The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 14 min 46 sek zpět

Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

10 Únor, 2021 - 13:57
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix
Kategorie: Hacking & Security

Top 5 Bug Bounty Platforms to Watch in 2021

9 Únor, 2021 - 18:07
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international
Kategorie: Hacking & Security

Webinar and eBook: The Dark Side of EDR. Are You Prepared?

9 Únor, 2021 - 11:15
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each
Kategorie: Hacking & Security

Ukrainian Police Arrest Author of World's Largest Phishing Service U-Admin

9 Únor, 2021 - 09:26
Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorney general's office said it worked with the National Police and its Main Investigation Department to
Kategorie: Hacking & Security

Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System

9 Únor, 2021 - 07:49
Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water. During a press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an operator managed to catch the manipulation in real-time and restored the
Kategorie: Hacking & Security

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

8 Únor, 2021 - 12:28
Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives. Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (
Kategorie: Hacking & Security

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

6 Únor, 2021 - 11:30
Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to
Kategorie: Hacking & Security

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

6 Únor, 2021 - 08:28
A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers said in a
Kategorie: Hacking & Security

New Chrome Browser 0-day Under Active Attack—Update Immediately!

6 Únor, 2021 - 08:03
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in
Kategorie: Hacking & Security