The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 29 min 1 sek zpět

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

22 Listopad, 2024 - 07:15
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting
Kategorie: Hacking & Security

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

22 Listopad, 2024 - 07:15
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

21 Listopad, 2024 - 17:22
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia
Kategorie: Hacking & Security

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

21 Listopad, 2024 - 17:22
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

21 Listopad, 2024 - 16:50
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
Kategorie: Hacking & Security

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

21 Listopad, 2024 - 16:50
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
Kategorie: Hacking & Security

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

21 Listopad, 2024 - 13:23
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In
Kategorie: Hacking & Security

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

21 Listopad, 2024 - 13:23
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In [email protected]
Kategorie: Hacking & Security

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

21 Listopad, 2024 - 13:04
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and
Kategorie: Hacking & Security

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

21 Listopad, 2024 - 13:04
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cyber Story Time: The Boy Who Cried "Secure!"

21 Listopad, 2024 - 12:30
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse
Kategorie: Hacking & Security

Cyber Story Time: The Boy Who Cried "Secure!"

21 Listopad, 2024 - 12:30
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse [email protected]
Kategorie: Hacking & Security

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

21 Listopad, 2024 - 12:00
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,
Kategorie: Hacking & Security

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

21 Listopad, 2024 - 12:00
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

21 Listopad, 2024 - 10:16
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been
Kategorie: Hacking & Security

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

21 Listopad, 2024 - 10:16
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

21 Listopad, 2024 - 08:13
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"
Kategorie: Hacking & Security

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

21 Listopad, 2024 - 08:13
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

21 Listopad, 2024 - 07:34
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher
Kategorie: Hacking & Security

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

21 Listopad, 2024 - 07:34
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security