Extreme Hacking Blog | Cyber Suraksha Abhiyan|sadik.shaikh@extremehacking.org

Yearly Archives: 2019

/2019

Wondering how to whack Zoom’s dodgy hidden web server on your Mac? No worries, Apple’s done it for you

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.

A security researcher this week went public with his finding that the mechanism used to bypass a Safari prompt before entering a […]

By |July 14th, 2019|Cyber News|
Read More

Dodgy-govt fave FinSpy snoopware is back and badder than ever for Android and iOS kit

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

A nasty new variant of the FinSpy snoopware tool that infects and slurps data from Android and iOS phones and tablets is being peddled, we’re told.

Kaspersky said this week the notorious commercial spyware, developed by Gamma Group and sold by its […]

By |July 14th, 2019|Cyber News|
Read More

AMD’s SEV tech that protects cloud VMs from rogue servers may as well stand for… Still Extremely Vulnerable

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Five boffins from four US universities have explored AMD’s Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.

In a paper  presented Tuesday at the ACM Asia Conference on […]

By |July 11th, 2019|Cyber News|
Read More

UK watchdog fined firms £3m for data breaches last year – before its GDPR balls dropped

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

The Information Commissioner’s Office issued £3m worth of fines for data breaches in the year to April 2018 – a mere fraction of its recent proposed GDPR-enabled penalties on British Airways and Marriott.

The UK data watchdog’s annual report for […]

By |July 11th, 2019|Cyber News|
Read More

Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Mozilla on Tuesday added digital certificates belonging to security biz DarkMatter and its subsidiaries to Firefox’s OneCRL blocklist, based on concerns that the UAE-based company will misuse its power as a certificate authority (CA) to intercept online communications.

In a post to Mozilla’s […]

By |July 11th, 2019|Cyber News|
Read More

‘This repository is private’ – so what’s it doing on the public internet, GE Aviation?

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

GE Aviation managed to expose a pile of its private keys on a misconfigured Jenkins instance that was exposed to the public internet, according to a security researcher who found it through Shodan.

“It took me only a couple of […]

By |July 11th, 2019|Cyber News|
Read More

Marriott’s got 99 million problems and the ICO’s one: Starwood hack mega-fine looms over

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

The UK’s Information Commissioner’s Office wants to fine Marriott Hotels £99m over its loss of 383 million customer booking records last year.

The almost-but-not-quite-£100m sum (£99,200,396) was disclosed in a US regulatory filing by Marriott, which said: “Marriott has the right […]

By |July 11th, 2019|Cyber News|
Read More

Huawei website ████ ██████ security flaws ██████ customer info and biz operations at risk: ███████ patched

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Huawei has gagged infosec researchers from discussing now-patched critical vulnerabilities in the Chinese giant’s web systems that could have been exploited to steal customer information and derail the manufacturer’s operations.

A security research team at Italian outfit Swascan told The Register on […]

By |July 11th, 2019|Cyber News|
Read More

Meet the Great Duke of… DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Microsoft has lifted the lid on the inner-workings of a particularly nasty piece of fileless malware that aims to pilfer user data without needing to install software on the victim’s machine.

Dubbed Astaroth – the same name as the Great […]

By |July 11th, 2019|Cyber News|
Read More

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

CVE-Numbers

DOS Vulnerability — Fixed in Client version 4.4.2 — CVE-REQUESTED
Information Disclosure (Webcam) — Unpatched — CVE-REQUESTED

Foreward

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top […]

By |July 9th, 2019|Cyber News|
Read More

Our Belief…

"One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man."
Copyright 2015 Extreme Hacking | All Rights Reserved | Cyber Suraksha Abhiyan | Site Protected by Sadik Shaikh |