CyberManipal.
Tech news from MIST
Latest
Latest news from CyberManipal, that matters.
Page 4
BREACHES
Five year-long breach disclosed by largest mobile SMS routing firm
3 years ago
Syniverse, a telecom company that helps carriers like Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile, route messages between each other and other carriers abroad, disclosed last week that it was the subject of a possible five-year-long hack. According to the company, its infrastructure processes more than 740... Read more
Syniverse, a telecom company that helps carriers like Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica,... Read more
POLICIES AND REGULATIONS
UN Members Seek New Cyber Discussions Amid Rising Ransomware Attacks
3 years ago
Researchers say that although the number of countries responding to the growing number of ransomware attacks, the future of UN-led efforts to create rules about how nations need to behave in cyberspace remains disturbingly unclear. In March, an UN-based cyber discussion group struck an agreement on a set of guidelines... Read more
Researchers say that although the number of countries responding to the growing number of ransomware... Read more
VULNERABILITIES
Cyber Puppeteer Kits: The New Financial Services Security Threat
3 years ago
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber puppeteer kit. They are a substantial threat to an organization’s employees, customers, critical assets and more. A cyber puppeteer kit, also referenced as “live panels” among the threat actors that operate them, is a new... Read more
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber... Read more
BREACHES
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
3 years ago
Apple released an emergency software update to avoid getting affected by a potentially harmful attack; users should immediately update their iOS devices to install an emergency patch. NSO Group created this patch to prevent exploitation. The company released several security updates on Monday, September 13, which include fixes for various... Read more
Apple released an emergency software update to avoid getting affected by a potentially harmful attack;... Read more
VULNERABILITIES
Spook.js attack Bypasses Chrome's site isolation
3 years ago
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers to leak sensitive data in a Spectre-style attack. The technique is a JavaScript-based line of attack that specifically aims to get around barriers put in place to ... Read more
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved... Read more
RESEARCH AND DEVELOPMENT
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
3 years ago
WhatsApp recently announced that it would be bringing end-to end encrypted chat backups to the cloud for Android and iOS users, allowing users to save information including chat messages and photographs in a cryptographically safe manner on Apple iCloud or Google Drive. This feature is expected to go live in... Read more
WhatsApp recently announced that it would be bringing end-to end encrypted chat backups to the... Read more
RESEARCH AND DEVELOPMENT
Implementation of Cobalt Strike Beacon
3 years ago
This Monday, Researchers disclosed a newly discovered Linux and Windows enactment of Cobalt Strike Beacon, which actively set its sight on government, telecommunications, IT, and financial institutions worldwide. The yet-to-be-detected version of penetration testing tool, also code-named “Vermilion Strike,” has marked one of the rare Linux Ports, i.e., a... Read more
This Monday, Researchers disclosed a newly discovered Linux and Windows enactment of Cobalt Strike Beacon,... Read more
VULNERABILITIES
Airtel’sFeds Warn of Ransomware Attacks Ahead of Labor Day mobile app hit with security flaw which left millions of user data exposed
3 years ago
The federal government has warned that threat actors might use the Labor Day weekend as a prime opportunity to ambush organizations when several staff would be taking time off, leaving behind a skeleton crew to oversee IT and network infrastructure and security. That’s because the absence of key personnel makes... Read more
The federal government has warned that threat actors might use the Labor Day weekend as... Read more
RESEARCH AND DEVELOPMENT
US cyber security firm says it can protect phones against Pegasus
3 years ago
Zimperium, a US-based technology firm that specializes in mobile phone security, claims that it can protect organizations and individuals from zero-day attacks often used by Pegasus or similar spyware programs and has recently secured a contract with the United States Department of Defence (DOD) to deliver a Mobile Endpoint Protection... Read more
Zimperium, a US-based technology firm that specializes in mobile phone security, claims that it can... Read more
VULNERABILITIES
Proxy server vulnerability messing up with Exchange Server config
3 years ago
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020 Microsoft Exchange security updates, but apparently, they found a second major security bug, nicknamed PROXYTOKEN. This vulnerability allows the attacker to bypass all the security authentications easily and make changes to the backend configuration of... Read more
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020... Read more
