The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 42 min 49 sek zpět

Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution

4 Prosinec, 2020 - 10:20
A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.
Kategorie: Hacking & Security

How Organizations Can Prevent Users from Using Breached Passwords

4 Prosinec, 2020 - 09:14
There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an
Kategorie: Hacking & Security

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

4 Prosinec, 2020 - 09:06
Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called
Kategorie: Hacking & Security

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

4 Prosinec, 2020 - 06:06
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector, are still vulnerable and can be hijacked to 
Kategorie: Hacking & Security

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

3 Prosinec, 2020 - 13:13
TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known
Kategorie: Hacking & Security

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

2 Prosinec, 2020 - 14:25
Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and
Kategorie: Hacking & Security

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

2 Prosinec, 2020 - 14:22
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device
Kategorie: Hacking & Security

CISO with a small security team? Learn from your peers' experience with this free e-book

2 Prosinec, 2020 - 10:27
CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communications and collaboration, and fight fires that may or may not be related to cybersecurity. All the while,
Kategorie: Hacking & Security

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

2 Prosinec, 2020 - 10:20
Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November (CVE-2020-14750) in
Kategorie: Hacking & Security

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

1 Prosinec, 2020 - 15:13
A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private voice messages, photos, and videos, stored
Kategorie: Hacking & Security

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

1 Prosinec, 2020 - 09:54
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both
Kategorie: Hacking & Security

4 Free Online Cyber Security Testing Tools For 2021

1 Prosinec, 2020 - 09:24
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic
Kategorie: Hacking & Security

Indian National Gets 20-Year Jail in United States for Running Scam Call Centers

1 Prosinec, 2020 - 08:37
An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel (aka Hitesh Hinglaj), who hails from the city of Ahmedabad, India, was sentenced in connection with charges of fraud and money laundering. He was
Kategorie: Hacking & Security

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

30 Listopad, 2020 - 13:52
Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users out of their accounts. But what do you do if you are experiencing problems with account
Kategorie: Hacking & Security

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

27 Listopad, 2020 - 09:17
A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of
Kategorie: Hacking & Security

Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF

26 Listopad, 2020 - 18:43
Many of us here would love to turn hacking into a full-time career. To make that dream come true, you need to master your subject and earn some key certifications. To speed up this process, you might want to take a little guidance from the experts. Featuring 98 hours of content from top instructors, The Ultimate 2020 White Hat Hacker Certification Bundle is the ultimate launchpad for your career
Kategorie: Hacking & Security

China's Baidu Android Apps Caught Collecting Sensitive User Data

26 Listopad, 2020 - 07:57
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users' knowledge, thus making
Kategorie: Hacking & Security

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

26 Listopad, 2020 - 07:22
Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed "Operation Falcon," was jointly undertaken by the international police organization along with
Kategorie: Hacking & Security

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

25 Listopad, 2020 - 08:14
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2,
Kategorie: Hacking & Security

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

24 Listopad, 2020 - 15:56
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor
Kategorie: Hacking & Security