Vxers developed a new version of GovRAT, called GovRAT 2.0, that has been used to target government and many other organizations in the US.
Source: GovRAT 2.0 continues to target US companies and GovernmentSecurity Affairs
Vxers developed a new version of GovRAT, called GovRAT 2.0, that has been used to target government and many other organizations in the US.
Source: GovRAT 2.0 continues to target US companies and GovernmentSecurity Affairs
Two critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database.Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB.
Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB.
Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not.The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones.
Source: New MySQL Zero Days — Hacking Website Databases
This year, we’ve seen dozens of hacks, breaches, and leaks of billions of records. And it’s still only September. But there are now so many hacks and breaches that you may never hear about most of them.
In most cases, only the “verified” breaches make it to the light of day. And that process alone can take days or even weeks of trying to figure out if allegedly hacked data is what is claimed.
Source: How to verify a data breach (and avoid going to jail)
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation.
Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution.
Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms.
Source: Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers
Way to go Mubix!
A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer (but, logged-in) and works on both Windows as well as Mac OS X systems.In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop.
Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim’s machine.
Source: Here’s How to Hack Windows/Mac OS X Login Password (When Locked)
If countries don’t start acting responsibly with cyber weapons, the arms race could turn into a free-for-all, said President Obama.
Source: Obama warns of hackers creating cyber ‘Wild Wild West’ – Naked Security
A lack of funding and developer interest may see the Apache OpenOffice project close.
Source: Onetime MS Office challenger OpenOffice: We may shut down due to dwindling support | ZDNet
The many failings of Google’s operating system have already been fixed in Microsoft’s Windows 10 Mobile ecosystem. Could Redmond possibly have the upper hand after all in future mobile wars?
Source: Could the future of Android be Windows? | ZDNet
Kaspersky Lab confirmed that the cybercriminals behind the Lurk Trojan were also responsible for the development and distribution of the Angler Exploit Kit.
Source: Lurk Criminal Gang Also Behind Angler Exploit Kit | Threatpost | The first stop for security news