Category: The Hacker News

Read the original article: Iranian APT Group Targets Governments in Kuwait and Saudi Arabia Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were…

Read more →

Read the original article: [Guide] Finding Best Security Outsourcing Alternative for Your Organization As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar…

Read more →

Read the original article: New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown…

Read more →

Read the original article: Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email…

Read more →

Read the original article: Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users Brazil’s biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers’ personal and payment-related information publicly accessible online that could have been accessed…

Read more →

Read the original article: British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers’ Data British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled “highly sophisticated,” exposing email addresses and travel…

Read more →

Read the original article: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing…

Read more →

Read the original article: HTTP Status Codes Command This Malware How to Control Hacked Systems A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted…

Read more →

Read the original article: Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the…

Read more →

Read the original article: Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s…

Read more →

Read the original article: Researcher Spots New Malware Claimed to be ‘Tailored for Air‑Gapped Networks’ A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware…

Read more →

Read the original article: U.S Defence Warns of 3 New Malware Used by North Korean Hackers Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about…

Read more →

Read the original article: Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase Databases More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords,…

Read more →

Read the original article: Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no…

Read more →

Read the original article: An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that…

Read more →

Read the original article: 7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past…

Read more →

Read the original article: DigitalOcean Data Leak Incident Exposed Some of Its Customers Data DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown…

Read more →

Read the original article: This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam,…

Read more →

Read the original article: Facebook Launches ‘Discover,’ A Secure Proxy to Browse the Internet for Free More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back…

Read more →

Read the original article: Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities…

Read more →

Read the original article: Download: ‘Coronavirus Cyber Security for Management’ Template for CISOs The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations’ management. As a result, CIOs and CISOs face a double challenge on…

Read more →

Read the original article: Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should…

Read more →

Read the original article: New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers A researcher from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive…

Read more →

Read the original article: Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach…

Read more →

Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on…

Read more →

Read the original article: Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany,…

Read more →

Read the original article: New Android Malware Steals Banking Passwords, Private Data and Keystrokes A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and…

Read more →

Read the original article: Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use…

Read more →

Read the original article: Cato SDP: Cloud-Scale and Global Remote Access Solution Review The Scouts acknowledged the necessity to “Be Prepared” over 100 years (!) ago; the industry should have, as well. Yet COVID-19 took businesses – more like the…

Read more →

Read the original article: Critical Security Patches Released for Magento, Adobe Illustrator and Bridge It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical…

Read more →

Read the original article: Researchers Uncover Novel Way to De-anonymize Device IDs to Users’ Biometrics Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The…

Read more →

Read the original article: How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire…

Read more →

Read the original article: Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly…

Read more →

Read the original article: Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to…

Read more →

Read the original article: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails Watch out Apple users! The default mail app pre-installed on millions of iPhone and iPad has been found vulnerable to two critical flaws that could…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghurs Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: The Incident Response Challenge 2020 — Win $5,000 Prize! Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges…

Read more →

Read the original article: Researcher Discloses 4 Zero-Day Bugs in IBM’s Enterprise Security Software A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company…

Read more →

Read the original article: Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the…

Read more →

Read the original article: COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive…

Read more →

Read the original article: CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as…

Read more →

Read the original article: Why SaaS opens the door to so many cyber threats (and how to make it safer) Cloud services have become increasingly important to many companies’ daily operations, and the rapid adoption of web apps has allowed…

Read more →

Read the original article: Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to…

Read more →

Read the original article: U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers The United States agencies today released a joint advisory warning the world about the ‘significant cyber threat’ posed by North Korean state-sponsored hackers…

Read more →

Read the original article: How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize Revolutionary ideas in science, technology, engineering, and mathematics don’t occur every day. But when those “eureka” moments happen, we need to provide…

Read more →

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of a coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch…

Read more →

Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS. Dubbed ‘SafeBIOS Events & Indicators of Attack’ (IoA), the…

Read more →

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo…

Read more →

The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses. In a webinar for security service…

Read more →

Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected…

Read more →

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of…

Read more →

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing…

Read more →

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then,…

Read more →

Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden…

Read more →

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home…

Read more →

If you use Apple iPhone or MacBook, here we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari…

Read more →

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The…

Read more →

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt,…

Read more →

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution,…

Read more →

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named “Vollgar” after the…

Read more →

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and…

Read more →

International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. “At the end of February 2020, we identified that an unexpected amount…

Read more →

These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short…

Read more →

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake “Zoom” domains and malicious “Zoom”…

Read more →

Cybersecurity researchers with Qihoo 360’s NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two…

Read more →

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the “Operation Poisoned News”…

Read more →

Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist,…

Read more →

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called…

Read more →

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the…

Read more →

While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the…

Read more →

More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge…

Read more →

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…

Read more →

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…

Read more →

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…

Read more →

For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar’s accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming…

Read more →

Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm…

Read more →

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called “Mukashi,” the new variant of the malware employs brute-force…

Read more →

As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…

Read more →

A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…

Read more →

Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…

Read more →

The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…

Read more →

The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…

Read more →

As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…

Read more →

Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…

Read more →

A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…

Read more →

Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information. TrueFire is one of the popular guitar tutoring websites…

Read more →

Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in…

Read more →

Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people’s phone numbers via SIM swapping attacks. The law enforcement agencies arrested 12…

Read more →

A new simple but dangerous strain of Android malware has been found in the wild that steals users’ authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed “Cookiethief” by Kaspersky…

Read more →

Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796,…

Read more →

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber…

Read more →

Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned…

Read more →

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. It…

Read more →

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company’s history. Of the 115…

Read more →

Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such…

Read more →

Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability…

Read more →

Microsoft today announced that it has successfully disrupted the botnet network of Necurs malware, which has infected more than 9 million computers globally, and also hijacks the majority of its infrastructure. The latest botnet takedown was the result of a…

Read more →