The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 17 min 26 sek zpět

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

4 Prosinec, 2024 - 11:30
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy
Kategorie: Hacking & Security

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

4 Prosinec, 2024 - 11:30
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy [email protected]
Kategorie: Hacking & Security

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

4 Prosinec, 2024 - 10:48
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm
Kategorie: Hacking & Security

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

4 Prosinec, 2024 - 10:48
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

4 Prosinec, 2024 - 07:07
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novel
Kategorie: Hacking & Security

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

4 Prosinec, 2024 - 07:07
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novel Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

4 Prosinec, 2024 - 06:34
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under
Kategorie: Hacking & Security

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

4 Prosinec, 2024 - 06:34
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, underRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

4 Prosinec, 2024 - 06:08
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows
Kategorie: Hacking & Security

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

4 Prosinec, 2024 - 06:08
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

4 Prosinec, 2024 - 05:48
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The
Kategorie: Hacking & Security

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

4 Prosinec, 2024 - 05:48
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

3 Prosinec, 2024 - 13:51
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
Kategorie: Hacking & Security

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

3 Prosinec, 2024 - 13:51
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

3 Prosinec, 2024 - 11:17
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access
Kategorie: Hacking & Security

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

3 Prosinec, 2024 - 11:17
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of accessRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

3 Prosinec, 2024 - 10:51
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
Kategorie: Hacking & Security

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

3 Prosinec, 2024 - 10:51
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

3 Prosinec, 2024 - 06:23
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
Kategorie: Hacking & Security

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

3 Prosinec, 2024 - 06:23
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security