Researcher compromised 35 companies through new “dependency confusion” attack

Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”. For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug… Continue reading Researcher compromised 35 companies through new “dependency confusion” attack

Ukrainian cyber police arrested the author of uPanel phishing kit

Ukrainian cyber police have arrested a 39-year-old man who is probably the author of uPanel, one of the most popular phishing kits on the black market. The arrest of the developer of the malicious toolkit was the result of an international investigation. ZDNet’s own sources claim that the phishing toolkit is called uPanel (aka U-Admin).… Continue reading Ukrainian cyber police arrested the author of uPanel phishing kit

Hacker changed the chemical composition of drinking water in a small Florida town

Law enforcement and local authorities in Oldsmar, Florida, reported that on February 5, 2021, an unknown hacker gained access to the city’s wastewater treatment plant and changed the chemical composition of the water. The attacker logged in twice – at 8:00 and 13:30 the same day, initially gaining access to TeamViewer on the computer of… Continue reading Hacker changed the chemical composition of drinking water in a small Florida town

Researcher discovered that Chrome Sync function can be used to steal data

Croatian researcher Bojan Zdrnja discovered a malicious Chrome extension abusing Chrome Sync. If you do not use Chrome, let me remind you that this function is applied to synchronize data between different user’s devices, and stores copies of all user bookmarks, browsing history, passwords, as well as browser settings and browser extensions on Google cloud… Continue reading Researcher discovered that Chrome Sync function can be used to steal data

In 2020, Google paid cybersecurity experts $6.7 million

During the year, Google paid out 6.7 million to cybersecurity experts and published statistics on bug bounty programs for 2020. It turned out that during this time, researchers from 62 countries of the world discovered 662 vulnerabilities in Google products. The majority of payments cybersecurity experts received for errors that were found within the Chrome… Continue reading In 2020, Google paid cybersecurity experts $6.7 million

Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020,… Continue reading Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

WEF warned of impending cyber pandemic

The WEF experts warned about the impending cyber pandemic and called for new approaches to risk management associated with the development of next generation technologies. By 2025, next-generation technologies such as ubiquitous connectivity, artificial intelligence, quantum computing or new approaches to identity and access management could overwhelm the defences and lead to a global cyber… Continue reading WEF warned of impending cyber pandemic

Hackers infected the Android emulator NoxPlayer with malware

UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.” ESET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated… Continue reading Hackers infected the Android emulator NoxPlayer with malware

FonixCrypter ransomware stopped working and published a key to decrypt data

The authors of the FonixCrypter ransomware announced that they had removed the source code of their malware and after this FonixCrypter stopped working. Along with this statement, they published a tool for decrypting files, instructions for it and a master key for malware. Therefore, former victims of the ransomware can now recover their data for… Continue reading FonixCrypter ransomware stopped working and published a key to decrypt data

LogoKit phishing kit allows creating phishing pages in real time

RiskIQ researchers said that the new LogoKit phishing kit was detected on more than 700 unique domains in the last month alone and on 300 in the last week. Worse, this tool allows hackers to modify logos and text on phishing pages in real-time, tailoring sites for specific purposes. LogoKit relies on sending users phishing… Continue reading LogoKit phishing kit allows creating phishing pages in real time