BREAKING 🔥

New evidence suggests #SolarWinds hackers likely compromised the software build infrastructure of Orion platform & added malicious code, which was then eventually delivered within new updates that the company compiled, signed, and delivered.

thehackernews.com/2020/12/new-ev… SolarWinds attackers mimic the software developers' coding style and naming standards to blend in their malicious code with the rest of the code.

⚠️URGENT⚠️

Hackers exploit #Solorigate supply-chain backdoor in #SolarWinds enterprise monitoring software to breach US Treasury, Commerce Department, other government agencies, and cybersecurity firm #FireEye.

Details: thehackernews.com/2020/12/us-age…

#infosec #cybersecurity #sysadmin Citing unnamed sources, media said the latest cyberattacks against #FireEye and U.S. government agencies were the work of Russian state-sponsored #APT29 or Cozy Bear #hacking group.

🔥 WATCH OUT 🔥

Many popular #cryptocurrency-related verified Twitter accounts got simultaneously compromised and tweeted an identical "Crypto For Health" #SCAM message.

Hacked people and organizations include Gemini, #Binance, Binance's CEO, #Coinbase, CoinDesk, and KuCoin. Elon Musk's account has also been compromised, tweeting a similar cryptocurrency scam.

Keep an eye on this #Bitcoin address: btc.com/bc1qxy2kgdygjr…

Does someone has found a zero-day bug in @Twitter?

#infosec #cybersecurity

WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Details — thehackernews.com/2020/07/window…

#infosec Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

#cybersecurity #sysadmins #microsoft #informationsecurity

Beware #Android Users!

A new unpatched #vulnerability — dubbed Strandhogg — in Android could let malicious apps take extensive control over your device & steal your login credentials.

Details: thehackernews.com/2019/12/strand…

Dozens of apps are already exploiting this flaw in the wild. @Swati_THN 1) #Phishing Attacks:

#Strandhogg task hijacking vulnerability can be exploited to display a fake user interface (UI) while tricking users into thinking they are using a legitimate app, making it easy for the malware to steal their credentials using spoofed login interfaces.

New Unpatched Bug Could Allow Client-Side Attackers to Bypass #Windows Lock Screen On RDP Sessions

Read more — thehackernews.com/2019/06/rdp-wi…

All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear Starting with Windows 10 1803 and #Windows Server 2019, this flaw exists when login over #RDP requires the clients to authenticate with Network Level Authentication, an option that #Microsoft recently recommended as a workaround against the critical #BlueKeep RDP vulnerability.

EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites

(story coming shortly, stay tuned) [ROUND 4] List of breached sites:

1) Youthmanual — Indonesian college and career platform
2) GameSalad — Online learning platform
3) Bukalapak — Online Shopping Site
4) Lifebear — Japanese Online Notebook
5) EstanteVirtual — Online Bookstore
6) Coubic — Appointment Scheduling