The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 24 min 42 sek zpět

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

14 Duben, 2021 - 17:50
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the
Kategorie: Hacking & Security

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

14 Duben, 2021 - 14:01
One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.  This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs. The constant
Kategorie: Hacking & Security

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

14 Duben, 2021 - 10:32
Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (
Kategorie: Hacking & Security

Detecting the "Next" SolarWinds-Style Cyber Attack

13 Duben, 2021 - 19:21
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual
Kategorie: Hacking & Security

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

13 Duben, 2021 - 14:24
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security
Kategorie: Hacking & Security

Hackers Using Website's Contact Forms to Deliver IcedID Malware

13 Duben, 2021 - 13:51
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review
Kategorie: Hacking & Security

BRATA Malware Poses as Android Security Scanners on Google Play Store

13 Duben, 2021 - 09:19
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm
Kategorie: Hacking & Security

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

13 Duben, 2021 - 08:33
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed
Kategorie: Hacking & Security

Hackers Tampered With APKPure Store to Distribute Malware Apps

13 Duben, 2021 - 08:22
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting
Kategorie: Hacking & Security

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

13 Duben, 2021 - 08:22
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple
Kategorie: Hacking & Security

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

13 Duben, 2021 - 07:39
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The
Kategorie: Hacking & Security

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data

12 Duben, 2021 - 18:04
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled
Kategorie: Hacking & Security

What Does It Take To Be a Cybersecurity Researcher?

12 Duben, 2021 - 14:22
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from
Kategorie: Hacking & Security

Alert — There's A New Malware Out There Snatching Users' Passwords

12 Duben, 2021 - 08:51
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was
Kategorie: Hacking & Security

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

9 Duben, 2021 - 16:37
For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this
Kategorie: Hacking & Security

Researchers uncover a new Iranian malware used in recent cyberattacks

9 Duben, 2021 - 13:58
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is
Kategorie: Hacking & Security

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

9 Duben, 2021 - 13:56
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated,
Kategorie: Hacking & Security

Gigaset Android Update Server Hacked to Install Malware on Users' Devices

9 Duben, 2021 - 09:45
Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update
Kategorie: Hacking & Security

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm

8 Duben, 2021 - 15:39
April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping
Kategorie: Hacking & Security

NIST and HIPAA: Is There a Password Connection?

8 Duben, 2021 - 14:47
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?
Kategorie: Hacking & Security