New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals,

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.
« Although air-gap computers have no wireless connectivity, we show that attackers can use

,

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.
« Although air-gap computers have no wireless connectivity, we show that attackers can use

, ,
https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware,

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.
While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of

,

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.
While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of

, ,
https://thehackernews.com/2022/07/several-new-play-store-apps-spotted.html

Facebook a trouvé un nouveau moyen incontournable de vous tracker facilement

Facebook a trouvé un nouveau moyen incontournable de vous tracker facilement,

,

facebook instagram

En modifiant la façon dont sont générées les URL qui pointent vers certains contenus, Facebook s’est assuré de pouvoir tracker les utilisateurs à coup sûr, court-circuitant les efforts de navigateurs, comme Brave, ou Firefox, qui bloquaient la méthode précédente depuis peu.

L’article Facebook a trouvé un nouveau moyen incontournable de vous tracker facilement est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/facebook-a-trouve-un-nouveau-moyen-de-vous-tracker-facilement-et-de-maniere-incontournable.html

FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors

FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors,

The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space.
« The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals

,

The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space.
« The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals

, ,
https://thehackernews.com/2022/07/fbi-warns-of-fake-cryptocurrency-apps.html

New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks

New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks,

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an « industry failure » to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat.
Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part

,

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an « industry failure » to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat.
Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part

, ,
https://thehackernews.com/2022/07/new-study-finds-most-enterprise-vendors.html

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand,

Thai activists involved in the country’s pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware.
At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their

,

Thai activists involved in the country’s pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware.
At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their

, ,
https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability,

Researchers from Wordfence have sounded the alarm about a « sudden » spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.
Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution,

,

Researchers from Wordfence have sounded the alarm about a « sudden » spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.
Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution,

, ,
https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch,

With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. 
But beware, they may not give you a full and continuous view of your

,

With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. 
But beware, they may not give you a full and continuous view of your

, ,
https://thehackernews.com/2022/07/mind-gap-how-to-ensure-your.html

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems,

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet.
The software « exploited a vulnerability in the firmware which allowed it to retrieve the password on command, » Dragos security researcher Sam Hanson said. « Further, the software was a malware

,

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet.
The software « exploited a vulnerability in the firmware which allowed it to retrieve the password on command, » Dragos security researcher Sam Hanson said. « Further, the software was a malware

, ,
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html

Les pirates pourraient mettre à mal la navigation anonyme sur le Web

Les pirates pourraient mettre à mal la navigation anonyme sur le Web,

,

Un nouveau type d’attaque permet d’établir une corrélation entre l’identité d’un utilisateur et son activité sur un site malfaisant. Pour cela, le pirate utilise des informations issues des réseaux sociaux et des sites de partage. L’attaque fonctionne avec la plupart des navigateurs actuels.

L’article Les pirates pourraient mettre à mal la navigation anonyme sur le Web est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/les-pirates-pourraient-mettre-a-mal-la-navigation-anonyme-sur-le-web.html