The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger10713125
Aktualizace: 36 min 34 sek zpět

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

29 Listopad, 2022 - 12:59
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a Ravie Lakshmanan
Kategorie: Hacking & Security

7 Cyber Security Tips for SMBs

29 Listopad, 2022 - 12:30
When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort?  Unfortunately, when it comes to cyber security, size doesn’t matter.  Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple The Hacker News
Kategorie: Hacking & Security

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

29 Listopad, 2022 - 09:25
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collatedRavie Lakshmanan
Kategorie: Hacking & Security

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

29 Listopad, 2022 - 05:20
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions,, and
Kategorie: Hacking & Security

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

28 Listopad, 2022 - 12:56
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reportedRavie Lakshmanan
Kategorie: Hacking & Security

The 5 Cornerstones for an Effective Cyber Security Awareness Training

28 Listopad, 2022 - 12:45
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.  The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including: The Hacker News
Kategorie: Hacking & Security

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

28 Listopad, 2022 - 11:07
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including Ravie Lakshmanan
Kategorie: Hacking & Security

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

28 Listopad, 2022 - 06:25
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for Ravie Lakshmanan
Kategorie: Hacking & Security

All You Need to Know About Emotet in 2022

26 Listopad, 2022 - 12:49
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The Hacker News
Kategorie: Hacking & Security

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

26 Listopad, 2022 - 05:52
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. "The FCC is committed to protecting our national Ravie Lakshmanan
Kategorie: Hacking & Security

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

26 Listopad, 2022 - 05:28
Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is Ravie Lakshmanan
Kategorie: Hacking & Security

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

25 Listopad, 2022 - 14:12
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be Ravie Lakshmanan
Kategorie: Hacking & Security

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

25 Listopad, 2022 - 12:15
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in Ravie Lakshmanan
Kategorie: Hacking & Security

U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service

25 Listopad, 2022 - 07:06
A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to "impersonate trusted corporations or contacts to access sensitive information from victims," Europol said in a press statement. Worldwide losses exceeded €115 million ($ Ravie Lakshmanan
Kategorie: Hacking & Security

Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation

25 Listopad, 2022 - 05:58
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives Ravie Lakshmanan
Kategorie: Hacking & Security

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

24 Listopad, 2022 - 14:25
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will Ravie Lakshmanan
Kategorie: Hacking & Security

Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

24 Listopad, 2022 - 12:17
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Ravie Lakshmanan
Kategorie: Hacking & Security

Boost Your Security with Europe's Leading Bug Bounty Platform

24 Listopad, 2022 - 12:03
As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, The Hacker News
Kategorie: Hacking & Security

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps

24 Listopad, 2022 - 11:55
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new Ravie Lakshmanan
Kategorie: Hacking & Security

This Android File Manager App Infected Thousands of Devices with SharkBot Malware

24 Listopad, 2022 - 07:19
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards Ravie Lakshmanan
Kategorie: Hacking & Security