Security News > 2020

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."

An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports. Most of the data, Diachenko says, appears to have been collected from previously known sources, but unrestricted access to such a collection would still represent a boon for cybercriminals, providing them with a great resource for phishing and identity theft.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.

Multiple zero-day vulnerabilities in digital video recorders for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread Chalubo, FBot, and Moobot botnets at least since August 30, 2019.

Multiple zero-day vulnerabilities in digital video recorders for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread Chalubo, FBot, and Moobot botnets at least since August 30, 2019.

This design blunder can be abused by nearby miscreants to snatch snapshots of private data, such as web requests, messages, and passwords, over the air from devices as they are transmitted, if said data is not securely encrypted using an encapsulating protocol, such as HTTPS, DNS-over-HTTPS, a VPN, and SSH. Crucially, to pull this off, a hacker does not need to be on the same Wi-Fi network as the victim: just within radio range of a vulnerable phone, gateway, laptop, or whatever is being probed. "Among the devices vulnerable to this attack are the ones from Samsung, Apple, Xiaomi and other popular brands," Hexway told The Register.

"A Dissenting View on Covid-19 Response Considering that the great majority of Covid-19 infections don't require special medical treatment, and that we have a good picture of the small percentage of the population that is most vulnerable, the optimal strategy is to a. provide strong protections for the people known to be most likely to get acutely ill". "Bell curves are the dominant trait of outbreaks. A virus doesn't grow linearly or exponentially forever. It accelerates, plateaus, and then declines. Whether via environmental factors or our own efforts, viruses accelerate and quickly decline. This fact of nature is represented in Farr's law. CDC's recommendation of"bend the curve" or "flatten the curve" reflects this natural reality A low probability of catching COVID-19 The World Health Organization according to their report if you come in contact with someone who tests positive for COVID-19 you have a 1-5% chance of catching it as well.

While the HawkEye keylogger has been in continuous development since 2013, it did see an ownership change in December 2018 and has been particularly resurgent since then. "The current developer of the HawkEye Reborn keylogger/stealer is continuously adding support for different applications and software platforms to facilitate the theft of sensitive information and account credentials," researchers told Threatpost last year.

While the HawkEye keylogger has been in continuous development since 2013, it did see an ownership change in December 2018 and has been particularly resurgent since then. "The current developer of the HawkEye Reborn keylogger/stealer is continuously adding support for different applications and software platforms to facilitate the theft of sensitive information and account credentials," researchers told Threatpost last year.