The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 23 min 13 sek zpět

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

18 Květen, 2022 - 18:06
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new report shared with The
Kategorie: Hacking & Security

How to Protect Your Data When Ransomware Strikes

18 Květen, 2022 - 16:24
Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite
Kategorie: Hacking & Security

U.S. Warns Against North Korean Hackers Posing as IT Freelancers

18 Květen, 2022 - 14:11
Highly skilled software and mobile app developers from the Democratic People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in hopes of landing freelance employment in an attempt to enable the regime's malicious cyber intrusions. That's according to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI)
Kategorie: Hacking & Security

[eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery

18 Květen, 2022 - 12:23
To cash in on a thriving market, a managed security service provider (MSSP) must navigate unprecedented competition and complex challenges. The good news is that demand is through the roof. 69% of organizations plan to boost spending on cybersecurity in 2022.  The bad news is that everyone wants a piece of the pie. MSSPs must outshine each other while fending off encroachments by traditional IT
Kategorie: Hacking & Security

Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

18 Květen, 2022 - 12:18
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility "sqlps.exe," the tech giant said in a series of tweets. The ultimate goals of the
Kategorie: Hacking & Security

Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets

18 Květen, 2022 - 10:31
Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet. "Cryware are information stealers that
Kategorie: Hacking & Security

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

18 Květen, 2022 - 08:32
The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website. "We have our insiders in your government. We are also
Kategorie: Hacking & Security

U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

18 Květen, 2022 - 05:27
The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the
Kategorie: Hacking & Security

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

17 Květen, 2022 - 15:38
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat
Kategorie: Hacking & Security

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

17 Květen, 2022 - 15:26
More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.  "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a
Kategorie: Hacking & Security

Are You Investing in Securing Your Data in the Cloud?

17 Květen, 2022 - 15:25
Traditional businesses migrating to the cloud need robust information security mechanisms. Gartner predicts that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered more secure, not all
Kategorie: Hacking & Security

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

17 Květen, 2022 - 11:37
Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the
Kategorie: Hacking & Security

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

17 Květen, 2022 - 05:24
Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw
Kategorie: Hacking & Security

Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram

17 Květen, 2022 - 04:55
An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the
Kategorie: Hacking & Security

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

17 Květen, 2022 - 04:53
The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2" (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp sets ground rules, requiring
Kategorie: Hacking & Security

Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers

17 Květen, 2022 - 04:53
A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev, who pleaded guilty to his offenses earlier this February, was arrested in Poland in October 2020, before being extradited to the U.S. in September
Kategorie: Hacking & Security

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

17 Květen, 2022 - 04:52
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick 
Kategorie: Hacking & Security

Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF

17 Květen, 2022 - 04:51
A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while
Kategorie: Hacking & Security

Fake Clickjacking Bug Bounty Reports: The Key Facts

16 Květen, 2022 - 13:21
Are you aware of fake clickjacking bug bounty reports? If not, you should be. This article will get you up to speed and help you to stay alert. What are clickjacking bug bounty reports? If we start by breaking up the term into its component parts, a bug bounty is a program offered by an organization, in which individuals are rewarded for finding and reporting software bugs. These programs are
Kategorie: Hacking & Security

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

14 Květen, 2022 - 09:45
Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, with five
Kategorie: Hacking & Security