The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 56 min 53 sek zpět

South Korean Citizen Detained in Russia on Cyber Espionage Charges

12 Březen, 2024 - 07:32
Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was first reported by Russian news agency TASS. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

11 Březen, 2024 - 15:47
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of
Kategorie: Hacking & Security

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

11 Březen, 2024 - 15:47
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

11 Březen, 2024 - 15:47
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan?

11 Březen, 2024 - 12:33
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web
Kategorie: Hacking & Security

Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan?

11 Březen, 2024 - 12:33
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

11 Březen, 2024 - 10:53
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of
Kategorie: Hacking & Security

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

11 Březen, 2024 - 10:53
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

11 Březen, 2024 - 07:28
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It
Kategorie: Hacking & Security

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

11 Březen, 2024 - 07:28
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

11 Březen, 2024 - 06:59
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting
Kategorie: Hacking & Security

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

11 Březen, 2024 - 06:59
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

9 Březen, 2024 - 05:01
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our
Kategorie: Hacking & Security

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

9 Březen, 2024 - 05:01
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

8 Březen, 2024 - 14:14
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated
Kategorie: Hacking & Security

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

8 Březen, 2024 - 14:14
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designatedNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Secrets Sensei: Conquering Secrets Management Challenges

8 Březen, 2024 - 10:49
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's
Kategorie: Hacking & Security

Secrets Sensei: Conquering Secrets Management Challenges

8 Březen, 2024 - 10:49
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

8 Březen, 2024 - 09:09
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF
Kategorie: Hacking & Security

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

8 Březen, 2024 - 09:09
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLFNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security