US Sanctions 3 North Korean Hacking Groups

blog_DataBreachTodaycomRSSSyndication Monday, September 16, 2019 12:32:00 PM CEST | info [other]

Photo: Korean Central News Agency. The U.S. Treasury Department on Friday sanctioned three alleged North Korean state-sponsored hacking groups that have been blamed for the WannaCry ransomware outbreak, online bank heists and the destructive malware attack against Sony Pictures Entertainment....

Cross-site scripting in Woody Ad Snippets plugin for WordPress

zero-day Sunday, September 15, 2019 7:41:00 PM CEST | info [other]

1) Cross-site scripting. Severity: Low. CVSSv3: [PCI] CVE-ID: CVE-2019-16289. CWE-ID: Description. CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks....

FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew

oodaloop Saturday, September 14, 2019 2:06:00 AM CEST | info [other]

Fedir Hladyr, administrator of the hacking group Fin7, pleaded guilty in a U.S. district court Wednesday to conspiracy to commit computer hacking and wire fraud. Hladyr participated in campaigns that stole more than $1 billion from 100 banks in 30 countries by targeting U.S....

Australia concluded China was behind hack on parliament, political parties

cyware Monday, September 16, 2019 1:17:00 PM CEST | info [other]

By Colin Packham. SYDNEY (Reuters) - Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters....

CVE-2019-15030

NationalVulnerabilityDatabase Friday, September 13, 2019 4:45:00 PM CEST | info [other]

Description. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers....

Pen test goes pear-shaped: cybersecurity firm staff arrested over courthouse burglary

brica Monday, September 16, 2019 12:15:00 PM CEST | info [other]

A midnight raid was not what court administrators had in mind for electronic record security tests. When State court administration (SCA) asked a cybersecurity firm to conduct an assessment of the safety of electronic records kept in Dallas County, the discovery of men in the building in the middle.......

Hacker Accused of Selling Unreleased Music of Famous Artists for Cryptocurrencies Arrested in UK

crowdfundinsider Saturday, September 14, 2019 4:41:00 PM CEST | info [other]

Police from London’s Intellectual Property Crime Unit (PIPCU) have arrested a 19-year-old man they believe stole unreleased songs from the websites and cloud-storage accounts of “world-famous artists” and then sold the music for cryptocurrency. The release does not state where the music was sold nor to whom....

Top Canadian intelligence director 'spied for foreign powers'

CyberReconnaissance Sunday, September 15, 2019 3:37:00 AM CEST | info [other]

Top adviser to the head of Canadian intelligence unit and cyber-security expert who 'spied for foreign powers and leaked secret information' was a Mandarin speaker with connections in China A top Canadian police intelligence officer with connections in China has been charged with leaking secret.......

Calif. May Ban Facial Recognition in Police Body Cameras

BankInfoSecurity Friday, September 13, 2019 7:34:00 PM CEST | info [other]

(Photo: via Flickr/CC ) North Charleston Lawmakers in California have voted to ban the use of facial recognition technology within the body cameras that police wear. See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions On Thursday, the California Assembly.......

SimJacker attack allows hacking any phone with just an SMS

CyberReconnaissance Saturday, September 14, 2019 4:17:00 PM CEST | info [other]

SimJacker is a critical vulnerability Pierluigi Paganini in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be.......