The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 52 min 14 sek zpět

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

19 Září, 2020 - 21:04
Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for Android. Discovered
Kategorie: Hacking & Security

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

19 Září, 2020 - 13:24
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts — one for
Kategorie: Hacking & Security

Android 11 — 5 New Security and Privacy Features You Need to Know

18 Září, 2020 - 17:48
After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy. Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being
Kategorie: Hacking & Security

2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

18 Září, 2020 - 10:48
The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January. Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected
Kategorie: Hacking & Security

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

18 Září, 2020 - 10:45
The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target
Kategorie: Hacking & Security

Zenscrape: A Simple Web Scraping Solution for Penetration Testers

17 Září, 2020 - 16:14
Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It is a much faster and easier process of retrieving data without undergoing the time-consuming
Kategorie: Hacking & Security

U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers

17 Září, 2020 - 14:01
Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing $16.8 million worth of cryptocurrencies in a series of
Kategorie: Hacking & Security

FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List

17 Září, 2020 - 10:29
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just
Kategorie: Hacking & Security

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

16 Září, 2020 - 11:45
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used
Kategorie: Hacking & Security

New Report Explains COVID-19's Impact on Cyber Security

16 Září, 2020 - 11:00
Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible
Kategorie: Hacking & Security

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

15 Září, 2020 - 13:30
In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company. Even the
Kategorie: Hacking & Security

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

15 Září, 2020 - 11:14
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information
Kategorie: Hacking & Security

New Linux Malware Steals Call Details from VoIP Softswitch Systems

11 Září, 2020 - 14:05
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said in a Thursday analysis. "To steal this
Kategorie: Hacking & Security

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

10 Září, 2020 - 23:37
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices
Kategorie: Hacking & Security

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

10 Září, 2020 - 21:01
Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset
Kategorie: Hacking & Security

A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption

10 Září, 2020 - 13:35
IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes. Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most common. Since the onset of the global pandemic that began earlier
Kategorie: Hacking & Security

Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

9 Září, 2020 - 17:21
We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary skills to
Kategorie: Hacking & Security

Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor

9 Září, 2020 - 10:23
A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said
Kategorie: Hacking & Security

Microsoft Releases September 2020 Security Patches For 129 Flaws

8 Září, 2020 - 21:56
As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office,
Kategorie: Hacking & Security

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks

8 Září, 2020 - 14:31
Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team (CERT) said. "These links and attachments may
Kategorie: Hacking & Security