The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 10 min 26 sek zpět

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

20 Leden, 2022 - 05:23
An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader
Kategorie: Hacking & Security

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

20 Leden, 2022 - 05:22
The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February
Kategorie: Hacking & Security

Cyber Threat Protection — It All Starts with Visibility

19 Leden, 2022 - 19:50
Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just
Kategorie: Hacking & Security

A New Destructive Malware Targeting Ukrainian Government and Business Entities

19 Leden, 2022 - 13:08
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation dubbed "WhisperGate" targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected
Kategorie: Hacking & Security

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

19 Leden, 2022 - 08:49
The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the
Kategorie: Hacking & Security

Don't Use Public Wi-Fi Without DNS Filtering

18 Leden, 2022 - 15:55
Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet,
Kategorie: Hacking & Security

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

18 Leden, 2022 - 15:40
Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said
Kategorie: Hacking & Security

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

18 Leden, 2022 - 14:23, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the
Kategorie: Hacking & Security

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

18 Leden, 2022 - 11:03
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a
Kategorie: Hacking & Security

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

18 Leden, 2022 - 11:03
UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to
Kategorie: Hacking & Security

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

18 Leden, 2022 - 11:03
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip
Kategorie: Hacking & Security

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

18 Leden, 2022 - 09:02
An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong,
Kategorie: Hacking & Security

Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

18 Leden, 2022 - 05:53
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called
Kategorie: Hacking & Security

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

17 Leden, 2022 - 05:29
The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the
Kategorie: Hacking & Security

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

17 Leden, 2022 - 04:34
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB
Kategorie: Hacking & Security

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

16 Leden, 2022 - 09:40
Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in
Kategorie: Hacking & Security

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

16 Leden, 2022 - 09:38
In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise takedown, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in
Kategorie: Hacking & Security

Get Lifetime Access to Cybersecurity Certification Prep Courses

15 Leden, 2022 - 10:38
You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities — including six-figure roles. There is just a small matter of some exams to pass. To help
Kategorie: Hacking & Security

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

15 Leden, 2022 - 10:03
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions
Kategorie: Hacking & Security

Massive Cyber Attack Knocks Down Ukrainian Government Websites

15 Leden, 2022 - 08:17
No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson, tweeted. The Security
Kategorie: Hacking & Security