The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 18 min 34 sek zpět

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

2 hodiny 25 min zpět
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

2 Březen, 2024 - 07:23
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

2 Březen, 2024 - 05:38
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

1 Březen, 2024 - 14:32
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that’s designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

4 Instructive Postmortems on Data Downtime and Loss

1 Březen, 2024 - 12:08
More than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: “One option is to assume the single cause is incompetence and scream at engineers to make them The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

1 Březen, 2024 - 11:56
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities

1 Březen, 2024 - 07:26
The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security. "Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

1 Březen, 2024 - 06:29
GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block,” Eric Tooley and Courtney Claessens said. Push protection&Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

29 Únor, 2024 - 16:21
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

29 Únor, 2024 - 12:33
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

29 Únor, 2024 - 12:19
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of yourThe Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks

29 Únor, 2024 - 12:19
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Backdoor Targeting European Officials Linked to Indian Diplomatic Events

29 Únor, 2024 - 09:19
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

29 Únor, 2024 - 09:17
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

29 Únor, 2024 - 06:49
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

29 Únor, 2024 - 06:49
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent
Kategorie: Hacking & Security

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

29 Únor, 2024 - 06:03
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data,
Kategorie: Hacking & Security

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

29 Únor, 2024 - 06:03
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data,Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors

28 Únor, 2024 - 16:08
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with&nbsp
Kategorie: Hacking & Security

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors

28 Únor, 2024 - 16:08
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with&nbspNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security