Cyber Security News — Past 24 hours | 01.06.2021

Social Media Influencers are the Latest Target of Cyber Criminals

The number of cybercrimes and scams is rapidly increasing with the advancement of technology. The police said that a new cyber fraud with social media influencers has been detected.

There are a great number of followers of social media influencers on social media and companies are paying them regularly for their handles to promote their products. Such imaginary operators can utilize these influencers of social media who are unaware of the consequences. There are influencers on social media that only promote fictitious mobile apps. Fraudsters also send dubious links as supporters of influencers on social media. A woman social media influencer who was a candidate in recent elections said, “ After uploading my affidavit into ECI website, I had three lakh downloads. I got good reviews on a social media page but only one person alleged that I had hacked the ECI site- which was baseless. He went on leveling allegations on me. I just ignored it”.

With the increase in such cyber frauds, a Youtuber who himself was a victim of this, stated that the overwhelming majority of influencers on social media are being used by fraudsters.

Source — https://www.ehackingnews.com/2021/07/social-media-influencers-are-latest.html

UN Security Council Talks Over Cyber threats, Where it Leads?

The world’s most important forum regarding well being of nations, the United Nations Security Council is going to carry out its first organized public meeting on cybersecurity. The forum will address growing threats of cyberattacks on countries. In the recent past, many countries witnessed security incidents targeting their key infrastructure.

In which he laid out 16 “untouchable” entities, ranging from the energy sector to water distribution.

“This is the generic list of critical infrastructure which every country has,” said one European ambassador who specializes in cybersecurity.

“In the United Nations first committee, we already have agreed in 2015, which is six years ago, that we are refraining from malicious cyber activities against each other’s critical infrastructures as UN member states,” the diplomat said.

The meeting takes place at a ministerial-level through online services.

Before this formal meeting, the Security Council has already addressed the issue multiple times, but not formally, it always addressed the subject behind closed doors.

The aim of the videoconference, Estonia said, is “to contribute to a better understanding of the growing risks stemming from malicious activities in cyberspace and their impact on international peace and security”.

Furthermore, a diplomat added this issue is not something where we hide our heads under the sand and say the matter like this doesn’t exist.

Source — https://www.ehackingnews.com/2021/07/un-security-council-talks-over-cyber.html

Burp Suite 2021.7 Released With New Tool & Updated Burp Scanner

The developers of Portswigger have recently released the new version of Burp Suite, «Burp Suite 2021.7» with updated Burp Scanner and several other new tools.

This new version, Burp Suite 2021.7 comes with a new powerful tool soon after released since the old version Burp Suite 2021.6.2 which has been recently released, and the new version is upgraded for testing DOM XSS, «DOM Invader» and some little but still important enhancements as well.

Don’t know about Burp Suite? Don’t worry about that, as here we have mentioned a short description to make you understand that what is Burp Suite.

Burp Suite is a tool that is used for testing application security Testing, so, if you are a security professional, pentester, bug hunter then Burp Suite is the perfect choice for you to analyze apps.

This security tool is developed by PortSwigger, and it’s basically designed to support numerous methodologies, performing different types of tests, offering you complete control of the actions that are carried out and a deep analysis of the outcomes.

In short, Burp Suite accommodates users to anticipate security problems in applications present in any organization, and recognize the flaws before attackers abuse them.

Source — https://gbhackers.com/burp-suite-2021-7/

Universal XSS Vulnerability In Microsoft Edge

Two security researchers, Vansh Devgan and Shivam Kumar Singh, discovered a severe Universal XSS vulnerability in the Microsoft Edge. Specifically, this bug typically affected the automatic translation feature of the browser. Sharing the details in a post, the researchers revealed that they found this vulnerability when they visited a website in another language via the Edge browser and attempted to translate the page. The immediate appearance of popups led them to the discovery of the XSS. Briefly, the bug existed in the startPageTranslation function. The vulnerable code of the auto-translation feature improperly processed the “>” in HTML tags.

As stated in the post, “Microsoft Edge has an vulnerable code to which actually takes any html tags having an “>img tag without sanitising the input or converting the payload into text while translating so actually that internal translator was taking “>img src=x onerror=alert> payload and executing it as an javascript as there were no proper validation check which does sanitisation or convert complete DOM into text and then process it for translation”.

To test this, the researchers created a POC.html file with the payload

Source — https://latesthackingnews.com/2021/06/30/universal-xss-vulnerability-in-microsoft-edge/

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store