The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 55 min zpět

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

3 hodiny 11 min zpět
A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private voice messages, photos, and videos, stored
Kategorie: Hacking & Security

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

8 hodin 30 min zpět
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both
Kategorie: Hacking & Security

4 Free Online Cyber Security Testing Tools For 2021

9 hodin 55 sek zpět
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic
Kategorie: Hacking & Security

Indian National Gets 20-Year Jail in United States for Running Scam Call Centers

9 hodin 47 min zpět
An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel (aka Hitesh Hinglaj), who hails from the city of Ahmedabad, India, was sentenced in connection with charges of fraud and money laundering. He was
Kategorie: Hacking & Security

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

30 Listopad, 2020 - 13:52
Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users out of their accounts. But what do you do if you are experiencing problems with account
Kategorie: Hacking & Security

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

27 Listopad, 2020 - 09:17
A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of
Kategorie: Hacking & Security

Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF

26 Listopad, 2020 - 18:43
Many of us here would love to turn hacking into a full-time career. To make that dream come true, you need to master your subject and earn some key certifications. To speed up this process, you might want to take a little guidance from the experts. Featuring 98 hours of content from top instructors, The Ultimate 2020 White Hat Hacker Certification Bundle is the ultimate launchpad for your career
Kategorie: Hacking & Security

China's Baidu Android Apps Caught Collecting Sensitive User Data

26 Listopad, 2020 - 07:57
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users' knowledge, thus making
Kategorie: Hacking & Security

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

26 Listopad, 2020 - 07:22
Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed "Operation Falcon," was jointly undertaken by the international police organization along with
Kategorie: Hacking & Security

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

25 Listopad, 2020 - 08:14
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2,
Kategorie: Hacking & Security

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

24 Listopad, 2020 - 15:56
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor
Kategorie: Hacking & Security

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

24 Listopad, 2020 - 08:08
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating
Kategorie: Hacking & Security

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

24 Listopad, 2020 - 06:53
Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google's Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version
Kategorie: Hacking & Security

Evolution of Emotet: From Banking Trojan to Malware Distributor

23 Listopad, 2020 - 18:22
Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being constantly under development, Emotet updates itself regularly to improve stealthiness, persistence,
Kategorie: Hacking & Security

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

23 Listopad, 2020 - 09:02
At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is the first line
Kategorie: Hacking & Security

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

20 Listopad, 2020 - 05:35
GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user,"
Kategorie: Hacking & Security

Researchers Warn of Critical Flaw Affecting Industrial Automation Systems

19 Listopad, 2020 - 12:26
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/O applications in North America." "Successful exploitation of this vulnerability could cause a
Kategorie: Hacking & Security

Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets

18 Listopad, 2020 - 10:47
Sound security budget planning and execution are essential for CIO's/CISO's success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame. The dynamic nature of the
Kategorie: Hacking & Security

Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs

18 Listopad, 2020 - 10:14
Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers. The issue was first spotted last month by a Twitter user named Maxwell in a beta version of the operating system. "Some
Kategorie: Hacking & Security

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

17 Listopad, 2020 - 17:09
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the
Kategorie: Hacking & Security