Tag: The Hacker News

Read the original article: Google Removes 21 Malicious Android Apps from Play Store Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive…

Read more →

Read the original article: Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP…

Read more →

Read the original article: New Framework Released to Protect Machine Learning Systems From Adversarial Attacks Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial…

Read more →

Read the original article: New Chrome 0-day Under Active Attacks – Update Your Browser Now Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately…

Read more →

Read the original article: Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the…

Read more →

Read the original article: Windows GravityRAT Malware Now Also Targets macOS and Android Devices A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span…

Read more →

Read the original article: Download Ultimate ‘Security for Management’ Presentation Template There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build,…

Read more →

Read the original article: U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and…

Read more →

Read the original article: Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to…

Read more →

Read the original article: India Witnessed Spike in Cyber Attacks Amidst Covid-19 – Here’s Why? The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new…

Read more →

Read the original article: Police Raided German Spyware Company FinFisher Offices German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to…

Read more →

Read the original article: FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye’s Mandiant threat intelligence team,…

Read more →

Read the original article: Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws…

Read more →

Read the original article: Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different…

Read more →

Read the original article: Microsoft and Other Tech Companies Take Down TrickBot Botnet Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to…

Read more →

Read the original article: A Self-Service Password Reset Project Can Be A Quick Win For IT Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic…

Read more →

Read the original article: A Self-Service Password Reset Project Can Be Quick Win For IT Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and…

Read more →

Read the original article: Watch Out — Microsoft Warns Android Users About A New Ransomware Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android’s Home button to lock the device…

Read more →

Read the original article: 55 New Security Flaws Reported in Apple Software and Services A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical…

Read more →

Read the original article: Researchers Find Vulnerabilities in Microsoft Azure Cloud Service As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft’s Azure…

Read more →

Read the original article: A Handy Guide for Choosing a Managed Detection & Response (MDR) Service Every company needs help with cybersecurity. No CISO ever said, “I have everything I need and am fully confident that our organization is fully…

Read more →

Read the original article: ALERT! Hackers targeting IoT devices with a new P2P botnet malware Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and…

Read more →

Read the original article: New ‘MosaicRegressor’ UEFI Bootkit Malware Found Active in the Wild Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine’s booting process to drop persistent malware. The campaign involved the use…

Read more →

Read the original article: New Flaws in Top Antivirus Software Could Make Computers More Vulnerable Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain…

Read more →

Read the original article: Secure Your SaaS Apps With Security Posture Management Platform Image credit: Adaptive Shield As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one.…

Read more →

Read the original article: Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked…

Read more →

Read the original article: Chinese APT Group Targets Media, Finance, and Electronics Sectors Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks…

Read more →

Read the original article: LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks.…

Read more →

Read the original article: Researchers Uncover Cyber Espionage Operation Aimed At Indian Army Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal…

Read more →

Read the original article: Red Team — Automation or Simulation? What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does…

Read more →

Read the original article: Microsoft Windows XP Source Code Reportedly Leaked Online Microsoft’s long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server…

Read more →

Read the original article: FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target…

Read more →

Read the original article: Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in…

Read more →

Read the original article: Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about…

Read more →

Read the original article: Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability If you’re administrating Windows Server, make sure it’s up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability…

Read more →

Read the original article: A New Hacking Group Hitting Russian Companies With Ransomware As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks…

Read more →

Read the original article: Unsecured Microsoft Bing Server Exposed Users’ Search Queries and Location A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among…

Read more →

Read the original article: Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates,…

Read more →

Read the original article: British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on…

Read more →

Read the original article: A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a…

Read more →

Read the original article: A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the…

Read more →

Read the original article: Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and…

Read more →

Read the original article: U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting…

Read more →

Read the original article: Android 11 — 5 New Security and Privacy Features You Need to Know After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile…

Read more →

Read the original article: Zenscrape: A Simple Web Scraping Solution for Penetration Testers Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To…

Read more →

Read the original article: U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and…

Read more →

Read the original article: FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible…

Read more →

Read the original article: 2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the…

Read more →

Read the original article: New Report Explains COVID-19’s Impact on Cyber Security Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating…

Read more →

Read the original article: Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web In a new report into the global cybersecurity industry’s exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97%…

Read more →

Read the original article: CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US…

Read more →

Read the original article: New Linux Malware Steals Call Details from VoIP Softswitch Systems Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone…

Read more →

Read the original article: New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects…

Read more →

Read the original article: Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole…

Read more →

Read the original article: New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and…

Read more →

Read the original article: A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption IT help desks everywhere are having to adjust to the ‘new normal’ of supporting mainly remote workers. This is a major shift away from visiting desks…

Read more →

Read the original article: Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine We have all heard of the “cybersecurity skills gap” — firms’ inability to hire and retain high-level cybersecurity talent. I see this gap…

Read more →

Read the original article: Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious…

Read more →

Read the original article: Microsoft Releases September 2020 Security Patches For 129 Flaws As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting…

Read more →

Read the original article: Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan,…

Read more →

Read the original article: SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from…

Read more →

Read the original article: New PIN Verification Bypass Flaw Affects Visa Contactless Payments Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered a new flaw in the company’s EMV enabled…

Read more →

Read the original article: Evilnum hackers targeting financial firms with a new Python-based RAT An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT)…

Read more →

Read the original article: Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if…

Read more →

Read the original article: (Live) Webinar – XDR and Beyond with Autonomous Breach Protection Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. XDR is a new technology approach that combines…

Read more →

Read the original article: New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging…

Read more →

Read the original article: Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of…

Read more →

Read the original article: Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild Cisco has warned of an active zero-day vulnerability in its router software that’s being exploited in the wild and could allow a remote,…

Read more →

Read the original article: Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp…

Read more →

Read the original article: QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve…

Read more →

Read the original article: Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware Hackers always find a way in, even if there’s no software vulnerability to exploit. The FBI has arrested a Russian national who recently…

Read more →

Read the original article: Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said…

Read more →

Read the original article: APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used…

Read more →

Read the original article: APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used…

Read more →

Read the original article: Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to…

Read more →

Read the original article: Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59 “In today’s knowledge economy, continual learning is an imperative.” — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone…

Read more →

Read the original article: Google Researcher Reported 3 Flaws in Apache Web Server Software If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over…

Read more →

Read the original article: A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling…

Read more →

Read the original article: Hackers Target Defense Contractors’ Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly…

Read more →

Read the original article: Former Uber Security Chief Charged Over Covering Up 2016 Data Breach The federal prosecutors in the United States have charged Uber’s former chief security officer, Joe Sullivan, for covering up a massive data breach that the…

Read more →

Read the original article: Hackers Target Defence Contractors’ Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly…

Read more →

Read the original article: Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified The South African arm of one of the world’s largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions…

Read more →

Read the original article: Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2 Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new…

Read more →

Read the original article: Experts Reported Security Bug in IBM’s Db2 Data Management Software Cybersecurity researchers today disclosed details of a memory vulnerability in IBM’s Db2 family of data management products that could potentially allow a local attacker to access…

Read more →

Read the original article: XDR: The Next Level of Prevention, Detection and Response [New Guide] One new security technology we keep hearing about is Extended Detection and Response (XDR). This new technology merges multiple prevention and detection technologies on a…

Read more →

Read the original article: A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.…

Read more →

Read the original article: Critical Jenkins Server Vulnerability Could Leak Sensitive Information Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential…

Read more →

Read the original article: Researchers Exploited A Bug in Emotet to Stop the Spread of Malware Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch…

Read more →

Read the original article: How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations’ cybersecurity strategies. WAFs…

Read more →

Read the original article: New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today…

Read more →

Read the original article: Amazon Alexa Bugs Allowed Hackers to Install Malicious Skills Remotely Attention! If you use Amazon’s voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and…

Read more →

Read the original article: Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month’s…

Read more →

Read the original article: Flaws in Samsung Phones Exposed Android Users to Remote Attacks New research disclosed a string of severe security vulnerabilities in the ‘Find My Mobile’—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed…

Read more →

Read the original article: Contrast Community Edition Empowers Developers to Write Secure Code Faster As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential…

Read more →

Read the original article: Critical Flaws Affect Citrix Endpoint Management (XenMobile Servers) Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage…

Read more →

Read the original article: Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to…

Read more →

Read the original article: A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet…

Read more →

Read the original article: TeamViewer Flaw Could Let Hackers Steal System Password Remotely If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently…

Read more →

Read the original article: Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a…

Read more →

Read the original article: Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain…

Read more →