The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 16 min 16 sek zpět

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

15 Únor, 2024 - 15:20
A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating system used by the Utah-based software company for the device is CentOS 6.4. "Pulse Secure runs an Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

15 Únor, 2024 - 12:30
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study
Kategorie: Hacking & Security

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

15 Únor, 2024 - 12:30
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

15 Únor, 2024 - 10:31
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS. "The GoldPickaxe family is available for both iOS and Android platforms,"
Kategorie: Hacking & Security

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

15 Únor, 2024 - 10:31
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS. "The GoldPickaxe family is available for both iOS and Android platforms," Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

15 Únor, 2024 - 06:19
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker
Kategorie: Hacking & Security

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

15 Únor, 2024 - 06:19
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attackerNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

14 Únor, 2024 - 15:39
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its
Kategorie: Hacking & Security

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

14 Únor, 2024 - 15:39
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used itsNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

14 Únor, 2024 - 14:26
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the
Kategorie: Hacking & Security

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

14 Únor, 2024 - 14:26
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

14 Únor, 2024 - 12:23
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more
Kategorie: Hacking & Security

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

14 Únor, 2024 - 12:23
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

14 Únor, 2024 - 12:18
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "
Kategorie: Hacking & Security

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

14 Únor, 2024 - 12:18
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

14 Únor, 2024 - 08:33
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet
Kategorie: Hacking & Security

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

14 Únor, 2024 - 08:33
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

14 Únor, 2024 - 06:01
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed
Kategorie: Hacking & Security

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

14 Únor, 2024 - 06:01
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixedNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

13 Únor, 2024 - 15:37
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to
Kategorie: Hacking & Security