🛑 BREAKING NEWS Business, Economy, Multimedia, Web Development, Science, World

TheHackerNews: Telegram Agrees to Share User Data with Authorities for Criminal Investigations

Cibum: Hellas informed the European RAPEX about a carcinogenic shampoo circulating on the Hellenic market (VICTOR cold titanium hair & body shower, Garnier Fructis)

Enimerotiko: The Spanish clothing brand "Sfera" is leaving Hellas after 19 years of presence.

WealthyAffiliate: How to Increase Branded Search From Google to Your Website

AmericanMediaGroup: Breaking News: BlackRock Files for Bankruptcy! The Unbelievable Collapse of a Financial Giant

CNN: Chemicals linked to breast cancer found in food packaging [They really care about your health]

NewsTarget: CDC finally admits FLUORIDE is TOXIC to humans, especially babies, causing neurological damage, so why not remove it from all municipal tap water right away? [Because they care about your health]

In: Cancer: Nearly 200 carcinogens have been found in food contact materials

Reuters: Trojan condoms contain 'forever chemicals,' lawsuit claims

WebMarketSupport:

1 Workshop #6 incoming

2 Info product incoming

Stay tuned for more!

news #BusinessNews #EconomyNews

After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity.

KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese state-sponsored actors, including Volt Typhoon (aka Bronze Silhouette, Insidious Taurus, or Vanguard Panda).

...it was first documented by the Black Lotus Labs team at Lumen Technologies...

@TheHackerNews

Hackers Target Defense Contractors' Employees By Posing as Recruiters

Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies.

According to the FBI and CISA, North Korean state-sponsored hackers Lazarus Group, also known as Hidden Cobra, are spreading BLINDINGCAN to "gather intelligence surrounding key military and energy technologies."

To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.

The CISA report says that attackers are remotely controlling BLINDINGCAN malware through compromised infrastructure from multiple countries, allowing them to:

- Retrieve information about all installed disks, including the disk type and the amount of free space on the disk

- Create, start, and terminate a new process and its primary thread

- Search, read, write, move, and execute files

- Get and modify file or directory timestamps

- Change the current directory for a process or file

- Delete malware and artifacts associated with the malware from the infected system.

Cybersecurity companies Trend Micro and ClearSky also documented this campaign in a detailed report explaining the whole methodology and concept of the attack.

Click here to read the full article at Thehackernews.com

Holy moly, #Facebook is again at the center of a new #privacy controversy after revealing today that its platform mistakenly kept a copy of #passwords for "hundreds of millions" users in plaintext. READ THIS STORY ON — https://thehackernews.com #instacybersecurity #instasecurity #instanews #thehackernews #hackernews #hacker #hackers #hack #cyber #infosec #informationsecurity #hacking #cybersecurity #instagram #instasecurity https://www.instagram.com/p/BveLppQBiMS/?utm_source=ig_tumblr_share&igshid=1xs3onqaxy2vi

According to The Hacker News Network, Mac users need to beware of a newly discovered piece of malware called CookieMiner  which steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts. . Uncovered by Palo Alto Networks' Unit 42 security research team, CookieMiner also covertly installs coin mining software onto the infected Mac machines to secretly mine for additional cryptocurrency by consuming the targeted Mac's system resources. . . CookieMiner was found targeting Binance, Coinbase, Poloniex, Bittrex, Bitstamp, MyEtherWallet, and any website having "blockchain" in its domain and using cookies to track their users temporarily. . . Advice You should also consider clearing your cookies when visiting the banking or financial accounts, and "keep an eye on their security settings and digital assets to prevent compromise and leakage,". #groopesecurityresearch #groopeinnovations #thehackernews (at New York, New York) https://www.instagram.com/p/BtV4_-uBVfM/?utm_source=ig_tumblr_share&igshid=ljhamge7sz11

Andor – Blind SQL Injection Tool With Golang | TheHackerNews.Co #cybersecurity #ethicalhacking #hackandroid #hackapp #hackwordpress #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #thehackernews

ICYDN » You can join our #Telegram channel for breaking #cybersecurity and #hacking news alerts on your phone 👉 https://t.co/nTOCs9Dn13 [no spam, just 2-3 top stories/day] #Thehackernews #infosec #malware #0day https://t.co/dOnHiBWR9R (via Twitter http://twitter.com/TheHackersNews/status/1122556872609763328)

 تحذيرات من برمجية ضارة تسرق حسابات فيسبوك

 تحذيرات من برمجية ضارة تسرق حسابات فيسبوك

حذّر الفريق التقني بشركة “Zimperium” لأمن المعلومات وفقاً لموقع “thehackernews” المتخصص، من برمجية ضارة تصيب هواتف أندرويد وتستهدف سرقة بيانات تسجيل الدخول إلى حسابات فيسبوك من الأجهزة المُصابة. ونوهت إلى أن البرمجية الضارة تأتي ضمن حملة تستهدف نظام تشغيل أندرويد، وقد أصابت ما لا يقل عن 300 ألف جهاز في 71 دولة مختلفة. وأطلقت الشركة على البرمجية الضارة اسم “Schoolyard Bully” وتعني متنمّر المدرسة،…

View On WordPress

Hackers Exploit Microsoft's Multi-Factor Authentication

Hackers Exploit Microsoft’s Multi-Factor Authentication

Microsoft’s multi-factor authentication has a vulnerability that allows hackers from Russia to exploit to gain access to organizations’ private networks. According to TheHackerNews, cybersecurity firm Mandiant has reported a trend of hackers exploiting multi-factor authentication (MFA) to gain access to accounts inactive Microsoft Mandiant mentions that the Russian group APT29 – also known as…

View On WordPress

Microsoft Bu Ay 3 Tanesi Sıfırıncı Gün Olmak Üzere 44 Güvenlik Açığına Karşı Yama Yayınladı

Salı günü Microsoft , yazılım ürünlerini ve hizmetlerini etkileyen toplam 44 güvenlik sorununu gidermek için güvenlik güncellemeleri yayınladı; bunlardan biri,  aktif olarak sömürülen bir sıfır gün açığıdır. Aralık 2019'dan bu yana en küçük sürüm olan güncelleme, Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Kitaplığı, Uzak Masaüstü İstemcisi'ndeki yedi Kritik ve 37 Önemli hatayı ortadan kaldırıyor. Yamalı sorunların başında CVE-2021-36948 (CVSS puanı: 7.8), Windows Update Medic Service'i (Windows Update bileşenlerinin düzeltilmesini ve korunmasını sağlayan bir hizmet) etkileyen ve kötü amaçlı programları çalıştırmak için kötüye kullanılabilecek bir ayrıcalık yükselmesi hatası yer alır. Güvenlik açıklarından ikisi, yayınlandığı tarihte herkes tarafından biliniyordu - CVE-2021-36942 (CVSS puanı: 9.8) - Windows LSA Kimlik Sahtekarlığı Güvenlik Açığı - CVE-2021-36936 (CVSS puanı: 8.8) - Windows Yazdırma Biriktiricisi'nde Uzaktan Kod Yürütme Güvenlik Açığı CVE-2021-36942 , LSARPC arabirimini engelleyerek PetitPotam gibi NTLM geçiş saldırılarına karşı sistemlerin güvenliğini sağlamaya yönelik düzeltmeler içerirken, CVE-2021-36936, Windows Yazdırma Biriktiricisi bileşenindeki başka bir uzaktan kod yürütme kusurunu giderir. Microsoft, CVE-2021-36942 danışma belgesinde "Kimliği doğrulanmamış bir saldırgan LSARPC arabiriminde bir yöntem çağırabilir ve etki alanı denetleyicisini NTLM kullanarak başka bir sunucuya karşı kimlik doğrulaması yapmaya zorlayabilir" dedi; "güvenlik güncellemesinin eklenmesi, etkilenen API çağrılarını OpenEncryptedFileRawA ve OpenEncryptedFileRawW'yi LSARPC arabirimi aracılığıyla engeller." CVE-2021-36936 aynı zamanda Microsoft'un bu ay düzelttiği Yazdırma Biriktiricisi hizmetindeki üç kusurdan biridir ve diğer iki güvenlik açığı CVE-2021-36947 ve (CVSS puanı: 8.2) ve CVE-2021-34483 (CVSS) olmuştur. puan: 7.8), ikincisi bir ayrıcalık yükselmesi güvenlik açığı ile ilgilidir. Ayrıca Microsoft, CVE-2021-34481 (CVSS puanı: 8.8) olarak izlenen Yazdırma Biriktiricisi hizmetinde daha önce açıklanan bir uzaktan kod yürütme sorununu çözmek için güvenlik güncelleştirmeleri yayımladı . Bu, " İşaretle ve Yazdır " özelliğinin varsayılan davranışını değiştirerek, yönetici olmayan kullanıcıların kendilerini bir yönetici konumuna yükseltmeden uzak bir bilgisayardan veya sunucudan sürücüleri kullanarak yeni ve mevcut yazıcı sürücülerini yüklemelerini veya güncellemelerini etkili bir şekilde önler. Salı Yaması güncellemelerinin bir parçası olarak giderilen bir diğer kritik kusur , Windows TCP/IP'de bir uzaktan kod yürütme güvenlik açığı olan CVE-2021-26424'tür (CVSS puanı: 9.9), Microsoft'un "kötü niyetli bir Hyper-V misafiri tarafından uzaktan tetiklenebildiğini" not eder. ipv6 Hyper-V ana bilgisayarına ping gönderir. Saldırgan, paketleri işlemek için TCP/IP Protokol Yığınını (tcpip.sys) kullanarak ana bilgisayarına özel hazırlanmış bir TCP/IP paketi gönderebilir." En son güvenlik güncellemelerini yüklemek için Windows kullanıcıları Başlangıç ​​> Ayarlar > Güncelleme ve Güvenlik > Windows Update'e gidebilir veya Windows güncellemelerini kontrol et'i seçebilir. Diğer Satıcılardan Gelen Yazılım Yamaları Microsoft'un yanı sıra, aşağıdakiler de dahil olmak üzere çeşitli güvenlik açıklarını gidermek için bir dizi başka satıcı tarafından yamalar yayımlanmıştır: - Adobe - Android - Cisco - Citrix - Ardıç Ağları - Linux dağıtımları SUSE , Oracle Linux ve Red Hat - SAP - Schneider Elektrik - Siemens'in - Vmware   TheHackerNews Read the full article

Security firm SonicWall was victim of a coordinated attack

Security firm SonicWall was victim of a coordinated attack

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities […] The post Security firm…

View On WordPress

https://www.wpplatformhelp.com/wordpress-tutorials-by-wp-learning-lab/breaking-news-wordpress-security-vulnerability-in-all-wordpress-sites-running-4-9-8-and-previous/

[BREAKING NEWS] WordPress Security Vulnerability In All WordPress Sites Running 4.9.8 and Previous

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: https://wplearninglab.com/17-point-wp-pre-launch-checklist-optin-yt/?utm_source=YouTube_Video&utm_medium=Description_Link&utm_term=Description_Link&utm_campaign=YouTube

Check out the free WP & Online Marketing Summit For Beginners. The online event is June 18, 2019: https://events.wplearninglab.com/

[BREAKING NEWS] WordPress Security Vulnerability In All WordPress Sites Running 4.9.8 and Older https://youtu.be/Rux0crC0S-M

//* Join our private Facebook group today! https://www.facebook.com/groups/wplearninglab

Top 10 Most Common WordPress Security Mistakes: https://www.youtube.com/watch?v=bt3ezVsufPE&list=PLlgSvQqMfii7YSIzIPnLng0zDkGbvQTwG

Staging area tutorial: https://www.youtube.com/watch?v=tq-4K_GU-Qo&list=PLlgSvQqMfii7aN-XeBQ1qdFYsL892rAw7

WordPress backup tutorial: https://www.youtube.com/watch?v=566Zw8e84lE&list=PLlgSvQqMfii7Z3nd1-Xq3dYve0jqZ0IEc

Original RIPS Technology Post: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

TheHackerNews post: https://thehackernews.com/2019/02/wordpress-remote-code-execution.html //* This was brought to my attention by Steven in the private WPLearningLab facebook group. If you’re not a member yet, click here to get in: https://www.facebook.com/groups/wplearninglab

WordPress Security is really important, so don’t sleep on this video. A critical flaw in the past 6 years of WordPress core releases is finally patched. To get the patch you’ll have to update to WordPress 5+.

If you’re concerned about the update, you can copy your site to a staging area, make the update and see if anything breaks. If nothing goes wrong, it should be safe to update.

But make sure you make full backups of your site and database first, just in case.

From TheHackerNews.con: If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. I mean immediately.

Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that affects all previous versions of WordPress content management software released in the past 6 years.

The remote code execution attack, discovered and reported to the WordPress security team late last year, can be exploited by a low privileged attacker with at least an “author” account using a combination of two separate vulnerabilities-Path Traversal and Local File Inclusion-that reside in the WordPress core. //* Here are 20+ reasons why I host all my sites with SiteGround: https://wplearninglab.com/siteground-wordpress-hosting-review/ //*

Post videos of your WordPress success using the hashtag #WPLLCommunity!

Get on the Unofficial Ultimate Guide To Elementor course waiting list here (no obligation): https://elementor.convertri.com/elementor-guide-waiting-list

Here’s the link for Elementor Pro (aff): https://wplearninglab.com/recommends/elementor

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab source

Hackers Deliver LimeRAT Malware Using Password Protected Excel Spreadsheet’s | TheHackerNews.Co #computersecurity #malware #rat #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #thehackernews

What is the most common reason that forces/motivates researchers/hackers to disclose unpatched bugs? Share your opinion and other reasons in the comments. #opinion #poll #vote #infosec #hacking #cybersecurity #halloffame #security #thehackernews #hackernews #bugbountytip #hack (via Twitter http://twitter.com/TheHackersNews/status/1120573721020903424)

باحثون يستخدمون إشارات البلوتوث لتعقب الهواتف الذكية

باحثون يستخدمون إشارات البلوتوث لتعقب الهواتف الذكية

تمكن فريق من المهندسين في جامعة كاليفورنيا سان دييغو، من إثبات أن إشارات البلوتوث المنبعثة بشكل مستمر عبر هواتفنا المحمولة يمكنها أن تترك بصمة فريدة لاستخدامها في تتبع حركات الأفراد، وذلك في أول مرة يستطيع العلماء تأكيد الأمر. وبحسب تقرير نشره موقع thehackernews،فإن الأجهزة المحمولة بما يشمل أيضًا هواتفنا العادية، الساعات الذكية وأجهزة تتبع اللياقة البدنية، تنقل إشارات بشكل مستمر يُطلق عليها اسم…

View On WordPress

53 more Android applications to cheat charges need to be deleted urgently

53 more Android applications to cheat charges need to be deleted urgently

Security researchers from Zscaler ThreatLabz and Pradeo have discovered a series of fee-fraud apps targeting Android users. According to Thehackernews , these fee-fraud apps are known to contain malware notorious Joker – designed to enroll users in unwanted paid services or make calls to numbers. specifically, also collects SMS messages, contacts and device information. This malware was first…

View On WordPress