Author: WhiteHat


Critical vulnerability in Jaxx cryptocurrency wallet app allows takeover of accounts

Cryptocurrency, or digital currency, is really really popular nowadays. Bitcoins are like modern equivalent of cash and, every day another merchant starts accepting them as payment.  While Bitcoin is the most well-known cryptocurrency, it is not the only one.  There are some 700 alternate cryptocurrencies such as Ethereum, Monero, Litecoin or Dash. Just like bank accounts where you keep your money,...

2,838 total views, 2 views today


Over 250 million computers infected with dangerous Fireball malware worldwide

  Checkpoint security researchers have discovered a new and dangerous malware, called Fireball, that hijacks and manipulates infected users’ web traffic to perform malicious actions. Although the dangerous Fireball ransomware is currently being used to generate ad-revenue for a large digital marketing agency in Beijing, it is capable of executing any malicious code on victim machines in order to steal user...

754 total views, 4 views today


Major credit card breach at Kmart stores, check your bank accounts!

For the second time in three years, Kmart Stores has been hit by a malware-based credit card breach. It has been revealed that cyber criminals infected Kmart Store payment data systems with a malicious code and managed to compromise certain credit card numbers. According to Kmart’s announcement, no personal information (such as names, addresses, social security numbers etc) was obtained. It...

969 total views, 4 views today


OneLogin hacked, change your password!

  OneLogin Inc, the US-based password and identity management software company, has confirmed that a malicious actor has managed to illegally access OneLogin data. It has been announced that all customers served by company’s US data center are affected and the database tables accessed included information about users (customer data), apps, and various types of keys. It is also reported on OneLogin support...

834 total views, 4 views today


Critical Google Chrome vulnerability could expose your passwords, how to protect yourself

A serious vulnerability has been discovered in Google’s Chrome web browser that could allow hackers to steal victim’s Microsoft service passwords and Windows login credentials remotely. Luckily, some workarounds exist to prevent the issue until Google releases a security update. The vulnerability exist in the way Chrome downloads files in it’s default configuration. Latest version of the popular web browser downloads files automatically...

940 total views, 7 views today


Database containing 560 million passwords discovered

Security researchers from Kromtech Security Research Center have discovered a massive database that contains more than 560 million email addresses and passwords collected from different sources. The database is 75+ gigabytes in size. It is also reported that this database contains structured email address-password data in readable json format (Javascript Object Notation – simply a way to store information in an...

871 total views, 2 views today


Bell Canada hacked, 1.9 million account details illegally accessed

Bell, Canada’s largest communications company has confirmed on Monday that an anonymous hacker has managed to illegally access Bell customer information. It has been announced that the data accessed included approximately 1.9 million customer’s active email addresses and 1.700 customer’s names and active phone numbers. Luckily, any financial data, password information or other type of sensitive data were not accesses, according to Bell...

1,094 total views, 4 views today


United Airlines cockpit door access codes accidentally posted online

United Continental Holdings Inc, the company that owns United Airlines and United Express, sent out an alert email to employees on Saturday about a breach in cockpit-door security procedures after a flight attendant mistakenly posted some information (including access codes) on a public website, Wall Street Journal reported. On some commercial aircraft, there is a keypad next to the flight deck door...

750 total views, 2 views today


WannaCry, the largest ransomware-spread campaign to date!

If you think that updating operating systems is not necessary, think again! Within the scope of the largest ransomware-spread campaign to date, more than 223.000 computers across 99 countries worldwide (including United States, Russia, India, Germany, Africa, Philippines, China …) have been infected. Here is the story behind the WannaCry ransomware and protection methods… On May 12th, National Cryptological Center of Spain...

887 total views, 2 views today


Multiple vulnerabilities found in Asus RT routers, update needed

Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it. Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router...

695 total views, no views today


New OpenBSD vulnerability allows man-in-the-middle (MitM) attack

OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching. Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s...

1,088 total views, 2 views today


Multiple vulnerabilities in ASUS RT-G32 router allows arbitrary code injection.

Affected products / software : ASUS RT-G32 routers with firmware and . Vulnerability overview : Cross-site scripting and cross-site request forgery vulnerabilities in the ASUS RT-G32 routers with firmware and allows remote attackers to inject arbitrary web script or HTML and change device settings including admin password. Solution / patch info / workaround : Firmware update available on...

2,097 total views, no views today


Foreign VPN service unavailable since an upgrade of China’s Great Firewall

Cyber security analysts on Thursday defended China’s Internet management after an overseas VPN (virtual private network) company on Wednesday announced some of its users in China have been unable to use the service since an upgrade of the Great Firewall, China’s Internet infrastructure. Cyber services should observe the network governance of the country for safety, analysts urged. Astrill claimed in a...

3,288 total views, no views today


Twitter login lets other people read and send your private direct messages

The mechanism that lets you use your Twitter account to log in to websites and mobile apps allows those third parties read your private direct messages and send them too, according to Rishi Lakhani, a search marketing consultant. Although the login is designed that way by Twitter — it’s not a flaw, it’s a feature! — most Twitter users have no...

5,574 total views, no views today


Automakers aim to drive away car computer hackers

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that — given time — they would be able to pop the trunk and start the windshield wipers, cut the brakes or lock them up, and even kill the engine. Their motives were not malicious. These hackers worked on behalf of the...

1,552 total views, no views today


Dirtbox devices on spy planes used to target criminals, but also collecting data from thousands of other phones

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five...

1,572 total views, no views today


Swedish hacker finds ‘serious’ vulnerability in Apple’s OS X Yosemite

A white-hat hacker from Sweden says he’s found a serious security hole in Apple’s Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability “rootpipe” and has explained how he found it and how you can protect against it. It’s a so-called privilege escalation vulnerability,...

1,674 total views, no views today


White House computer network hacked

White House computer network was hit by hackers, resulting in a series of outages and connectivity issues, a White House official said Tuesday. The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was...

1,531 total views, no views today


Windows hit by new 0-day attack.It’s exploited via malicious PowerPoint documents.

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”. The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files...

1,854 total views, no views today