The Hacker News

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS

Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country,

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios.

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the information can be abused by a potentially harmful app to fingerprint other installed apps, check for the presence

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and

The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel,

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey,

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS

A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected