The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 16 min 15 sek zpět

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

30 Březen, 2024 - 07:23
Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ UtilsNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

29 Březen, 2024 - 16:54
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based
Kategorie: Hacking & Security

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

29 Březen, 2024 - 16:54
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

29 Březen, 2024 - 14:12
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen
Kategorie: Hacking & Security

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

29 Březen, 2024 - 14:12
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at LumenNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

The Golden Age of Automated Penetration Testing is Here

29 Březen, 2024 - 13:19
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to
Kategorie: Hacking & Security

The Golden Age of Automated Penetration Testing is Here

29 Březen, 2024 - 13:19
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

29 Březen, 2024 - 12:49
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper
Kategorie: Hacking & Security

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

29 Březen, 2024 - 12:49
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

29 Březen, 2024 - 07:37
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56
Kategorie: Hacking & Security

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

29 Březen, 2024 - 07:37
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56 Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

28 Březen, 2024 - 19:02
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp
Kategorie: Hacking & Security

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

28 Březen, 2024 - 19:02
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbspNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

28 Březen, 2024 - 18:50
The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "
Kategorie: Hacking & Security

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

28 Březen, 2024 - 18:50
The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs

28 Březen, 2024 - 16:44
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack
Kategorie: Hacking & Security

New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs

28 Březen, 2024 - 16:44
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

28 Březen, 2024 - 14:43
Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain
Kategorie: Hacking & Security

New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

28 Březen, 2024 - 14:43
Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Behind the Scenes: The Art of Safeguarding Non-Human Identities

28 Březen, 2024 - 13:45
In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the
Kategorie: Hacking & Security