Kategorie

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one video course, andThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitraryRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Double-play 0-day in Exchange - what you need to know, and what you can do

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

It's no secret that the IT department has struggled with encryption for Linux devices many years due to a gap in the management and compliance capability available in their current Linux solution sets.

While Linux does have a variety of security features to help make it safer, it's not impenetrable, which is why you need open-source tools to secure your Linux server.

Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.

A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones, The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, a threat Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. TheRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried outRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, theThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com

UK-based Linux hardware vendor Star Labs took to Twitter to share more details on its upcoming Linux laptop called StarFighter, which looks to the company's first notebook to feature a 4K display.