The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 12 min 15 sek zpět

Are Medical Devices at Risk of Ransomware Attacks?

3 Leden, 2022 - 12:32
In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor's oncology cloud service, cancer patients having radiation therapy at four healthcare institutions
Kategorie: Hacking & Security

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

3 Leden, 2022 - 05:02
Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year and it [is] not a failure of the [antivirus] engine itself," the company said in a blog post. "This
Kategorie: Hacking & Security

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

30 Prosinec, 2021 - 11:07
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at
Kategorie: Hacking & Security

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

29 Prosinec, 2021 - 06:00
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and
Kategorie: Hacking & Security

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

29 Prosinec, 2021 - 04:34
Cybersecurity agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated cyber threat actors
Kategorie: Hacking & Security

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

29 Prosinec, 2021 - 04:33
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always
Kategorie: Hacking & Security

PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level

28 Prosinec, 2021 - 18:56
Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by identifying is ethical hacking. This method identifies potential security vulnerabilities in its early
Kategorie: Hacking & Security

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

28 Prosinec, 2021 - 10:47
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among
Kategorie: Hacking & Security

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

28 Prosinec, 2021 - 10:32
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been
Kategorie: Hacking & Security