The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 42 min 9 sek zpět

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

10 Červenec, 2024 - 13:05
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

10 Červenec, 2024 - 13:00
It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The
Kategorie: Hacking & Security

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

10 Červenec, 2024 - 13:00
It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

10 Červenec, 2024 - 12:06
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on
Kategorie: Hacking & Security

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

10 Červenec, 2024 - 12:06
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

10 Červenec, 2024 - 09:20
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News.
Kategorie: Hacking & Security

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

10 Červenec, 2024 - 09:20
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News. Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

10 Červenec, 2024 - 07:35
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob
Kategorie: Hacking & Security

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

10 Červenec, 2024 - 07:35
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo JacobNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

10 Červenec, 2024 - 05:26
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1
Kategorie: Hacking & Security

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

10 Červenec, 2024 - 05:26
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

9 Červenec, 2024 - 14:39
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

9 Červenec, 2024 - 14:39
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge
Kategorie: Hacking & Security

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

9 Červenec, 2024 - 13:50
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the '/script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical write-up
Kategorie: Hacking & Security

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

9 Červenec, 2024 - 13:50
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the '/script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical write-up Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

HUMINT: Diving Deep into the Dark Web

9 Červenec, 2024 - 13:00
Discover how cybercriminals behave in Dark Web forums- what services they buy and sell, what motivates them, and even how they scam each other. Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web -
Kategorie: Hacking & Security

HUMINT: Diving Deep into the Dark Web

9 Červenec, 2024 - 13:00
Discover how cybercriminals behave in Dark Web forums- what services they buy and sell, what motivates them, and even how they scam each other. Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

9 Červenec, 2024 - 12:05
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack
Kategorie: Hacking & Security

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

9 Červenec, 2024 - 12:05
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

9 Červenec, 2024 - 07:56
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT40 has previously targeted organizations in various countries, including
Kategorie: Hacking & Security