The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 45 min 1 sek zpět

Cisco Releases Security Patches for Critical Flaws Affecting its Products

1 hodina 5 min zpět
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful
Kategorie: Hacking & Security

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

1 hodina 37 min zpět
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said
Kategorie: Hacking & Security

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

1 hodina 38 min zpět
On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA). Although the group has since signed off following the unprecedented disclosures, new "conclusive"
Kategorie: Hacking & Security

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

25 Únor, 2021 - 17:58
Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most
Kategorie: Hacking & Security

The Top Free Tools for Sysadmins in 2021

25 Únor, 2021 - 12:18
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software
Kategorie: Hacking & Security

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

24 Únor, 2021 - 18:35
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying
Kategorie: Hacking & Security

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

24 Únor, 2021 - 18:22
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without
Kategorie: Hacking & Security

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

24 Únor, 2021 - 16:29
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The
Kategorie: Hacking & Security

Everything You Need to Know About Evolving Threat of Ransomware

24 Únor, 2021 - 14:05
The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and
Kategorie: Hacking & Security

Experts Find a Way to Learn What You're Typing During Video Calls

24 Únor, 2021 - 07:37
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack
Kategorie: Hacking & Security

5 Security Lessons for Small Security Teams for the Post COVID19 Era

23 Únor, 2021 - 12:01
A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working
Kategorie: Hacking & Security

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

23 Únor, 2021 - 11:46
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain
Kategorie: Hacking & Security

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

23 Únor, 2021 - 09:26
Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named
Kategorie: Hacking & Security

How to Fight Business Email Compromise (BEC) with Email Authentication?

22 Únor, 2021 - 14:22
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and
Kategorie: Hacking & Security

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

22 Únor, 2021 - 11:38
Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload
Kategorie: Hacking & Security

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

22 Únor, 2021 - 05:56
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called "Private Window with Tor" that integrates the Tor anonymity
Kategorie: Hacking & Security

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

22 Únor, 2021 - 05:56
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices
Kategorie: Hacking & Security

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

20 Únor, 2021 - 17:01
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a
Kategorie: Hacking & Security

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

19 Únor, 2021 - 10:18
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a .NET-based malware with capabilities to hinder static analysis —
Kategorie: Hacking & Security

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

19 Únor, 2021 - 08:27
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to
Kategorie: Hacking & Security