Twitter Used 2FA Phone Numbers For Targeting Sponsored Ad

Social networking site Twitter revealed today that it used phone numbers provided by users for two-factor authentication (2FA), along with email addresses to display targeted ads. “We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system”. The phone numbers and emails that became visible to several advertisers were the same one that were entered by users in the multi-factor protection section with purpose to boost up their accounts security levels. This time users were not able to avoid the targeted advertisements. Twitter mentioned that they didn’t performed such nasty acts deliberately. The issue has been fixed on September 17 and Twitter accounts have stopped providing advertisers with user contact information. Company stated that, no other used-based data was Read more

vBulletin Zero-Day flaw causes data leak of 245,000 Comodo Forum users

vBulletin zero-day flaw (CVE-2019-16759): Comodo Forum data breach According to report, Comodo Discussion Forum (ITarian) has recently suffered a big data breach that led to expose the data of around 245,000 users. The breached data of innocent users of Comodo Forum are Real name, username used for posting in forums, email ID, hashed password, most recent IP addresses to visit the forums and some other usernames from other social sites as well. However, Cyber security researchers have found out vBulletin zero-day flaw which was used in order to compromises Comodo Forum users’s crucial data while logging into online accounts. Let’s start the discussion about the “Data leak of 245000 Comodo forum users” story in detail. vBulletin zero-day flaw: Comodo forum data breach Comodo discussion forum is also known as ITarian which has recently suffered a huge data breach. According to security experts, vBulletin zero-day bug or CVE-2019-16759 allowed the hacker Read more

Account Hijacking Campaign Attacks A Large Number Of Youtube Influencers

Highlights: Reportedly, a phishing campaign invades yet unknown number fo Youtube influences who are specialized in gaming, car industry, tech and other topics as well. Over the last weekend, many users have found they are unable to login their Google and Youtube accounts. After it turned out, a massive phishing campaign was launched by still unknown group of hackers who are mostly targeting popular influencers from various industries. However, the mostly affected industry as per the reports by ZDNet is automotive industry. Initially, the Youtube account hijacking incidents were not tied up together, but later on the fact become clear that the targeted attack was launched with intention to steal particular accounts. However, it’s still unknown that how many accounts were affected, but the victims among them are mostly the famous ones on Youtube. Youtube account hacking were possible due to phishing campaigns under which the attackers sent phishing emails Read more

Yanet Garcia And Nicole Scherzinger Become Latest Celeb Victims of Instagram Hacking as nude picture is leaked Online

Hackers continue to target celebrity Instagram accounts for their delicate welfare. This time, they have targeted Mexican weather girl and social media star Yanet Garcia (11.5 million followers) and also singer Nicole Scherzinger (3.9 million followers). After acquiring complete control over these accounts, scammers modify the bio to a TinyURL or Bit.ly link atht leads users who tap upon them to survey scam web domains that supposedly offer free iPhone XS’s and many more on the Instagram Story. By doing such things, hackers can generate revenues in two ways, first is earning a fee for each survey finished and other is reselling the data provided by the users. The experts observed the Cyber criminals behind the attacks following a particular scam pattern. “Each of the Instagram accounts were hijacked over the past couple of weeks and the attackers were in control enough to rotate multiple shortened links leading to webpages Read more

Bug Detected In iOS 13 Allows Bypassing Lock Screen And Open Address Book

Highlights: According to researcher Jose Rodriguez who told The Register that the latest iOS version 10 is vulnerable to same kind of lock screen bypass as detected earlier with previous iOS versions. According to the latest report, Mr Rodriguez has discovered a bug which allows opening the address book without requiring to unlock the device. He actually found the bug in July this year when iOS 13 was in beta or testing phase. Alike other bugs, this problem also requires users to get physical access to device. Here’s the researcher’s statement: “Bypassing the lock screen includes receiving a call and selecting to answer the call with a text message. After that you need to change the “to” field value for this message using the voice-over functionality”, – says Jose Rodriguez. As per the resultant of this bug, the “to” field provides access to contact list of device owner, and offers Read more

Researchers discovered NetCAT attack that can leak data from Intel CPUs

Researchers have discovered a security weakness in the feature that was introduced by the Intel in some of its server processors few years ago to help enhance its performance. It has been found to be capable of monitoring keystrokes across a network and steal sensitive information without using any vicious application. The weakness is in the Data-Direct I/O (DDIO) feature in some Intel Xeon processors and the attack which was reported by researchers from Vrije University in Amsterdam allows them to leak information from the cache of a compromising processor. The NetCAT (Network Cache Attack) attack can be triggered remotely across a network as it is known and can be used to steal data such as keystrokes in an SSH as they happen. The researchers from VUSec wrote in their explanation of the attack “We show that NetCAT can break confidentiality of a SSH session from a third machine without Read more

Remove News-mars.com from Chrome, IE and Firefox browser

Easy methods to delete News-mars.com Redirect Virus (Step By Step Process) This article will give you complete information about News-mars.com as well as you will get some recommended tips to remove it from machine. You can read this article for learning or educational purpose also. According to Cyber security experts, it is very devastating malware and computer infection that is belongs to browser hijacker family. It is able to hijack your main browser and modifies its default setting as well. It traces your online habit and steals your personal information that causes serious troubles. Don’t be panics, please read this article carefully. Threat Summary Threat Name: News-mars.com Threat Type: Adware, PUP, Browser Hijacker or Redirect Virus Description: This nasty malware injects malicious codes in your main browser as well as in your System’s settings Distribution Methods: Bundles of free software packages, malicious ads or popup messages and many other tricks Read more

How to stop getting scammed by on the rise Google Calendar Spam

Way to prevent spam to invade on Google Calendar It has recently been spotted that Scammers are now using Google Calendar exploit to deliver spam to users. If you are using Google Calendar, you might have noticed that someone invite you for some event that does not exist in practical, along with a bogus message that you have won new mobile phone. It is anticipated that this Google Calendar Spam is being done by misusing the default Goggle settings. The scam message could be filled with malicious links clicking of which can lead into potentially unwanted apps or even some malware installations and can cause a potentially theft of private data. Google Calendar Spam was spotted a few months ago and has been rising since then. If you are the once who get the scam messages, we are here with the solution. Follow the below mentioned step by step guide Read more

Researchers discovers 34 million vulnerabilities in leading clouds

34 Vulnerabilities in AWS, Google Cloud, and Azure due to deployed applications to the clouds A new report form Unit 42 covering the period from January 2018 to June2019, threat intelligence team Palo Alto Networks Inc has discovered 34 Million vulnerabilities across leading cloud service providers, including Amazon Web Services Inc’s Elastic Computer Cloud (more than 29 Million), Google Computer Engine (4 million approx) and Microsoft Corp’s Azure Virtual Machine (1.7 million). According to the researchers, the vulnerabilities were not the result of cloud providers themselves but the applications that Customers on the Cloud. Outdated Apache servers and vulnerably jQuery packages are the major reasons for the vulnerabilities. Growing containers is also one of the reasons behind the vulnerabilities. By using default configurations, Unit 42 found more than 40,000 containers (23,000 Docker containers and 20, 000 kubernet containers) exposed to the Internet. “Research reveals more than 40,000 container systems operate Read more

North Korean launches 35 incidences of Cyber attacks on investigation

UN experts snooping 35 Cyber attacks by North Korea in 17 countries United Nation –UN states that they are investigating 35 incidents in which North Korea launched Cyber attacks against 17 different countries. It seems that the North Korean tried to raise money for weapons and mass destruction programs. Last week, Associated Press summarized the experts report and wrote that the North Korea acquired total sum of $2 billion through the Cyber attacks. “The report to the Security Council gives details on some of the North Korean cyberattacks as well as the country’s successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes Benz S-600 cars”, — points out Associated Press. The most targeted were the financial institution and cryptocurrency exchanges. “South Korea’s Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four Read more