Hacks

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user  spotted  that the cryptographic hash for binaries he downloaded from the official site didn't match the hashes listed on it. Following an immediate investigation, the Monero team today also  confirmed  that its website,  GetMonero.com , was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th 2:30 am UTC and 4:30 pm UTC. At this moment, it's unclear how attackers managed to compromise the Monero website and how many users have been affected and lost their digital funds. According to an  analysis  of the malicious binaries done by security researcher BartBlaze, attackers modified legit...

What could be even worse than getting hacked? It's the "failure to detect intrusions" that always results in huge losses to the organizations. Utah-based technology company  InfoTrax Systems  is the latest example of such a security blunder, as the company was breached more than 20 times from May 2014 until March 2016. What's ironic is that the company detected the breach only after it received an alert that its servers had reached maximum storage capacity due to a data archive file that the hacker created. InfoTrax Systems is an American company based in Utah that provides backend operations systems to multi-level marketers, which also includes an extensive amount of sensitive data on their users' compensation, inventory, orders, and accounting. The breach reportedly occurred in May 2014 when the hacker exploited vulnerabilities in InfoTrax's server and its client's website to gain remote control over its server, allowing him to gain access to sensiti...

A new  JavaScript skimmer  dubbed Pipka attacks eCommerce websites to steal the payment data entered into online payment forms of the websites. It extracts details such as payment account number, expiration date, CVV, and cardholder name and address, from the checkout pages. The Pipka found to be installed on more than sixteen eCommerce websites, the attack campaign detected by Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program. Pipka Play Around Stealthy The use of web skimmers emerges as a turnkey business for cybercriminals and they continue to target online stores to exfiltrate users’ payment card details. Pipka has a special ability when compared to other online skimmers, it is capable of removing itself from the HTML codes of the compromised website once it completes the execution. This new interesting feature gives pipka an ability to play around stealthy and it marks a significant development in  JavaScript skimming . ...

WhatsApp Hacking The recent controversies surrounding the  WhatsApp hacking  haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The vulnerability — tracked as  CVE-2019-11931  — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows. According to an  advisory  published by Facebook, which owns WhatsApp,...

Researchers discovered a mass malware distribution campaign that utilizing the well-known political figures in the U.S. including President Donald Trump, former presidential candidate Hillary Clinton with a series of ransomware, screen lockers, RATs and other malicious applications. A variety of malicious applications uncovered with this campaign, and it was developed to infect the victims with ransomware, implant a backdoor in organization networks with political motivation. Researchers believe that the malware authors are motivated by their political beliefs and turned into malware distribution in different forms. Malware Infection Process Initially, attackers deliver the malware via malspam email campaigns with fake body content related to banking fraud alerts, and it comes from the director of Global Risk for credit card company Visa. The malspam emails come with a malicious attachment that contains RTF files, once it opened, RTF documents retrieve a malicious PE32 e...

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a  blog post  published Tuesday, Facebook said the app developers that unauthorizedly access this information were primarily social media management and video streaming apps that let group admins manage their groups more effectively and help members share videos to the groups, respectively. For those unaware, Facebook made some changes to its Group API in April 2018, a month after the revelation of the  Cambridge Analytica scandal , limiting apps integrated with a group to only access information, like the group's name, the number of members and the posts' content. To get access to additional information like names and profile pictures of members in connection with group activities, group members had to opt-in. However, it seems like Facebook once again...

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed ' Light Commands ,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally respond to light as if it were sound. According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave. "By modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio," the researchers said in their paper [ PDF ]. Doesn't this s...