The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 1 min 28 sek zpět

Can Data Protection Systems Prevent Data At Rest Leakage?

13 Květen, 2021 - 17:34
Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions. What's the best way to protect your data? It
Kategorie: Hacking & Security

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

13 Květen, 2021 - 12:54
Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world," said Anne An, a senior
Kategorie: Hacking & Security

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

12 Květen, 2021 - 15:21
Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called FragAttacks (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi
Kategorie: Hacking & Security

U.S. Intelligence Agencies Warn About 5G Network Weaknesses

12 Květen, 2021 - 15:15
Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was
Kategorie: Hacking & Security

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

12 Květen, 2021 - 11:15
Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are publicly known, although, unlike 
Kategorie: Hacking & Security

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations

12 Květen, 2021 - 10:28
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers
Kategorie: Hacking & Security

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

12 Květen, 2021 - 08:42
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento,
Kategorie: Hacking & Security

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

12 Květen, 2021 - 05:23
The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of
Kategorie: Hacking & Security

Experts warn of a new Android banking trojan stealing users' credentials

12 Květen, 2021 - 05:21
Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot" (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021,
Kategorie: Hacking & Security

LIVE Webinar — The Rabbit Hole of Automation

11 Květen, 2021 - 15:24
The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever been before. On the other hand, are we really prepared to hand the reins over to completely
Kategorie: Hacking & Security

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

11 Květen, 2021 - 14:25
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a
Kategorie: Hacking & Security

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

11 Květen, 2021 - 08:23
Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and
Kategorie: Hacking & Security

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

11 Květen, 2021 - 08:21
WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marks a
Kategorie: Hacking & Security

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

10 Květen, 2021 - 14:41
Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and
Kategorie: Hacking & Security

Is it still a good idea to require users to change their passwords?

10 Květen, 2021 - 14:09
For as long as corporate IT has been in existence, users have been required to change their passwords periodically. In fact, the need for scheduled password changes may be one of the most long-standing of all IT best practices. Recently, however, things have started to change. Microsoft has reversed course on the best practices that it has had in place for decades and no longer recommends that
Kategorie: Hacking & Security

Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down

10 Květen, 2021 - 11:09
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating how infrastructure is vulnerable to cyber attacks. "On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack," the company said in a statement posted on its website. "We have since
Kategorie: Hacking & Security

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

10 Květen, 2021 - 08:17
Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr
Kategorie: Hacking & Security

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

8 Květen, 2021 - 14:35
Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback
Kategorie: Hacking & Security

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

8 Květen, 2021 - 13:47
The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named '21Nails,' the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be exploited remotely. The
Kategorie: Hacking & Security

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

8 Květen, 2021 - 11:32
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called 'TsuNAME,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '.
Kategorie: Hacking & Security