CNN

Researchers at ERPScan discovered that SAP’s POS product, that is a component of the company’s SAP for Retail giving, was stricken by many flaws. Specifically, the system’s server element, Xpress Server, lacked necessary authorization checks for vital practicality. This allows AN assailant with access to the system to send malicious configuration files to Xpress Server and gain complete management of each the frontend and backend of the PoS system. A hacker will abuse tens of commands, permitting them to steal knowledge from all the credit and debit cards used at the targeted store, and apply special costs and discounts to such that things. These discounts is applied for such that times in order that AN item contains a tiny value only fraudsters visit purchase it. Fraudsters may also got wind of the system in order that their purchases area unit charged to the previous customer’s card. An assailant may also modification the info displayed on a receipt, as well as to s

Attendees at a hacking convention in las vegas will spend some time this weekend attempting to break in to over thirty voting machines utilized in recent elections. Hackers at at DEFCON in las vegas were able to successfully breach the software of U.S. voting machines in exactly ninety minutes. The idea behind to hack these machines is to boost awareness and find out exactly how at risk of tampering they're, said by Jeff Moss,DefCon. Technocrats at the annual "DEF CON" in las vegas got physical voting machines and remote access, with the directions of gaining access to the software. According to a Register report, within minutes, hackers exposed evident physical and software vulnerabilities across multiple U.S. mechanical device companies' product. Some devices were found to own physical ports that would be accustomed attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running obsolete software with securit

Fans of Microsoft's long-standing Paint program are suddenly feeling terribly blue. The company recently declared that Microsoft Paint is on an inventory of options that area unit set to be "removed and deprecated" within the Windows 10 Fall Creators Update, set to be free this fall. The 32-year-old(1985-2017) graphic-editing program is formally marked as deprecated, that means it'll be within the fall update however is not any longer being actively updated and will be phased out at some purpose. It's unclear once Microsoft can formally take away Paint from its package. Paint was Microsoft's original Windows 1.0 program once the corporate launched in 1985 and had been a staple in its systems for years. better-known for its simplicity, Paint allowed users to dream of being the digital technologist carver by victimization their computer's mouse because the brush. In October, Microsoft free Paint 3D, associate degree updated version of th

Millions of IoT devices area unit liable to cybersecurity attacks as a result of a vulnerability ab initio discovered in remote security cameras, Senrio reportable on. The firm found the flaw in an exceedingly security camera developed by Axis Communications, one in every of the world's biggest makers of the devices. The Model 3004 security camera is employed for security at the la International field and different places, consistent with Senrio. The problem clad to be a stack buffer overflow vulnerability, that the firm dubbed "Devil's Hedera helix." Axis notified the safety firm that 249 totally different models of the camera were full of the vulnerability. It found solely 3 models that were unaffected. The problem lies deep within the communication layer of gSOAP, associate open supply third-party toolkit that's employed by every kind of device manufacturers for IoT technology, consistent with Senrio. gSOAP manager Genivia reportable that the t

Over twenty-seven thousand cyber security incidents were reported within the 1st six months of this year to Indian Computer Emergency Response Team (CERT-In), Parliament was educated nowadays. These incidents embrace phishing, web site intrusions and defacement in addition as ransomware attacks. "As per the data reported to and caterpillar-tracked by Indian Computer Emergency Response Team (CERT-In), a complete range of 44,679; 49,455; 50,362 and 27,482 cyber security incidents were determined throughout the year 2014, 2015, 2016 and 2017 (till June), severally," Minister of State for natural philosophy and IT P P Chaudhary aforesaid in an exceedingly written reply to the Rajya Sabha. He else that the kinds of cyber security incidents as well as phishing, scanning/probing, web site intrusions and defacements, virus/malicious code, ransomware, denial of service attacks etc. The minister aforesaid CERT-In problems alerts and advisories relating to latest cy

YouTube says it'll send folks checking out "violent extremist propaganda" and provide them videos that denounce coercion. People checking out bound terms about the questionable Islamic State cluster are going to be offered playlists of videos "debunking its mythology". YouTube aforesaid it wished to assist stop folks being radicalised. In a diary post, the video-streaming large aforesaid it absolutely was implementing concepts from the send technique, a campaign that tries to steer the IS audience towards videos that poke fun the group's achievement techniques. The themed video playlists challenge claims by the questionable Islamic State cluster that it provides smart governance, could be a sturdy social unit, which world powers ar conspiring to damage Muslims. Rather than manufacturing new material, the playlists contain videos already uploaded to YouTube that gift Associate in Nursing opposing purpose of read, such as: ·      

The AlphaBay and Hansa Market -DarkWeb sites had been associated with the trade in items such as drugs, weapons, malware and stolen data online as well as offline. Hansa Market was monitored for a month before being deactivated. AlphaBay and Hansa were accessible only through the Tor network, which presence a significant challenge to law enforcement agents hoping to seize the host servers. It’s still unclear how authorities were able to locate the servers or site admin, but it appears to have been done without compromising the underlying protections of Tor. The agency said it believed the bust would lead to hundreds of new investigations in Europe. "The capability of drug traffickers and other serious criminals around the world has taken a serious hit today," said Europol's executive director Rob Wainwright. Marketplace URL: http://pwoah7foa6au2pul.onion/register.php?aff=41211  (Seized) Forum Registty: http://pwoah7foa6au2pul.onion/forum/ Sub Reddit:

WikiLeaks has released details about HighRise, a tool allegedly developed by the US- CIA, which intercepts and redirects SMS messages to a remote web server through an Android application. The malware can enable a CIA agent to access the message before it reaches its intended recipient. As per tweets of WikiLeaks, HighRise acts as a proxy server for text messages. However, it is limited to devices which have the malware installed on it manually – meaning that the CIA would need physical access to the Android device to infect the handset. The manual suggested that it only works on Android versions from 4.0 (Ice Cream Sandwich) to 4.3 (JellyBean) – although it could have been updated to work on more recent versions of the Android OS. The HighRise tool is packaged inside an app called TideCheck. Once the CIA installs the app on the target’s device, they have to run it at least once, in order for it to work at all times – including when the phone is rebooted. The app starts w

Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims. The security firm Check Point has count 250 million PCs infected with malicious code they've called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. It also says it found that the malware also has the ability to remotely run any code on the victim's machine, or download new malicious files. It's potentially serious malware, disguised as something more trivial. "A quarter-billion computers could very easily become victims of real malware," says Maya Horowitz, the head of Check Point research team. "It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind

SambaCry Flaws A seven year old critical remote code execution vulnerability ( CVE 2017-7494 ) in Samba networking software that allows a remote hacker to take full control of a vulnerable Linux and Unix machines has recently been discovered. R esearchers predicted that the SambaCry Flaw based attacks also have potential to spread just like  WannaCry ransomware  widely.   Kaspersky Lab  have captured a malware campaign that is exploiting SambaCry vulnerability to infect Linux computers with cryptocurrency mining software. After compromising the vulnerable machines using SambaCry vulnerability flaw, attackers execute two payloads on the targeted systems, as: INAebsGB.so — A reverse-shell that provides remote access to the attackers. cblRWuoCc.so — A backdoor that includes cryptocurrency mining utilities such as CPUminer. "Through the reverse-shell left in the system, the attackers can change the configuration of a miner already running or infect the victim’s compute