The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 17 min 55 sek zpět

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

1 min 29 sek zpět
Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective.  This means that you won't be able to do the right mitigations to improve your security posture. Here are examples
Kategorie: Hacking & Security

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

1 hodina 1 min zpět
Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks
Kategorie: Hacking & Security

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

1 hodina 25 min zpět
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on
Kategorie: Hacking & Security

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

5 hodin 17 min zpět
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According
Kategorie: Hacking & Security

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

8 hodin 15 min zpět
If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations
Kategorie: Hacking & Security

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store

20 Duben, 2021 - 18:19
Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported
Kategorie: Hacking & Security

[eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR

20 Duben, 2021 - 13:06
For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing
Kategorie: Hacking & Security

120 Compromised Ad Servers Target Millions of Internet Users

20 Duben, 2021 - 12:41
An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing
Kategorie: Hacking & Security

Lazarus APT Hackers are now using BMP images to hide RAT malware

20 Duben, 2021 - 07:33
A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes
Kategorie: Hacking & Security

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

19 Duben, 2021 - 13:58
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload
Kategorie: Hacking & Security

Passwordless: More Mirage Than Reality

19 Duben, 2021 - 13:20
The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind
Kategorie: Hacking & Security

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

17 Duben, 2021 - 11:44
A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information,
Kategorie: Hacking & Security

What are the different roles within cybersecurity?

17 Duben, 2021 - 11:13
People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories
Kategorie: Hacking & Security

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

16 Duben, 2021 - 11:06
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that
Kategorie: Hacking & Security

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

16 Duben, 2021 - 08:47
The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services
Kategorie: Hacking & Security

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

15 Duben, 2021 - 17:42
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.
Kategorie: Hacking & Security

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

15 Duben, 2021 - 12:27
A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.  The evolution
Kategorie: Hacking & Security

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

15 Duben, 2021 - 11:38
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.
Kategorie: Hacking & Security

New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

15 Duben, 2021 - 08:55
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for
Kategorie: Hacking & Security

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

15 Duben, 2021 - 07:57
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be
Kategorie: Hacking & Security