Tag Archives: Threats

Get the Ultimate 2018 Hacker Bundle – Pay What You Want


Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them.

By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical hackers and IT security engineers will be the strongest. So, it’s high time that you should start preparing yourself in the field of ethical hacking.

Although there are many popular and best online courses available in the market, you can’t learn everything from a single book or a course.

Good news, we bring an amazing deal of this month for our readers, known as The Ultimate White Hat Hacker 2018 Bundle online hacking bundle, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

You will get at least 4 hacking courses for less than the average price you pay (as little as $1), and all 8 online courses for the average price (which is $12.11 at the time of writing).

Here’s the brief of all 8 courses which is included in this Pay What You Want deal and requires a minimum of the average price:

1. Learn Hacking Windows 10 Using Metasploit From Scratch
Hack Windows Like a Pro, Secure It Like an Expert, and Detect the Hacker

This online course helps you learn how black hat hackers hack Windows using advanced techniques while improving your knowledge on how to analyze and secure Windows and combat hackers.

2. Hack People, Systems, and Mobile Devices
Learn Advanced Social Engineering Techniques to Crack Mobile Devices

This course helps you learn ethical hacking techniques and methodology used in penetration systems to better protect yourself and those around you.

3. Web Application Penetration Testing Professional: WAPTP v3.1
Attack Web Apps with the Latest Professional Tools & Tricks

This online course helps you build towards mapping an application for insecurities, and understanding how to identify and mitigate threats, with WAPTP v3.1 which is a highly practical and hands-on training for web application penetration testing.

4. From Zero to Hero in Web, Network, and WiFi Hacking
Learn Basic to Advanced Web, Network, and WiFi Hacking

This online course helps you learn the essential elements of WiFi hacking so you can start applying them to a career in ethical hacking.

5. Ethical Hacking Using Kali Linux From A to Z
Discover the Power of Kali Linux, One of the Most Popular Ethical Hacking Tools

This course introduces you to the latest ethical hacking tools and techniques with the popular Kali Linux, using a testing lab for practicing different types of attacks.

6. Learn Website Hacking and Penetration Testing From Scratch
Learn How to Hack Sites Like A Black Hat Hacker and How to Protect Them Like A White Hat Hacker

This course helps you gain a complex understanding of websites, and then learn how to exploit them to carry out a number of powerful cyber attacks and test the security of websites and apps, and fix vulnerabilities.

7. Cyber Security Volume II: Network Security
Discuss Network Security, Firewalls, and Learn the Best Password Managers On the Market

This course helps you learn network hacking techniques and vulnerability scanning to discover security issues and risks across an entire network, learning skills for which big companies are willing to pay top dollar.

8. Ethical Hacking for Beginners
Hack Your Way to a Secure and Threat-Free Environment Using Best-in-Class Tools and Technique.

This course helps you learn ethical hacking and identify threats and vulnerabilities to secure your IT environment.

So, what you are waiting for? Sign up to Grab this amazing deal Now!

THN Weekly Roundup — Top 10 Stories You Should Not Miss


Here we are with our weekly roundup, briefing this week’s top cybersecurity threats, incidents, and challenges, just in case you missed any of them.

Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft’s Windows operating system.

Besides this, the newly discovered Janus vulnerability in the Android operating system and a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup.

I recommend you to read the entire news (just click ‘Read More’ because there’s some valuable advice in there as well).

So, here we go with the list of this Week’s Top Stories:

Process Doppelgänging: New Malware Evasion Technique

A team of researchers, who previously discovered AtomBombing attack, recently revealed a new fileless code injection technique that could help malware authors defeat most of the modern anti-virus solutions and forensic tools.

Dubbed Process Doppelgänging, the method takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader, and works on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.

To know How Process Doppelgänging attack works and why Microsoft refused to fix it, Read More.

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

A newly discovered vulnerability, dubbed Janus, in Android could let attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps.

Although Google has patched the vulnerability this month, a majority of Android users would still need to wait for their device manufacturers to release custom updates for them, apparently leaving a large number of Android users vulnerable to hackers for next few months.

To know more about the vulnerability, how it works and if you are affected, Read More.

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger in more than 460 HP Notebook laptop models that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.

When reported last month, HP acknowledged the presence of the keylogger, saying it was actually “a debug trace” which was left accidentally, and affected users can install updated Synaptics touchpad driver to remove it manually.

To know how to check if your HP laptop is vulnerable to this issue and download compatible drivers, Read More.

New Email Spoofing Flaw Affects Over 30 Popular Email Clients

Researchers discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.

Dubbed MailSploit, the vulnerabilities affect popular email clients including Apple Mail (for macOS, iOS, and watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft email clients, and others.

To watch the PoC video released by the researchers and know more about the vulnerabilities, Read More.

Largest Crypto-Mining Exchange Hacked; Over $80 Million in Bitcoin Stolen

Last week was the golden week in Bitcoin’s history when the price of 1 BTC touched almost $19,000, but the media hype about the bitcoin price diminishes the hack of the largest Bitcoin mining marketplace.

NiceHash mining marketplace confirmed a breach of its website, which resulted in the theft of more than 4,736 Bitcoins, which now worth nearly $80 million.

The service went offline (and is still offline at the time of writing this article) with a post on its website, confirming that “there has been a security breach involving NiceHash website,” and that hackers stole the contents of the NiceHash Bitcoin wallet.

To know more about the Bitcoin hack, Read More.

Microsoft Issues Emergency Windows Security Update

A week before its December Patch Tuesday updates, Microsoft released an emergency security patch to address a critical remote code execution vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim’s PC.

The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, and Windows Server, and affects several Microsoft’s security products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.

To know more about the vulnerability, Read More.

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

Scientists discovered a critical implementation flaw in major mobile banking apps—for both iOS and Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.

Attackers, connected to the same network as the victim, could have leveraged vulnerable banking apps to intercept SSL connection and retrieve the user’s banking credentials, like usernames and passwords/pincodes—even if the apps are using SSL pinning feature.

To know how attackers could have exploited this vulnerability to take over your bank accounts, Read More.

Massive Data Breach Exposes Personal Data On 31 Million Users

While downloading apps on their smartphones, most users may not realize how much data they collect on them, and app developers take advantage of this ignorance, wiping off more data on their users than they actually require for the working of their app.

But what if this data falls into the wrong hand?

The same happened last week, when a massive trove of personal data (over 577 GB) belonging to more than 31 million users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.

To know more about the data breach incident and what information users lost, Read More.

Critical Flaw in Major Android Tools Targets Developers

An easily-exploitable vulnerability discovered in Android application developer tools, both downloadable and cloud-based, could allow hackers to steal files and execute malicious code on vulnerable systems remotely.

The vulnerability was discovered by security researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along with a video to demonstrate how the attack works.

To watch the video and know how this vulnerability can be exploited, Read More.

Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret

It turns out that a 20-year-old Florida man, with the help of another, was responsible for the massive Uber data breach in October 2016 and was paid an enormous amount by the ride-hailing company to destroy the data and keep the data breach incident secret.

Last week, Uber announced that a massive data breach last year exposed personal data of 57 million customers and drivers and that it paid two hackers $100,000 in ransom to destroy the information.

To know more about the data breach at Uber and the hackers, Read More.

Decoding pickpockets and malware

Decoding pickpockets and malware - the most dangerous online threats of 2017

Malware attacks can seem as random as a pickpocket cleaning out your pocket in the city center – these things happen and you just happened to be there. While pickpockets are a great metaphor for cybersecurity – neither pickpockets nor malware are completely random events. Pickpockets aren’t just taking a random walk in the park […]

The post Decoding pickpockets and malware appeared first on Avira Blog.

Read More

THN Weekly Roundup — 10 Most Important Stories You Shouldn’t Miss


Here are we with our weekly roundup, briefing this week’s top cyber security threats, incidents and challenges.

This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit.

We are here with the outline of this week’s stories, just in case you missed any of them. We recommend you read the entire thing (just click ‘Read More’ because there’s some valuable advice in there as well).

Here’s the list of this Week’s Top Stories:

1. Feds Shuts Down AlphaBay and Hansa Dark Web Markets — Dream Market Under Suspicion

On Thursday, Europol announced that the authorities had shut down two of the largest criminal Dark Web markets — AlphaBay and Hansa — in what’s being called the largest-ever international operation against the dark web’s black market conducted by the FBI, DEA and Dutch National Police.

Interestingly, the federal authorities shut down AlphaBay, but before taking down Hansa market, they took control of the Dark Web market and kept it running for at least a month in an effort to monitor the activities of its visitors, including a massive flood of Alphabay refugees.

After the shutdown of both AlphaBay and Hansa, Dream Market has emerged as the leading player, which has been in business since 2013, but it has now been speculated by many dark web users that Dream Market is also under police control.

For detailed information — Read more.

2. New Ransomware Threatens to Send Your Internet History to All Your Friends

After WannaCry and Petya ransomware outbreaks, a new strain of ransomware has been making the rounds on the Google Play Store in bogus apps, which targets Android mobile phone users.

Dubbed LeakerLocker, instead of encrypting files on your device, this Android ransomware secretly collects personal images, messages and browsing history and then threatens to share them with your contacts if you don’t pay $50 (£38).

For more detailed information on the LeakerLocker ransomware — Read more.

3. New CIA Leaks — Smartphone Hacking and Malware Development


WikiLeaks last week published the 16th batch of its ongoing Vault 7 leak, revealing the CIA’s Highrise Project that allowed the spying agency to stealthy collect and forwards stolen data from compromised smartphones to its server through SMS messages.

This week, the whistleblowing organisation revealed about a CIA contractor — Raytheon Blackbird Technologies — who was responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals.

For more detailed information on Highrise Project and its contractor Raytheon Blackbird Technologies — Read More.

4. Three Back-to-Back Multi-Million Dollar Ethereum Heist in 20 Days

This week, an unknown hacker stole nearly $32 Million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – from wallet accounts linked to at least three companies by exploiting a critical vulnerability in Parity’s Ethereum Wallet software.

This was the third Ethereum cryptocurrency heist that came out two days after an alleged hacker stole $7.4 Million worth of Ether from trading platform CoinDash and two weeks after someone hacked into South Korean cryptocurrency exchange and stole more than $1 Million in Ether and Bitcoins from user accounts.

For more detailed information about the Ethereum Heist — Read More.

5. Critical Gnome Flaw Leaves Linux PCs Vulnerable

This week has been bad for Linux users as well. A security researcher discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that allowed hackers to execute malicious code on targeted Linux machines.

German researcher Nils Dagsson Moskopp dubbed the vulnerability Bad Taste (CVE-2017-11421) and also released proof-of-concept (PoC) code on his blog to demonstrate the vulnerability.

For more details about the Bad Taste vulnerability and its PoC — Read More.

6. New Malware Exploits SambaCry to Hijack NAS Devices


Despite being patched in late May, the SambaCry vulnerability is currently being leveraged by a new piece of malware to target the Internet of Things (IoT) devices, particularly Network Attached Storage (NAS) appliances.

SambaCry is a 7-year-old critical remote code execution (RCE) vulnerability (CVE-2017-7494) in Samba networking software that could allow a hacker to remotely take full control of a vulnerable Linux and Unix machines.

The flaw was discovered and patched two months ago, but researchers at Trend Micro warned that the flaw had been actively exploited by the SHELLBIND malware that mostly targets NAS devices used by small and medium-size businesses.

For more detailed information on the SHELLBIND malware — Read More.

7. Devil’s Ivy — Millions of Internet-Connected Devices At Risk

This week, researchers at the IoT-focused security firm Senrio discovered a critical remotely exploitable vulnerability in an open-source software development library used by major IoT manufacturers that eventually left millions of smart devices vulnerable to hacking.

Dubbed Devil’s Ivy, the vulnerability (CVE-2017-9765) in the gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

The researchers also released proof-of-concept (PoC) video demonstrating the RCE on a security camera manufactured by Axis Communications.

For more detailed information on the Devil’s Ivy and PoC video — Read More.

8. “Ubuntu Linux for Windows 10 Released” — Sounds So Weird?

Downloading an entire operating system has just become as easy as downloading an application for Windows 10 users, as Microsoft last week announced the availability of popular Linux distro ‘Ubuntu’ in the Windows App Store.

While the company announced its plans to launch Fedora and SUSE Linux as well on Windows Store, the company did not reveal exactly when its users can expect to see these two flavours of Linux distro on the App Store.

For detailed information on how to install and run Ubuntu on Windows 10 — Read More.

9. Over 70,000 Memcached Servers Vulnerable to Hacking


It’s been almost eight months since the Memcached developers have patched several critical remote code execution (RCE) vulnerabilities in the software, but tens of thousands of servers running Memcached application are still vulnerable.

Cisco’s Talos intelligence and research group last year discovered three critical RCE vulnerabilities in Memcached — a moderhttp://thehackernews.com/2017/07/segway-hoverboard-hacking.htmln open-source and easily deployable distributed caching system that allows objects to be stored in memory.

The vulnerability exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers, but the team of researchers scanned the internet on two different occasions and found that over 70,000 servers are still vulnerable to the attacks, including ransomware attacks similar to the one that hit MongoDB databases in late December.

For more in-depth information on the Memcached vulnerabilities — Read More.

10. Tor Launches Bug Bounty Program for Public

After its intention to launch a public bug bounty program in late December 2015, the Tor Project has finally launched a “Bug Bounty Program,” encouraging hackers and security researchers to find and privately report bugs that could compromise the anonymity network.

The bug bounty reports will be sent through HackerOne — a startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the U.S. Department of Defense for Hack the Pentagon initiative.

For detailed information on bug bounty prices and types of valid vulnerabilities — Read More.

Other Important News This Week

Besides these, there were lots of incidents happened this week, including:

  • Microsoft’s smart move to help take down cyber espionage campaigns conducted by “Fancy Bear” hacking group.
  • A new credential stealing malware found being sold for as cheap as $7 on underground forums.
  • Cisco patched a highly critical RCE vulnerability in its WebEx browser extension for Chrome and Firefox, which could allow attackers to execute malicious code on a victim’s computer remotely.
  • Windows 10 now let you Reset forgotten password directly from your computer’s Lock Screen.
  • Several critical vulnerabilities in Segway Ninebot miniPRO could allow hackers to remotely take “full control” over the hoverboard within range and leave riders out-of-control.
  • Ashley Madison‘s parent company Ruby Corp has agreed to pay a total of $11.2 Million to roughly 37 million users whose personal details were exposed in a massive data breach two years ago.

Powered by WPeMatico