The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 56 min 3 sek zpět

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

26 Červenec, 2024 - 15:17
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform" The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Offensive AI: The Sine Qua Non of Cybersecurity

26 Červenec, 2024 - 13:00
"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

26 Červenec, 2024 - 10:55
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

26 Červenec, 2024 - 08:19
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

CrowdStrike Warns of New Phishing Scam Targeting German Customers

26 Červenec, 2024 - 07:52
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter [email protected]
Kategorie: Hacking & Security

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

26 Červenec, 2024 - 06:10
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

25 Červenec, 2024 - 16:08
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

6 Types of Applications Security Testing You Must Know About

25 Červenec, 2024 - 13:20
Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

25 Červenec, 2024 - 12:16
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S. and used fake accounts to mask Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

25 Červenec, 2024 - 11:58
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

25 Červenec, 2024 - 10:29
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

25 Červenec, 2024 - 07:47
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length setNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

25 Červenec, 2024 - 07:30
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Chrome Feature Scans Password-Protected Files for Malicious Content

25 Červenec, 2024 - 07:21
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How a Trust Center Solves Your Security Questionnaire Problem

24 Červenec, 2024 - 14:01
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

24 Červenec, 2024 - 13:59
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How a Trust Center Solves Your Security Questionnaire Problem

24 Červenec, 2024 - 13:20
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the
Kategorie: Hacking & Security

How to Reduce SaaS Spend and Risk Without Impacting Productivity

24 Červenec, 2024 - 12:01
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with
Kategorie: Hacking & Security

How to Reduce SaaS Spend and Risk Without Impacting Productivity

24 Červenec, 2024 - 12:01
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

24 Červenec, 2024 - 11:43
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also
Kategorie: Hacking & Security