The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 27 min 8 sek zpět

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

7 Únor, 2024 - 10:45
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

7 Únor, 2024 - 07:29
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement. "Because this system was self-contained, it did not lead to any damage to the
Kategorie: Hacking & Security

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

7 Únor, 2024 - 07:29
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement. "Because this system was self-contained, it did not lead to any damage to the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now

7 Únor, 2024 - 06:05
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as CVE-2024-23917, carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticated
Kategorie: Hacking & Security

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now

7 Únor, 2024 - 06:05
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as CVE-2024-23917, carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticatedNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

6 Únor, 2024 - 15:09
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer
Kategorie: Hacking & Security

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

6 Únor, 2024 - 15:09
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_StealerNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

6 Únor, 2024 - 15:02
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security
Kategorie: Hacking & Security

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

6 Únor, 2024 - 15:02
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

6 Únor, 2024 - 11:53
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic
Kategorie: Hacking & Security

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

6 Únor, 2024 - 11:53
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

6 Únor, 2024 - 11:14
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65
Kategorie: Hacking & Security

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

6 Únor, 2024 - 11:14
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

6 Únor, 2024 - 07:58
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS
Kategorie: Hacking & Security

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

6 Únor, 2024 - 07:58
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

6 Únor, 2024 - 06:00
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been
Kategorie: Hacking & Security

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

6 Únor, 2024 - 06:00
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

5 Únor, 2024 - 17:36
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty
Kategorie: Hacking & Security

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

5 Únor, 2024 - 17:36
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Combined Security Practices Changing the Game for Risk Management

5 Únor, 2024 - 14:19
A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks
Kategorie: Hacking & Security