The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 28 min 6 sek zpět

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

15 Leden, 2022 - 07:14
Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation, which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from
Kategorie: Hacking & Security

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

15 Leden, 2022 - 07:13
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations
Kategorie: Hacking & Security

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

14 Leden, 2022 - 09:23
A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs
Kategorie: Hacking & Security

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

14 Leden, 2022 - 08:20
Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and
Kategorie: Hacking & Security

Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO

14 Leden, 2022 - 07:41
Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months. "In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the
Kategorie: Hacking & Security

GootLoader Hackers Targeting Employees of Law and Accounting Firms

13 Leden, 2022 - 15:23
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system,
Kategorie: Hacking & Security

Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

13 Leden, 2022 - 15:06
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new
Kategorie: Hacking & Security

Meeting Patching-Related Compliance Requirements with TuxCare

13 Leden, 2022 - 09:18
Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude
Kategorie: Hacking & Security

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

13 Leden, 2022 - 09:16
The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force (CNMF) 
Kategorie: Hacking & Security

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

13 Leden, 2022 - 05:58
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service (DoS) issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when
Kategorie: Hacking & Security

New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users

13 Leden, 2022 - 05:13
A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on
Kategorie: Hacking & Security

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

13 Leden, 2022 - 05:12
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy,
Kategorie: Hacking & Security

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

12 Leden, 2022 - 11:47
Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National
Kategorie: Hacking & Security

XDR: Redefining the game for MSSPs serving SMBs and SMEs

12 Leden, 2022 - 10:49
SMBs and SMEs are increasingly turning to MSSPs to secure their businesses because they simply do not have the resources to manage an effective security technology stack. However, it’s also challenging for MSSPs to piece together an effective but manageable security technology stack to protect their clients, especially at an affordable price point. This is where Extended Detection and Response (
Kategorie: Hacking & Security

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

12 Leden, 2022 - 08:56
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the "first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell
Kategorie: Hacking & Security

How Can You Leave Log4J in 2021?

11 Leden, 2022 - 21:29
With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. At least some systems, if not all. You might even have installed the latest patch – at the time of writing, that is 2.17.1, but, if the last rapid patching cycle persists, it might have
Kategorie: Hacking & Security

New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors

11 Leden, 2022 - 13:15
Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives
Kategorie: Hacking & Security

Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data

11 Leden, 2022 - 11:41
Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and
Kategorie: Hacking & Security

2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security

11 Leden, 2022 - 10:00
Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022.  1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches One area organizations need to continue to monitor in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end-users to
Kategorie: Hacking & Security

Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes

11 Leden, 2022 - 06:52
The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased," the European Data Protection Supervisor (EDPS) said in a press statement. "This means that Europol
Kategorie: Hacking & Security