The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 3 min 32 sek zpět

Automated Threats Pose Increasing Risk to the Travel Industry

18 Červenec, 2024 - 13:00
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022.  The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

18 Červenec, 2024 - 11:33
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers
Kategorie: Hacking & Security

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

18 Červenec, 2024 - 11:33
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

18 Červenec, 2024 - 11:10
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,
Kategorie: Hacking & Security

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

18 Červenec, 2024 - 11:10
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

18 Červenec, 2024 - 08:14
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the
Kategorie: Hacking & Security

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

18 Červenec, 2024 - 08:14
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

18 Červenec, 2024 - 08:01
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper
Kategorie: Hacking & Security

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

18 Červenec, 2024 - 08:01
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

17 Červenec, 2024 - 18:27
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,
Kategorie: Hacking & Security

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

17 Červenec, 2024 - 18:27
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Navigating Insider Risks: Are your Employees Enabling External Threats?

17 Červenec, 2024 - 13:09
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,
Kategorie: Hacking & Security

Navigating Insider Risks: Are your Employees Enabling External Threats?

17 Červenec, 2024 - 13:09
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks, The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

17 Červenec, 2024 - 12:33
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been
Kategorie: Hacking & Security

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

17 Červenec, 2024 - 12:33
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

17 Červenec, 2024 - 10:47
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second
Kategorie: Hacking & Security

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

17 Červenec, 2024 - 10:47
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

17 Červenec, 2024 - 07:50
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of
Kategorie: Hacking & Security

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

17 Červenec, 2024 - 07:50
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

17 Červenec, 2024 - 07:25
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are
Kategorie: Hacking & Security