Tag: The Hacker News

Read the original article: Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been…

Read more →

Read the original article: Software Supply-Chain Attack Hits Vietnam Government Certification Authority Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency’s digital signature toolkit to install a backdoor on victim…

Read more →

Read the original article: How to Use Password Length to Set Best Password Expiration Policy One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as…

Read more →

Read the original article: New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor The investigation into how the attackers managed to compromise SolarWinds’ internal network and poison the company’s software updates is still underway, but we may be one…

Read more →

Read the original article: New 5G Network Flaws Let Attackers Track Users’ Locations and Steal Data As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number…

Read more →

Read the original article: Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published…

Read more →

Read the original article: What is Geocoding? — How to Find Coordinates of An Address How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or…

Read more →

Read the original article: SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public…

Read more →

Read the original article: Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise…

Read more →

Read the original article: Download the Essential Guide to Response Automation In the classic children’s movie ‘The Princess Bride,’ one of the characters utters the phrase, “You keep using that word. I do not think it means what you think…

Read more →

Read the original article: Nearly 18,000 SolarWinds Customers Installed Backdoored Software SolarWinds, the enterprise monitoring software provider who found itself at the epicenter of the most consequential supply chain attacks, said as many as 18,000 of its high-profile customers might have…

Read more →

Read the original article: Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware) A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert…

Read more →

Read the original article: SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims…

Read more →

Read the original article: US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as…

Read more →

Read the original article: Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its…

Read more →

Read the original article: Governance Considerations for Democratizing Your Organization’s Data in 2021 With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth…

Read more →

Read the original article: Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via…

Read more →

Read the original article: Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught…

Read more →

Read the original article: Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to…

Read more →

Read the original article: Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games Critical flaws in a core networking library powering Valve’s online gaming functionality could have allowed malicious actors to remotely crash games and even take control over…

Read more →

Read the original article: 48 U.S. States and FTC are suing Facebook for illegal monopolization The US Federal Trade Commission and a coalition of 48 state attorneys general on Wednesday filed a pair of sweeping antitrust suits against Facebook, alleging…

Read more →

Read the original article: AWS, Cisco, and CompTIA Exam Prep — Get 22 Courses for $4.50 Each You don’t need a college degree to get a well-paid job in IT. But technical recruiters do expect to see key certifications on…

Read more →

Read the original article: Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once…

Read more →

Read the original article: Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a “highly sophisticated threat actor” that stole…

Read more →

Read the original article: Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial…

Read more →

Read the original article: Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday…

Read more →

Read the original article: WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to…

Read more →

Read the original article: Download: How XDR Platforms Are Changing The Game For Ransomware Protection There seems to be a new ransomware story every day – a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after…

Read more →

Read the original article: NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks The US National Security Agency (NSA) on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate…

Read more →

Read the original article: Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message…

Read more →

Read the original article: Iranian RANA Android Malware Also Spies On Instant Messengers A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats…

Read more →

Read the original article: How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain 21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based…

Read more →

Read the original article: Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data A cybercrime group known for targeting e-commerce websites unleashed a “multi-stage malicious campaign” earlier this year designed with an intent to distribute information stealers and…

Read more →

Read the original article: Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state…

Read more →

Read the original article: Hackers-For-Hire Group Develops New ‘PowerPepper’ In-Memory Malware Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from…

Read more →

Read the original article: How Organizations Can Prevent Users from Using Breached Passwords There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why…

Read more →

Read the original article: Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking A number of high-profile Android apps are still using an unpatched version of Google’s widely-used app update library, potentially putting the personal data…

Read more →

Read the original article: TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy…

Read more →

Read the original article: Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to…

Read more →

Read the original article: Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The…

Read more →

Read the original article: Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones Google Project Zero whitehat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a…

Read more →

Read the original article: CISO with a small security team? Learn from your peers’ experience with this free e-book CISOs with small security teams hold an intensive juggling act. They’re responsible for sustaining the company’s security resilience, ensuring compliance is…

Read more →

Read the original article: Incomplete ‘Go SMS Pro’ Patch Left Millions of Users’ Data Still Exposed Online A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app…

Read more →

Read the original article: 4 Free Online Cyber Security Testing Tools For 2021 Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner…

Read more →

Read the original article: Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim…

Read more →

Read the original article: Indian National Gets 20-Year Jail in United States for Running Scam Call Centers An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers…

Read more →

Read the original article: Quick Guide — How to Troubleshoot Active Directory Account Lockouts Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of…

Read more →

Read the original article: Digitally Signed Bandook Malware Once Again Targets Multiple Sectors A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled…

Read more →

Read the original article: Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC)…

Read more →

Read the original article: Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF Many of us here would love to turn hacking into a full-time career. To make that dream come true, you need to master…

Read more →

Read the original article: 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid…

Read more →

Read the original article: Baidu’s Android Apps Caught Collecting and Leaking Sensitive User Data Two popular Android apps from Chinese tech giant Baidu have been removed from the Google Play Store in October after they were caught collecting sensitive user…

Read more →

Read the original article: Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under…

Read more →

Read the original article: Critical Unpatched VMware Flaw Affects Multiple Corporates Products VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. “A…

Read more →

Read the original article: Why Replace Traditional Web Application Firewall (WAF) With New Age WAF? At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions.…

Read more →

Read the original article: Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call…

Read more →

Read the original article: Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls…

Read more →

Read the original article: Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template…

Read more →

Read the original article: Researchers Warn of Critical Flaw Affecting Industrial Automation Systems A critical vulnerability uncovered in Real-Time Automation’s (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA’s ENIP stack…

Read more →

Read the original article: Evolution of Emotet: From Banking Trojan to Malware Distributor Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking…

Read more →

Read the original article: WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw…

Read more →

Read the original article: Chinese APT Hackers Target Southeast Asian Government Institutions Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated…

Read more →

Read the original article: Researcher Discloses Critical RCE Flaws In Cisco Security Manager Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22…

Read more →

Read the original article: Trojanized Security Software Hits South Korea Users in Supply-Chain Attack Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote…

Read more →

Read the original article: Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats…

Read more →

Read the original article: SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival…

Read more →

Read the original article: Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed “CostaRicto” by Blackberry…

Read more →

Read the original article: MISSIONS — The Next Level of Interactive Developer Security Training If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their…

Read more →

Read the original article: New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment…

Read more →

Read the original article: Two New Chrome 0-Days Under Active Attacks – Update Your Browser Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by…

Read more →

Read the original article: Microsoft Releases Windows Security Updates For Critical Flaws Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google’s security team last…

Read more →

Read the original article: Build Your 2021 Cybersecurity Plan With This Free PPT Template The end of the year is coming, and it’s time for security decision-makers to make plans for 2021 and get management approval. Typically, this entails making…

Read more →

Read the original article: Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to…

Read more →

Read the original article: Watch Out! New Android Banking Trojan Steals From 112 Financial Apps Four months after security researchers uncovered a “Tetrade” of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show…

Read more →

Read the original article: Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses Image credit: Adaptive Shield Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing, and more. But problematically, they often lack the resources…

Read more →

Read the original article: Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition…

Read more →

Read the original article: Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as…

Read more →

Read the original article: North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims’ machines for purposes of surveillance and data exfiltration…

Read more →

Read the original article: Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more…

Read more →

Read the original article: Deception Technology: No Longer Only A Fortune 2000 Solution A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable – intellectual property, bank account credentials, company plans, whatever. The attacker makes…

Read more →

Read the original article: If You Don’t Have A SASE Cloud Service, You Don’t Have SASE At All The Secure Access Service Edge (or SASE) has been a very hot buzzword in the past year. A term and category created by…

Read more →

Read the original article: New Kimsuky Module Makes North Korean Spyware More Powerful A week after the US government issued an advisory about a “global intelligence gathering mission” operated by North Korean state-sponsored hackers, new findings have emerged about the threat…

Read more →

Read the original article: New Chrome Zero-Day Under Active Attacks – Update Your Browser Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest…

Read more →

Read the original article: How to Prevent Pwned and Reused Passwords in Your Active Directory Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the…

Read more →

Read the original article: New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT…

Read more →

Read the original article: How to Protect Yourself From Pwned and Password Reuse Attacks Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end…

Read more →

Read the original article: WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that’s being actively exploited in the wild. The elevation of…

Read more →

Read the original article: Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome…

Read more →

Read the original article: Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome…

Read more →

Read the original article: KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management…

Read more →

Read the original article: How to Run Google SERP API Without Constantly Changing Proxy Servers You’ve probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web…

Read more →

Read the original article: FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an…

Read more →

Read the original article: [Webinar and eBook]: Are You’re Getting The Best Value From Your EDR Solution? Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats. EDR…

Read more →

Read the original article: [Webinar and eBook] Learn How to Get the Best Value From Your EDR Solution Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats.…

Read more →

Read the original article: TrickBot Linux Variants Active in the Wild Despite Recent Takedown Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren’t sitting idle. According to new findings shared…

Read more →

Read the original article: Google Removes 21 Malicious Android Apps from Play Store Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive…

Read more →

Read the original article: Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP…

Read more →

Read the original article: New Framework Released to Protect Machine Learning Systems From Adversarial Attacks Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial…

Read more →

Read the original article: New Chrome 0-day Under Active Attacks – Update Your Browser Now Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately…

Read more →

Read the original article: Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the…

Read more →