The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 47 min 39 sek zpět

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

19 Listopad, 2024 - 10:40
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group
Kategorie: Hacking & Security

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

19 Listopad, 2024 - 10:40
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

19 Listopad, 2024 - 08:02
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any,
Kategorie: Hacking & Security

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

19 Listopad, 2024 - 08:02
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

19 Listopad, 2024 - 07:31
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It wasRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

19 Listopad, 2024 - 07:31
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was
Kategorie: Hacking & Security

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

18 Listopad, 2024 - 17:48
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security
Kategorie: Hacking & Security

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

18 Listopad, 2024 - 17:48
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

18 Listopad, 2024 - 15:00
According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid
Kategorie: Hacking & Security

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

18 Listopad, 2024 - 15:00
According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

18 Listopad, 2024 - 12:36
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in
Kategorie: Hacking & Security

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

18 Listopad, 2024 - 12:36
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

18 Listopad, 2024 - 12:15
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to
Kategorie: Hacking & Security

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

18 Listopad, 2024 - 12:15
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),
Kategorie: Hacking & Security

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

18 Listopad, 2024 - 12:15
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

18 Listopad, 2024 - 12:15
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

18 Listopad, 2024 - 11:56
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
Kategorie: Hacking & Security

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

18 Listopad, 2024 - 11:56
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted productsRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

18 Listopad, 2024 - 06:52
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as
Kategorie: Hacking & Security

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

18 Listopad, 2024 - 06:52
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security