A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.

The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77.

In brief, a Content Distribution Network (CDN) is a geographically distributed group of servers that sit between the origin server of a website and its visitors to optimize the performance of the website.

images from Hacker News

What’s the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021.

Here we’ll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner.

images from Hacker News

First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately.

Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their users.

Discovered by ESET security researcher Lukas Stefanko, these adware Android applications were developed by a Vietnamese university student, who easily got tracked likely because he never bothered to hide his identity.

images from Hacker News

Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come.

All major United States mobile phone carriers, including AT&T, Verizon, T-Mobile, and Sprint, have joined forces to launch a new initiative that will replace SMS with RCS mobile messaging standard.

What’s more? The initiative is also working with its carrier ownership group and other companies to develop and deploy the new RCS standard in a new text messaging app for Android phones that is expected to be launched in 2020.

The goal of this joint venture, dubbed the Cross Carrier Messaging Initiative (CCMI), is to deliver the GSMA’s Rich Communications Service (RCS) industry standard to consumers and businesses on each of the four carriers, both in the United States and globally.

images from Hacker News

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.

To be noted, hackers haven’t found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks.

But rather than relying on visitors’ willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users’ sessions as possible.

images from Hacker News