The Hacker News

The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger12050125
Aktualizace: 3 min 15 sek zpět
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution.
The list of flaws, which were reported anonymously way back in June 2022, is as follows -
CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comEmail Security / Hacking News37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger.
"The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week.
DoubleFinger was first THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta.
"Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Post-Quantum Cryptography: Finally Real in Consumer Apps?
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.
Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comQuantum Computing / Network Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools.
The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.
Introduced by Microsoft in February 2023, Bing Chat is an THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comArtificial Intelligence / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface.
Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw.
"In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comServer Security / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems.
The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled.
The THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comVulnerability / Network Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.
"The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comSupply Chain / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries.
The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Threat Intel37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.
The limitations of Browser Isolation, such as degraded browser performance and inability to tackle The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comBrowser Security / Cybersecurity37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset.
The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser.
Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of such buffer overflow flaws can THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comZero Day / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent.
NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Attack37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage.
"This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comVulnerability / Endpoint Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On
Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive.
Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comData Security / Cyber Attack37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager.
"The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild.
Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm -
With a specially THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comZero Day / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Microsoft is Rolling out Support for Passkeys in Windows 11
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system.
The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step.
Based on FIDO standards, Passkeys were first announced in May THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comEndpoint Security / Password37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year.
"ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a joint technical report.
The actor, active THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCybercrime / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Essential Guide to Cybersecurity Compliance
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance.
What is cybersecurity compliance?
The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comCompliance / Penetration Testing37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
- « první
- ‹ předchozí
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- následující ›
- poslední »