Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews November 2021 – Week 1

  • Home
  • Blog Details
November 8 2021
  • CyberNews

Cybersecurity is growing as a necessity rather than a priority. Here is the top cyber news of this week that will prove this statement right.

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google launched an emergency update for its Chrome web browser on Thursday, which also included fixes for two zero-day vulnerabilities that are being actively exploited in the wild, as per the company.

The vulnerabilities CVE-2021-38000 and CVE-2021-38003, are related to insufficient validation of untrusted input in a feature called Intents, as well as a case of improper implementation in the V8 JavaScript and WebAssembly engine. The two issues were identified and reported by the internet giant’s Threat Analysis Group (TAG) on September 15, 2021, and October 26, 2021, respectively.

Read more: The Hackernews

Israeli Researcher Cracked Over 3,500 Wi-Fi Networks in Tel Aviv City

In the Israeli city of Tel Aviv, over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with “relative ease,” demonstrating how insecure Wi-Fi passwords can become a gateway for severe threats to individuals, small businesses, and enterprises alike.

“The process of sniffing Wi-Fis and the subsequent cracking procedures was a very accessible undertaking in terms of equipment, costs, and execution,” said CyberArk security researcher Ido Hoorvitch. He used Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the study.

The new Wi-Fi attack expands on Jens “atom” Steube’s 2018 findings, which involve capturing what’s known as the PMKIDs associate.

Read more: The Hackernews

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

A global fraud activity has been discovered leveraging 151 malicious Android apps with 10.5 million downloads to trick consumers into paying for premium subscription services without their knowledge or consent.

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

The “UltimaSMS” premium SMS scam is believed to have started in May 2021 and involved apps in a variety of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with the majority of the fraudulent apps being downloaded by users in Egypt, Saudi Arabia, Pakistan, the United Arab Emirates, Turkey, Oman, Qatar, Kuwait, the United States, and Poland.

Even though a large number of the apps in question have subsequently been withdrawn from the Google Play Store, 82 of them still continue to thrive.

Read more: The Hackernews

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously unknown malware loader, allowing attackers to gain an early foothold in enterprise networks and drop malicious payloads on compromised systems.

“These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed targeting organizations around the world,” wrote Cisco Talos researchers in a technical report.

The malspam campaign is thought to have started in mid-September 2021 with laced Microsoft Office documents that, when opened, start an infection chain that infects the machines.

Read more: The Hackernews.

Read the latest news here

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver