The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 57 min 1 sek zpět

BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks

10 Leden, 2022 - 07:05
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the
Kategorie: Hacking & Security

Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Options

8 Leden, 2022 - 08:15
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use
Kategorie: Hacking & Security

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

8 Leden, 2022 - 08:04
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming
Kategorie: Hacking & Security

France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies

7 Leden, 2022 - 08:35
The Commission nationale de l'informatique et des libertés (CNIL), France's data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. "The websites, and
Kategorie: Hacking & Security

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

7 Leden, 2022 - 05:42
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity
Kategorie: Hacking & Security

VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products

7 Leden, 2022 - 05:42
VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary code. The company credited
Kategorie: Hacking & Security

NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance

6 Leden, 2022 - 17:11
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. NIST plays a key role as a US standard-setter, due to the organization's professionalism and the external experts
Kategorie: Hacking & Security

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

6 Leden, 2022 - 17:06
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks,"
Kategorie: Hacking & Security

Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations

6 Leden, 2022 - 16:54
Cybersecurity researchers have proposed a novel approach that harnesses electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. With the rapid adoption of IoT appliances presenting
Kategorie: Hacking & Security

New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly

6 Leden, 2022 - 11:45
Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed "NoReboot" — comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation,
Kategorie: Hacking & Security

Google Releases New Chrome Update to Patch Dozens of New Browser Vulnerabilities

6 Leden, 2022 - 06:47
Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Tracked as CVE-2022-0096, the flaw relates to a use-after-free bug in the Storage component, which could have devastating effects ranging from corruption of
Kategorie: Hacking & Security

Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware

6 Leden, 2022 - 05:19
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of
Kategorie: Hacking & Security

New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification

6 Leden, 2022 - 05:18
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group
Kategorie: Hacking & Security

Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack

6 Leden, 2022 - 05:16
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information. "The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well,"
Kategorie: Hacking & Security

Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation

6 Leden, 2022 - 05:15
Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years. The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and
Kategorie: Hacking & Security

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities

5 Leden, 2022 - 06:13
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance
Kategorie: Hacking & Security

SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts

4 Leden, 2022 - 15:32
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met
Kategorie: Hacking & Security

Researchers Detail New HomeKit 'doorLock' Bug Affecting Apple iOS

4 Leden, 2022 - 12:27
A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters
Kategorie: Hacking & Security

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics

4 Leden, 2022 - 11:40
An ongoing crypto mining campaign has upgraded its arsenal while evolving its defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from
Kategorie: Hacking & Security

Are Medical Devices at Risk of Ransomware Attacks?

3 Leden, 2022 - 12:32
In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor's oncology cloud service, cancer patients having radiation therapy at four healthcare institutions
Kategorie: Hacking & Security