The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 25 min 24 sek zpět

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

29 Prosinec, 2020 - 12:21
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. <!-
Kategorie: Hacking & Security

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

29 Prosinec, 2020 - 09:38
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One,
Kategorie: Hacking & Security

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

28 Prosinec, 2020 - 07:18
The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week on December 17. The operators of Joker's Stash operate several versions of the platform, including 
Kategorie: Hacking & Security

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

28 Prosinec, 2020 - 07:17
Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986, the flaw
Kategorie: Hacking & Security

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

28 Prosinec, 2020 - 07:15
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal
Kategorie: Hacking & Security

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

28 Prosinec, 2020 - 07:15
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA) said. Of the 21 arrested — all men aged
Kategorie: Hacking & Security

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

28 Prosinec, 2020 - 07:14
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security
Kategorie: Hacking & Security

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

25 Prosinec, 2020 - 07:33
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to
Kategorie: Hacking & Security

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

25 Prosinec, 2020 - 05:51
A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and
Kategorie: Hacking & Security