Google has rolled out a new Chrome extension that will inform users if their passwords have been compromised. The service, which was introduced as part of Google’s Safer Internet Day offerings, is called Password Checkup. The Chrome extension checks a person’s username and password against a list of four billion credentials that are known to be compromised. If a match occurs the ...
Read More »Cyber Security News
Google releases February 2019 security patch for Pixel devices, Essential Phone gets updated too
Google has started pushing out latest monthly Android security update for its Pixel smartphones and Pixel C tablet. On Monday, Google Pixel 3, Pixel 3 XL, Pixel 2, Pixel 2 XL, Pixel, Pixel XL, and Pixel C devices got their latest February 2019 security patch along with bug fixes. Parallely, Essential has also rolled out the latest February 2019 security update for Essential ...
Read More »Google’s New Tool Alerts When You Use Compromised Credentials On Any Site
With so many data breaches happening almost every week, it has become difficult for users to know if their credentials are already in possession of hackers or being circulated freely across the Internet. Thankfully, Google has a solution. Today, February 5, on Safer Internet Day, Google launches a new service that has been designed to alert users when they use an exact ...
Read More »3 ways state actors target businesses in cyber warfare, and how to protect yourself
The year 2019 is likely to see an increase of state actors taking aim at the private sector in foreign companies, continuing an ongoing trend over the past several years, according to the 2019 Cyber Threat Outlook published by defense industry firm Booz Allen Hamilton on Monday. The report cites economically-motivated attacks, that aim to “steal information, such as intellectual property and ...
Read More »Attackers Use CoAP for DDoS Amplification
Attackers recently started abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks, NETSCOUT warns. CoAP is a simple UDP protocol designed for low-power computers on unreliable networks that appears similar to HTTP, but which operates over UDP (User Datagram Protocol) port 5683. The protocol is mainly used by mobile phones in China, but is also ...
Read More »Over 3000 Magneto shops have been hacked via insecure extensions in the last 3 months
Attackers use an extension bug to download other extensions and later search for zero-day security issues.Failing to keep the extensions up-to-date is one of the main cause for the rise in such attacks. In the latest research, it has been found that Magneto shops can be targeted by leveraging vulnerable third-party extensions or modules. The attackers can abuse these weak ...
Read More »Top WordPress attacks: Insight into major attacks that involved compromise of WordPress sites
WordPress is the most popular content management system which is based on PHP and MySQL. A recent study revealed that WordPress-associated vulnerabilities have seen a 30% increase in 2018 when compared to the previous year. The number of vulnerabilities related to WordPress recorded in 2018 was 542. Moreover, most of these vulnerabilities, almost 98% were related to WordPress plugins and only 2% ...
Read More »Google works on spotting dodgy ‘evil domains’
Google is working on a way for Chrome to do a better job of spotting fake websites that seek to trick people into handing over personal information. It is concentrating on websites that use letters and numbers to approximate a recognised brand. The work will mean Chrome will warn people they are about to visit sites it believes are fake. ...
Read More »Cookieminer: New malware targets Macs to steal from cryptocurrency wallets
Malware can bypass multi-factor authentication to gain access to cryptocurrency wallets – and also drops mining malware on infected machines. Mac users are being targeted with newly discovered Mac malware that aims to steal the contents of cryptocurrency wallets. Dubbed CookieMiner by researchers because of its capability for stealing browser cookies associated with cryptocurrency exchanges and wallet service websites visited ...
Read More »Updated version of Remexi malware leveraged to spy on foreign diplomats in Iran
The malware boasts a variety of capabilities such as recording keystrokes, taking screenshots of Windows and stealing credentials, logins, and the browser history.Once installed, the malware first connects with the C2 server of hackers in order to receive malicious commands. An updated version of Remexi malware was used in a cyber-espionage campaign that targeted Iranian IP addresses late last year. ...
Read More »