

Researchers at Proofpoint have spotted a piece of downloader , dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. . In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries. Pierluigi Paganini.

Malware

Malware Advertising Phishing Information Security

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking

Hacking Firmware Internet Internet

Anonymous claims to have hacked the website of the Russian Ministry of Defense

Security Affairs

SEPTEMBER 23, 2022

The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people. The #OpRussia ( #OpRussia ) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular collective claims to have hacked the website of the Russian Ministry of Defense.

Hacking

Hacking Mobile Information Security

BBC disclosed a data breach impacting its Pension Scheme members

Security Affairs

MAY 30, 2024

“The BBC’s information security team has alerted us to a data security incident, in which some files containing personal information of some BBC Pension Scheme members were copied from a cloud-based storage service. The BBC disclosed a data breach that occurred on May 21.

Data breaches

Data breaches Insurance Information Security Hacking

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

SmokeLoader acts as a loader for other malware, once it is executed it will inject malicious code into the currently running explorer process (explorer.exe) and downloads another payload to the system. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Ukraine)

Malware

Malware Banking Accountability Phishing

Critical CrushFTP zero-day exploited in attacks in the wild

Security Affairs

APRIL 20, 2024

CrushFTP has notified users of a virtual file system escape vulnerability impacting their FTP software, which could potentially enable users to download system files. have a vulnerability where users can escape their VFS and download system files. “CrushFTP v11 versions below 11.1 This has been patched in v11.1.0.

Software

Software Hacking Information Security

Russian APT Nomadic Octopus hacked Tajikistani carrier

Security Affairs

MAY 1, 2023

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. The group mainly employed public offensive tools, the operators run commands and download their tools on victim systems inattentively, for example during the victim’s active hours.

Hacking

Hacking Telecommunications Government Firewall

Snake, a new Info Stealer spreads through Facebook messages

Security Affairs

MARCH 7, 2024

export=download&id=1uRaMFq3jVR3yhcdRbBvuGdq-jLBLKtTH drops /kholapqua.com/Document.zip [link] pic.twitter.com/Y9CpY8xyLU — idclickthat (@idclickthat) August 17, 2023 Threat actors sent Facebook messenger direct messages to the victims attempting to trick them into downloading archive files such as RAR or ZIP files.

Malware

Malware Hacking Accountability Cybersecurity

Anonymous hacked the controversial, far-right web host Epik

Security Affairs

SEPTEMBER 15, 2021

Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content. “Due to its size, it’s incompatible with most torrent clients and many users will have difficulty downloading the data. SecurityAffairs – hacking, Anonymous).

Hacking

Hacking Data breaches DNS Media

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

Security Affairs

MARCH 4, 2021

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, SolarWinds). Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Hacking Antivirus Information Security

Source code for the Babuk is available on a hacking forum

Security Affairs

SEPTEMBER 4, 2021

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. You can download the Babuk source here: vx-underground[.]org/tmp/ SecurityAffairs – hacking, RaaS).

Hacking

Hacking Ransomware Encryption Cybercrime

Massive hacking campaign compromised thousands of WordPress websites

Security Affairs

MAY 12, 2022

Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. phishing pages, malware downloads), scam pages, or commercial websites to generate illegitimate traffic. SecurityAffairs – hacking, WordPress websites). To nominate, please visit:?

Hacking

Hacking Scams Phishing Cybersecurity

A flaw in Slack could allow hackers to steal, manipulate downloaded files

Security Affairs

MAY 17, 2019

A recently patched flaw in the Slack desktop application for Windows can be exploited by attackers to steal and manipulate a targeted user’s downloaded files. Slack is a cloud-based set of proprietary team collaboration tools and services, Security researcher David Wells from Tenable discovered a critical flaw in version 3.3.7

Advertising

Advertising Authentication Hacking Malware

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability

Accountability Hacking Data breaches Passwords

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft

Security Affairs

MARCH 14, 2022

Anonymous claims to have hacked the systems of the German subsidiary of Russian energy giant Rosneft and stole 20TB of data. The Anonymous hacker collective claimed to have hacked the German branch of the Russian energy giant Rosneft. “But unfortunately the download was stopped in between. ” reported the WELT.

Hacking

Hacking DDOS Internet Internet

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Security Affairs

JANUARY 31, 2022

The expert pointed out that an attacker could exploit this attack chain to turn the user’s camera, and also to hack their iCloud, PayPal, Facebook, Gmail, and other accounts. “My hack successfully gained unauthorized camera access by exploiting a series of issues with iCloud Sharing and Safari 15. accounts too.”

Hacking

Hacking Accountability Mobile Malware

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Security Affairs

AUGUST 21, 2020

During the ordinary monitoring of Deepweb and Darkweb , researchers at Cyble came across the leak disclosure post published by the Maze ransomware operators that claim the hack of the Hoa Sen Group. SecurityAffairs – hacking, Maze Ransomware Operators). Hoa Sen Group is the no.1 Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Backups

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Ukrainian hackers are behind the Free Download Manager supply chain attack

Webinars

Trending Sources

Information Security News headlines trending on Google

Webinars

Free Download Manager backdoored to serve Linux malware for more than 3 years

WordPress Download Manager Plugin was affected by two flaws

4 Malicious apps on Play Store totaled +1M downloads

New Android malicious library Goldoson found in 60 apps +100M downloads

Android app with over 5m downloads leaked user browsing history

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

Phishing with hacked sites

Fleckpe Android malware totaled +620K downloads via Google Play Store

New alleged MuddyWater attack downloads a PowerShell script from GitHub

How to hack the Airbus NAVBLUE Flysmart+ Manager

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Twitter reveals that hackers also downloaded data from eight compromised accounts

DePriMon downloader uses a never seen installation technique

30 Docker images downloaded 20M times in cryptojacking attacks

Alert! Patch your TeamCity instance to avoid server hack

Threat actor claims to have hacked European manufacturer of missiles MBDA

OpenWRT forum hacked, intruders stole user data

Cuba ransomware gang hacked 49 US critical infrastructure organizations

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

Adobe fixes over a dozen flaws in Media Encoder, Download Manager

LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems

WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware

Over 80,000 Hikvision cameras can be easily hacked

Anonymous claims to have hacked the website of the Russian Ministry of Defense

BBC disclosed a data breach impacting its Pension Scheme members

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Critical CrushFTP zero-day exploited in attacks in the wild

Russian APT Nomadic Octopus hacked Tajikistani carrier

Snake, a new Info Stealer spreads through Facebook messages

Anonymous hacked the controversial, far-right web host Epik

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

Source code for the Babuk is available on a hacking forum

Massive hacking campaign compromised thousands of WordPress websites

A flaw in Slack could allow hackers to steal, manipulate downloaded files

4 Million Quidd account details shared on hacking forums

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Stay Connected