News 1

Critical CSRF Vulnerability Discovered In Facebook

Critical CSRF Vulnerability Facebook

Critical CSRF Vulnerability Discovered In Facebook

Critical CSRF Vulnerability Discovered In Facebook Recently, a bug bounty hunter Youssef Sammouda found a critical cross-site request forgery bug in the Facebook platform. This CSRF vulnerability could allow an attacker to take over accounts effortlessly. Sammouda has elaborated the details of his findings in a blog post. Explaining about the flaw, he wrote, “This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and make a POST request to that endpoint after adding the fb_dtsg parameter.” The vulnerable endpoint, as highlighted, was https://www.facebook.com/comet/dialog_DONOTUSE/?url=XXXX. Here, XXXX denotes the...

Leer más →


Cybersecurity must be top priority for all institutions

cybersecurity Cybersecurity must be top priority for all institutions

Cybersecurity must be top priority for all institutions

Cybersecurity must be top priority for all institutions Job No. 1 in 2019 for asset owners and managers must be reviewing and even spending money to fortify the cybersecurity of their institutions, both in-house and with all the firms that provide them with services, such as custodians, consultants, asset managers and brokerage houses. Hackers have become more cunning, often not attacking a target directly but indirectly through a service supplier, sometimes a minor one. This was the case in a 2017 attack, allegedly by Russian hackers, on the U.S. power grid. The attack did not use sophisticated software, but simple...

Leer más →


New malware found using Google Drive as its command-and-control server

command-and-control server Google Drive hacking Malware

New malware found using Google Drive as its command-and-control server

New malware found using Google Drive as its command-and-control server Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (C2) server. DarkHydrus first came to light in August last year when the APT group was leveraging the open-source Phishery tool to carry out credential-harvesting campaign against government entities and educational institutions in...

Leer más →


Computer geek nicknamed 'Speedy' accused of hacking Amazon servers after being fired

Amazon computer geek hacking amazon Speedy

Computer geek nicknamed 'Speedy' accused of hacking Amazon servers after being fired

Computer geek nicknamed 'Speedy' accused of hacking Amazon servers after being fired A furious computer geek bitter about getting sacked became a hacker and wiped out servers belonging to the online giant Amazon, a court heard today. Steffan Needham, 35, is accused of targeting Amazon's cloud-based computers which stored his former employer's technical data. His trial heard he caused thousands of pounds worth of harm in around one week in May 2016. The jury at Reading Crown Court was today told Needham was released from his contract with digital marketing and software company Voova after a month's trial when the...

Leer más →


Largest collection ever of breached data found

breached data Data Breach

Largest collection ever of breached data found

Largest collection ever of breached data found The largest collection of breached data in history has been discovered, comprising more than 770m email addresses and passwords posted to a popular hacking forum in mid-December. The 87GB data dump was discovered by the security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload Collection #1, said it was probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service. But the work to piece together previous breaches has resulted in a...

Leer más →