Vullnerability researchers found about 700 problematic Microsoft subdomains and captured one of them for demonstration. Michel Gaschet, an information security specialist, reported about the problem back in February, and has been informing Microsoft of its many vulnerable subdomains for many years. “The company has thousands of subdomains at its disposal, many of which can be… Continue reading Researchers found about 700 problematic Microsoft subdomains
Author: Vladimir Krasnogolovy
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Malicious Ledger Live extension for Chrome steals Ledger wallet data
Harry Denley, Director of Security in MyCrypto discovered the malicious Ledger Live extension for Chrome, which is actively advertised on Google and stealing Ledger wallet data. It masks itself as a real Ledger Live tool intended for users of Ledger hardware wallets and their mobile or desktop devices. “Extension has no browser permissions. It only… Continue reading Malicious Ledger Live extension for Chrome steals Ledger wallet data
Chinese coronavirus detection app transmits data to the police
Last month, Chinese authorities released the Alipay Health Code coronavirus detection application, which allowed users checking whether they need to be quarantined due to contact with people infected with coronavirus. According to The New York Times, it turned out that the application also transmits this data to the police. While China encourages people to return… Continue reading Chinese coronavirus detection app transmits data to the police
Cyberattack with the use of ransomware forced Epiq Global to shut down its systems
Epiq Global, a large international law firm, has become the victim of a cyberattack with the use of ransomware. The company has shut down systems in 80 of its offices around the world. According to the statement of Epiq Global, which advises banks, large credit organizations and governments of different countries, the incident took place… Continue reading Cyberattack with the use of ransomware forced Epiq Global to shut down its systems
Vulnerability in OAuth Protocol Allows Hacking Any Facebook Account
The vulnerability is contained in the Facebook login feature, which uses the OAuth 2.0 authorization protocol. Security researcher Amol Baikar discovered a critical vulnerability in the Facebook social network OAuth authorization protocol. The vulnerability has existed for about 10 years, and its exploitation allows attackers hacking into any Facebook account. The problem is contained in… Continue reading Vulnerability in OAuth Protocol Allows Hacking Any Facebook Account
Hackers scan network for vulnerable Microsoft Exchange servers
Information security experts warn that hackers are already scanning the network for Microsoft Exchange servers that are vulnerable to CVE-2020-0688, which Microsoft developers fixed two weeks ago. The problem is related to the operation of the Exchange Control Panel (ECP) component and the inability of Microsoft Exchange to create unique cryptographic keys during installation. “The… Continue reading Hackers scan network for vulnerable Microsoft Exchange servers
Kr00k Wi-Fi-chips vulnerability affects over a billion devices
At the RSA 2020 conference, ESET specialists spoke about the new Kr00k vulnerability (CVE-2019-15126) that can be used to intercept and decrypt Wi-Fi traffic (WPA2). Researchers believe that the Kr00k vulnerability in Wi-Fi-chips affects more than a billion devices. This problem affects any device that uses the solutions of Cypress Semiconductor and Broadcom, from laptops… Continue reading Kr00k Wi-Fi-chips vulnerability affects over a billion devices
Almost three quarters of modern phishing sites use SSL
Anti-Phishing Working Group (APWG) experts in their new report on this cyber threat analyzed modern phishing techniques. They found out that almost three quarters of modern phishing sites use SSL protection. From October to December 2019, the number of recorded phishing sites decreased compared to the summer period. In total, researchers identified 162,155 malicious resources.… Continue reading Almost three quarters of modern phishing sites use SSL
IMP4GT Vulnerability in LTE Threatens Almost All Modern Smartphones
Experts from Ruhr University reported an IMP4GT (IMPersonation Attacks in 4G NeTworks) problem. Modern LTE-enabled devices are vulnerable to IMP4GT, therefore, it threatens almost all smartphones, tablets, and IoT devices. A bug allows simulating another user’s operator’s network, which means an attacker will be able to issue paid subscriptions at the expense of other people… Continue reading IMP4GT Vulnerability in LTE Threatens Almost All Modern Smartphones
Google Search Indexes WhatsApp Private Groups
Google search engine indexes invitations to WhatsApp groups (including links to private groups), which makes them visible and accessible to any user who wants to join the group. The journalist Jordan Wildon drew attention to the problem. He found that the WhatsApp “Invite to Group link” feature allows Google indexing these groups, making them available… Continue reading Google Search Indexes WhatsApp Private Groups