Younes Khantouri

Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password

May 4, 2018 by Younes Khantouri Leave a Comment

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction.

The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.

https://thehackernews.com/2018/04/outlook-smb-vulnerability.html

Suspected ‘Big Bitcoin Heist’ Mastermind Fled to Sweden On Icelandic PM’s Plane

May 4, 2018 by Younes Khantouri Leave a Comment

Icelandic Police had arrested 11 suspects as part of the investigation, one of which has escaped from prison and fled to Sweden on a passenger plane reportedly also carrying the Icelandic prime minister Katrin Jakobsdottir.

Sindri Thor Stefansson, who is suspected of masterminding the whole theft of almost $2 million worth of cryptocurrency-mining equipment, traveled under a passport of someone else but identified through surveillance footage.

Stefansson had recently been transferred to a low-security Sogn prison, located in rural southern Iceland (just 59 miles away from Iceland’s international airport in Keflavik), from where he escaped through a window early Tuesday and boarded the flight to Sweden.

https://thehackernews.com/2018/04/iceland-big-bitcoin-heist.html

9 Popular Training Courses to Learn Ethical Hacking Online

May 4, 2018 by Younes Khantouri Leave a Comment

How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis.

Do you also want to learn real-world hacking techniques but don’t know where to start? This week’s THN deal is for you.

Today THN Deal Store has announced a new Super-Sized Ethical Hacking Bundle that let you get started your career in hacking and penetration testing regardless of your experience level.

The goal of this online training course is to help you master an ethical hacking and penetration testing methodology.

This 76 hours of the Super-Sized Ethical Hacking Bundle usually cost $1,080, but you can exclusively get this 9-in-1 online training course for just $43 (after 96% discount) at the THN Deals Store.

https://thehackernews.com/2017/07/ethical-hacking-online-training.html

Hackers Behind Healthcare Espionage Infect X-Ray and MRI Machines

May 4, 2018 by Younes Khantouri Leave a Comment

Security researchers have uncovered a new hacking group that is aggressively targeting healthcare organizations and related sectors across the globe to conduct corporate espionage.

Dubbed “Orangeworm,” the hacking group has been found installing a wormable trojan on machines hosting software used for controlling high-tech imaging devices, such as X-Ray and MRI machines, as well as machines used to assist patients in completing consent forms.

According to a new report published by Symantec on Monday, the Orangeworm hacking group has been active since early 2015 and targeting systems of major international corporations based in the United States, Europe, and Asia with a primary focus on the healthcare sector.

https://thehackernews.com/2018/04/healthcare-cyber-attacks.html

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

May 4, 2018 by Younes Khantouri Leave a Comment

Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia’s Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles.

Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is typically not possible.

Both exploits take advantage of a buffer overflow vulnerability in the USB software stack of read-only boot instruction ROM (IROM/bootROM), allowing unauthenticated arbitrary code execution on the game console before any lock-out operations (that protect the chip’s bootROM) take effect.

https://thehackernews.com/2018/04/nintendo-switch-linux-hack.html

Police Shut Down World’s Biggest ‘DDoS-for-Hire’ Service–Admins Arrested

May 4, 2018 by Younes Khantouri Leave a Comment

In a major hit against international cybercriminals, the Dutch police have taken down the world’s biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators.

An operation led by the UK’s National Crime Agency (NCA) and the Dutch Police, dubbed “Power Off,” with the support of Europol and a dozen other law enforcement agencies, resulted in the arrest of 6 members of the group behind the “webstresser.org” website in Scotland, Croatia, Canada and Serbia on Tuesday.

https://thehackernews.com/2018/04/ddos-for-hire-hacker.html

Hackers build a ‘Master Key’ that unlocks millions of Hotel rooms

May 4, 2018 by Younes Khantouri Leave a Comment

If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider.

A critical design vulnerability in a popular and widely used electronic lock system can be exploited to unlock every locked room in a facility, leaving millions of hotel rooms around the world vulnerable to hackers.

The vulnerability has been discovered in Vision by VingCard locking system—made by the world’s largest lock manufacturer, Assa Abloy, and deployed in more than 42,000 facilities in 166 different countries, which equals to millions of doors.

https://thehackernews.com/2018/04/hacking-hotel-master-key.html

Amazon Alexa Has Got Some Serious Skills—Spying On Users!

May 4, 2018 by Younes Khantouri Leave a Comment

Security researchers have developed a new malicious ‘skill’ for Amazon’s popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.

Amazon Echo is an always-listening voice-activated smart home speaker that allows you to get things done by using your voice, like playing music, setting alarms, and answering questions.

However, the device doesn’t remain activated all the time; instead, it sleeps until the user says, “Alexa,” and by default, it ends a session after some duration.

https://thehackernews.com/2018/04/amazon-alexa-hacking-skill.html

Online IT Security Courses – CISA, CISM, CISSP Certifications

May 4, 2018 by Younes Khantouri Leave a Comment

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks.

With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber thieves.

That’s why jobs in the cybersecurity field have gone up 80% over the past three years than any other IT-related job. So, this is the right time for you to consider a new career as a cybersecurity professional.

Cybersecurity experts with industry-standard certification are coming from a wide range of backgrounds, who prepare themselves to protect computer systems and networks from viruses and hackers.

https://thehackernews.com/2017/06/cyber-security-certification-training.html

Man Who Hacked Jail Systems to Release His Friend Early Gets 7-Years in Prison

May 4, 2018 by Younes Khantouri Leave a Comment

Konrads Voits of Ypsilanti, Michigan, has been sentenced to seven years and three months in prison for attempting to hack the Washtenaw County Jail computer system and modifying prison records to get his friend released early

Besides spending 87 months in prison, Voits has also been ordered to pay $235,488 in fine to Washtenaw County for the cost accrued in investigating and cleaning up the infiltration that resulted in the compromise of personal information of around 1,600 employees, the US Justice Department announced last week.

Between January 24th, 2017 and March 10th, 2017, Voits successfully tricked IT staff at Washtenaw County Jail into visiting a phony website at “ewashtenavv.org,” which mimics the official URL, “ewashtenaw.org.”

https://thehackernews.com/2018/04/jail-network-hacking.html