The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 47 min 8 sek zpět

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

8 Duben, 2021 - 08:07
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user
Kategorie: Hacking & Security

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

8 Duben, 2021 - 05:24
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not
Kategorie: Hacking & Security

Android to Support Rust Programming Language to Prevent Memory Flaws

7 Duben, 2021 - 17:28
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system
Kategorie: Hacking & Security

11 Useful Security Tips for Securing Your AWS Environment

7 Duben, 2021 - 13:22
Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS
Kategorie: Hacking & Security

WhatsApp-based wormable Android malware spotted on the Google Play Store

7 Duben, 2021 - 12:36
Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a
Kategorie: Hacking & Security

Critical Auth Bypass Bug Found in VMware Data Center Security Product

7 Duben, 2021 - 11:38
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that
Kategorie: Hacking & Security

Experts uncover a new Banking Trojan targeting Latin American users

7 Duben, 2021 - 07:38
Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble
Kategorie: Hacking & Security

Watch Out! Mission Critical SAP Applications Are Under Active Attack

7 Duben, 2021 - 06:31
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial
Kategorie: Hacking & Security

533 Million Facebook Users' Phone Numbers and Personal Data Leaked Online

6 Duben, 2021 - 10:48
In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country,
Kategorie: Hacking & Security

Hackers From China Target Vietnamese Military and Government

6 Duben, 2021 - 09:47
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise
Kategorie: Hacking & Security

Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

6 Duben, 2021 - 09:04
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the
Kategorie: Hacking & Security

How the Work-From-Home Shift Impacts SaaS Security

5 Duben, 2021 - 16:52
The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due
Kategorie: Hacking & Security

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

3 Duben, 2021 - 08:49
Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios.
Kategorie: Hacking & Security

Google limits which apps can access the list of installed apps on your device

3 Duben, 2021 - 08:41
Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the information can be abused by a potentially harmful app to fingerprint other installed apps, check for the presence
Kategorie: Hacking & Security

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

3 Duben, 2021 - 08:05
A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and
Kategorie: Hacking & Security

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

1 Duben, 2021 - 14:34
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel,
Kategorie: Hacking & Security

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

1 Duben, 2021 - 14:15
Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey,
Kategorie: Hacking & Security

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

1 Duben, 2021 - 14:14
New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were
Kategorie: Hacking & Security

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

1 Duben, 2021 - 14:14
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS
Kategorie: Hacking & Security

22-Year-Old Charged With Hacking Water System and Endangering Lives

1 Duben, 2021 - 12:15
A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected
Kategorie: Hacking & Security