The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 26 min 32 sek zpět

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

1 hodina 26 min zpět
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating
Kategorie: Hacking & Security

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

1 hodina 43 min zpět
Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond
Kategorie: Hacking & Security

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

1 hodina 50 min zpět
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information,
Kategorie: Hacking & Security

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

3 hodiny 56 min zpět
VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x,
Kategorie: Hacking & Security

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

5 hodin 12 min zpět
Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported. Security personnel at the Brians
Kategorie: Hacking & Security

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

5 hodin 29 min zpět
A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "
Kategorie: Hacking & Security

Pakistan-linked hackers targeted Indian power company with ReverseRat

5 hodin 30 min zpět
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday
Kategorie: Hacking & Security

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

23 Červen, 2021 - 12:58
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from
Kategorie: Hacking & Security

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

23 Červen, 2021 - 11:33
It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how
Kategorie: Hacking & Security

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

23 Červen, 2021 - 10:54
Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches
Kategorie: Hacking & Security

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

23 Červen, 2021 - 07:35
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as CVE-2021-20019 (CVSS score
Kategorie: Hacking & Security

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

23 Červen, 2021 - 06:01
Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for
Kategorie: Hacking & Security

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

22 Červen, 2021 - 09:24
U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. <!--adsense--> Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series,
Kategorie: Hacking & Security

5 Critical Steps to Recover From a Ransomware Attack

22 Červen, 2021 - 05:56
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting their
Kategorie: Hacking & Security

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

21 Červen, 2021 - 12:05
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by
Kategorie: Hacking & Security

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

21 Červen, 2021 - 11:15
A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name "%p%s%s%s%s%n" even after rebooting the phone or changing
Kategorie: Hacking & Security

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

21 Červen, 2021 - 08:35
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89
Kategorie: Hacking & Security

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

19 Červen, 2021 - 07:35
Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and
Kategorie: Hacking & Security

Google Releases New Framework to Prevent Software Supply Chain Attacks

18 Červen, 2021 - 12:19
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and
Kategorie: Hacking & Security

[eBook] 7 Signs You Might Need a New Detection and Response Tool

18 Červen, 2021 - 08:33
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations
Kategorie: Hacking & Security