The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 54 sek zpět

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

7 Červen, 2021 - 07:03
Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London,
Kategorie: Hacking & Security

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

5 Červen, 2021 - 19:01
Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said. "We understand that many security
Kategorie: Hacking & Security

Google to Let Android Users Opt-Out to Stop Ads From Tracking Them

5 Červen, 2021 - 14:24
Google is tightening its privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times.  Once the
Kategorie: Hacking & Security

Break Into Ethical Hacking With 18 Training Courses For Just $42.99

5 Červen, 2021 - 14:21
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects
Kategorie: Hacking & Security

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

5 Červen, 2021 - 11:47
A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the
Kategorie: Hacking & Security

10 Critical Flaws Found in CODESYS Industrial Automation Software

4 Červen, 2021 - 17:48
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive
Kategorie: Hacking & Security

Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia

4 Červen, 2021 - 14:52
An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years. "In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on
Kategorie: Hacking & Security

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

4 Červen, 2021 - 12:24
Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered "trusted.
Kategorie: Hacking & Security

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

3 Červen, 2021 - 19:01
New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the
Kategorie: Hacking & Security

The Vulnerabilities of the Past Are the Vulnerabilities of the Future

3 Červen, 2021 - 16:19
Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years,
Kategorie: Hacking & Security

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

3 Červen, 2021 - 13:55
A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers
Kategorie: Hacking & Security

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

3 Červen, 2021 - 07:55
Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure took place on May 28,
Kategorie: Hacking & Security

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

3 Červen, 2021 - 07:51
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has
Kategorie: Hacking & Security

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

2 Červen, 2021 - 19:21
A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and
Kategorie: Hacking & Security

The Incident Response Plan - Preparing for a Rainy Day

2 Červen, 2021 - 13:27
The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn’t raining when Noah built the ark, companies must face the fact
Kategorie: Hacking & Security

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

2 Červen, 2021 - 10:27
Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out. To that effect, the company intends to register all compatible devices that are operational in the
Kategorie: Hacking & Security

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor

2 Červen, 2021 - 06:59
Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in
Kategorie: Hacking & Security

Report: Danish Secret Service Helped NSA Spy On European Politicians

1 Červen, 2021 - 10:41
The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based
Kategorie: Hacking & Security

Can Your Business Email Be Spoofed? Check Your Domain Security Now!

31 Květen, 2021 - 14:13
Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing
Kategorie: Hacking & Security

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

31 Květen, 2021 - 13:30
Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass
Kategorie: Hacking & Security