Autoclerk Leaks U.S. Government And Military Personnel Data

A vpnMentor’s research team revealed a failure in a database belonging to Autoclerk, a reservations management system held by best Western Hotels and Resorts Group. The secretary included subject matter about a number of hotel consumers who made reservations around the world using various services. Autoclerk is a reservations management system utilized by resorts to manage web bookings, profits, loyalty programs, guest profiles and payment activity. Victim of this leak was the U.S. government, military and Department of Homeland Security, says the research. On September 13 this year, according to information of security experts, they disclosed a defenseless Elasticsearch database during a large-scale scan of open ports in a certain range of IP addresses. “Open Elasticsearch database was discovered through vpnMentor’s web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within”, — Read more

iTunes Zero-Day Vulnerability Patched with Latest Apple Updates

Attacker uses iTunes zero-day to install BitPaymer Ransomware on Windows According to report, Apple Company has patched iTunes zero-day security flaw that allowed the cybercriminals to bypass the detected of antimalware software and install BitPaymer Ransomware on Windows devices. For those who are not aware, cyber security experts & researchers from Morphisec discovered a new cyber attack that uses iTune Zero-Day bug to install BitPaymer Ransomware on target machine. The attackers breached the targeted company without triggering antimalware protection alarms. However, Morphisec were shared the details of the attack with Apple within disclosure period and waiting for official patch. Let’s start the discussion about iTunes zero-day vulnerability in details. iTunes zero-day vulnerability allows the hacker to bypass the detection of security software Report says, security researchers have discovered the zero-day bug in Windows version of iTunes app that allows the hacker to infect the target machine by installing BitPaymer Ransomware Read more

Twitter Used 2FA Phone Numbers For Targeting Sponsored Ad

Social networking site Twitter revealed today that it used phone numbers provided by users for two-factor authentication (2FA), along with email addresses to display targeted ads. “We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system”. The phone numbers and emails that became visible to several advertisers were the same one that were entered by users in the multi-factor protection section with purpose to boost up their accounts security levels. This time users were not able to avoid the targeted advertisements. Twitter mentioned that they didn’t performed such nasty acts deliberately. The issue has been fixed on September 17 and Twitter accounts have stopped providing advertisers with user contact information. Company stated that, no other used-based data was Read more

vBulletin Zero-Day flaw causes data leak of 245,000 Comodo Forum users

vBulletin zero-day flaw (CVE-2019-16759): Comodo Forum data breach According to report, Comodo Discussion Forum (ITarian) has recently suffered a big data breach that led to expose the data of around 245,000 users. The breached data of innocent users of Comodo Forum are Real name, username used for posting in forums, email ID, hashed password, most recent IP addresses to visit the forums and some other usernames from other social sites as well. However, Cyber security researchers have found out vBulletin zero-day flaw which was used in order to compromises Comodo Forum users’s crucial data while logging into online accounts. Let’s start the discussion about the “Data leak of 245000 Comodo forum users” story in detail. vBulletin zero-day flaw: Comodo forum data breach Comodo discussion forum is also known as ITarian which has recently suffered a huge data breach. According to security experts, vBulletin zero-day bug or CVE-2019-16759 allowed the hacker Read more

Account Hijacking Campaign Attacks A Large Number Of Youtube Influencers

Highlights: Reportedly, a phishing campaign invades yet unknown number fo Youtube influences who are specialized in gaming, car industry, tech and other topics as well. Over the last weekend, many users have found they are unable to login their Google and Youtube accounts. After it turned out, a massive phishing campaign was launched by still unknown group of hackers who are mostly targeting popular influencers from various industries. However, the mostly affected industry as per the reports by ZDNet is automotive industry. Initially, the Youtube account hijacking incidents were not tied up together, but later on the fact become clear that the targeted attack was launched with intention to steal particular accounts. However, it’s still unknown that how many accounts were affected, but the victims among them are mostly the famous ones on Youtube. Youtube account hacking were possible due to phishing campaigns under which the attackers sent phishing emails Read more

Yanet Garcia And Nicole Scherzinger Become Latest Celeb Victims of Instagram Hacking as nude picture is leaked Online

Hackers continue to target celebrity Instagram accounts for their delicate welfare. This time, they have targeted Mexican weather girl and social media star Yanet Garcia (11.5 million followers) and also singer Nicole Scherzinger (3.9 million followers). After acquiring complete control over these accounts, scammers modify the bio to a TinyURL or link atht leads users who tap upon them to survey scam web domains that supposedly offer free iPhone XS’s and many more on the Instagram Story. By doing such things, hackers can generate revenues in two ways, first is earning a fee for each survey finished and other is reselling the data provided by the users. The experts observed the Cyber criminals behind the attacks following a particular scam pattern. “Each of the Instagram accounts were hijacked over the past couple of weeks and the attackers were in control enough to rotate multiple shortened links leading to webpages Read more

Bug Detected In iOS 13 Allows Bypassing Lock Screen And Open Address Book

Highlights: According to researcher Jose Rodriguez who told The Register that the latest iOS version 10 is vulnerable to same kind of lock screen bypass as detected earlier with previous iOS versions. According to the latest report, Mr Rodriguez has discovered a bug which allows opening the address book without requiring to unlock the device. He actually found the bug in July this year when iOS 13 was in beta or testing phase. Alike other bugs, this problem also requires users to get physical access to device. Here’s the researcher’s statement: “Bypassing the lock screen includes receiving a call and selecting to answer the call with a text message. After that you need to change the “to” field value for this message using the voice-over functionality”, – says Jose Rodriguez. As per the resultant of this bug, the “to” field provides access to contact list of device owner, and offers Read more

Researchers discovered NetCAT attack that can leak data from Intel CPUs

Researchers have discovered a security weakness in the feature that was introduced by the Intel in some of its server processors few years ago to help enhance its performance. It has been found to be capable of monitoring keystrokes across a network and steal sensitive information without using any vicious application. The weakness is in the Data-Direct I/O (DDIO) feature in some Intel Xeon processors and the attack which was reported by researchers from Vrije University in Amsterdam allows them to leak information from the cache of a compromising processor. The NetCAT (Network Cache Attack) attack can be triggered remotely across a network as it is known and can be used to steal data such as keystrokes in an SSH as they happen. The researchers from VUSec wrote in their explanation of the attack “We show that NetCAT can break confidentiality of a SSH session from a third machine without Read more

Remove from Chrome, IE and Firefox browser

Easy methods to delete Redirect Virus (Step By Step Process) This article will give you complete information about as well as you will get some recommended tips to remove it from machine. You can read this article for learning or educational purpose also. According to Cyber security experts, it is very devastating malware and computer infection that is belongs to browser hijacker family. It is able to hijack your main browser and modifies its default setting as well. It traces your online habit and steals your personal information that causes serious troubles. Don’t be panics, please read this article carefully. Threat Summary Threat Name: Threat Type: Adware, PUP, Browser Hijacker or Redirect Virus Description: This nasty malware injects malicious codes in your main browser as well as in your System’s settings Distribution Methods: Bundles of free software packages, malicious ads or popup messages and many other tricks Read more

How to stop getting scammed by on the rise Google Calendar Spam

Way to prevent spam to invade on Google Calendar It has recently been spotted that Scammers are now using Google Calendar exploit to deliver spam to users. If you are using Google Calendar, you might have noticed that someone invite you for some event that does not exist in practical, along with a bogus message that you have won new mobile phone. It is anticipated that this Google Calendar Spam is being done by misusing the default Goggle settings. The scam message could be filled with malicious links clicking of which can lead into potentially unwanted apps or even some malware installations and can cause a potentially theft of private data. Google Calendar Spam was spotted a few months ago and has been rising since then. If you are the once who get the scam messages, we are here with the solution. Follow the below mentioned step by step guide Read more