Category: News

From 2-spyware.com

MovieSearchHome is not something you want to have on your browser. It is an extension or a potentially unwanted program^[1] installed in your system that acts as a hijacker. It changes the default homepage, new tab address and implements a fake search engine that is untrustworthy. This creates possibilities for people to fall for scams by visiting dangerous pages by accident. Sponsored links can lead to monetary losses or getting infected with more serious threats.

The hijacker can affect all browsers that have the ability to add extensions to it. Normally, browser extensions are meant to provide some kind of benefits for users, like blocking suspicious links, providing coupons, or blocking advertisements. But this one is not like that. It has some basic abilities that can be found on any browser. It is a desperate attempt to try to look current.

Read more…

From securityaffairs.co

Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July.

Microsoft, which investigated the incidents, said the attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322.

Threat actors exploited a zero-day remote code execution flaw, tracked as CVE-2021-35211, in Serv-U products.

SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.

Read more…

From ehackingnews.com

As concerns regarding quantum computing and post-quantum cryptography are overtaking the forefront of cryptographic discussions, especially in areas associated with national defense, the National Security Agency (NSA) has published a document comprising of the most frequently asked questions about Quantum Computing and Post-Quantum Cryptography, in which the agency studied the probable ramifications for national security in the event of the introduction of a “brave new world” far beyond the traditional computing domain. 
This 8-page report provides a summary of quantum computing, its connection with cryptography, the Commercial National Security Algorithm Suite, Commercial Solutions for Classified (CSfC), and the National Information Assurance Partnership (NIAP), as well as forthcoming techniques and cryptography. 

Read more…

From thehackernews.com

Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system.

Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent authentication and log in to a vulnerable device as an administrator.

Read more…

From en.secnews.gr

According to Financial TimesThe Irish Data Protection Commission imposed a fine 225 million ($ 266,8 million) at WhatsApp, because does not provide sufficient information on how European Union users’ data is shared with Facebook. In effect, the fine was imposed because WhatsApp, Facebook’s most popular messaging service, did not comply with the transparency obligations set out in the General Data Protection Regulation (GDPR).

Read more…

From blog.avast.com

The US Federal Trade Commission (FTC) recently announced a ban on the stalkerware company SpyFone and ordered them to delete all of the data they had illegally harvested from victims. Additionally, they banned the company’s CEO, Scott Zuckerman, from working in the surveillance industry ever again and ordered the company to notify everyone who had the app installed on their phone.

“I think that this is a sign that the FTC is getting more serious about this kind of abuse,” Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation (EFF), a founding member of the Coalition Against Stalkerware, tells Avast. “And I’m really glad to see them calling out stalkerware and the company’s CEO in such a direct way.”

According to the FTC press release on the ruling, SpyFone (which is registered as Support King LLC) sold stalkerware apps that allowed people to surreptitiously monitor other people’s devices. The monitoring could include messages, photos, web histories, GPS locations, and other personal information. The company also provided instructions on how to install their apps without the device owner’s knowledge. 

Read more…

From gbhackers.com

The objective of this Information Gathering Tool is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Read more…