Category: The Hacker News

Read the original article: Use This Definitive RFP Template to Effectively Evaluate XDR solutions A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and…

Read more →

Read the original article: A New Ransomware Targeting Apple macOS Users Through Pirated Apps Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab…

Read more →

Read the original article: Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced…

Read more →

Read the original article: Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of…

Read more →

Read the original article: e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata In what’s one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly…

Read more →

Read the original article: ‘Satori’ IoT DDoS Botnet Operator Sentenced to 13 Months in Prison The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware,…

Read more →

Read the original article: WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the…

Read more →

Read the original article: Critical Bugs and Backdoor Found in GeoVision’s Fingerprint and Card Scanners GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners…

Read more →

Read the original article: Docker Images Containing Cryptojacking Malware Distributed via Docker Hub With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and…

Read more →

Read the original article: New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur Unprecedented times call for unprecedented measures. No, we’re not talking about ‘coronavirus,’ the current global pandemic because of which Apple—for the very…

Read more →

Read the original article: VirusTotal Adds Cynet’s Artificial Intelligence-Based Malware Detection VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. VirusTotal provides a free…

Read more →

Read the original article: Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards Researchers reported on Monday that hackers are now exploiting Google’s Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to…

Read more →

Read the original article: Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion…

Read more →

Read the original article: Over 100 New Chrome Browser Extensions Caught Spying On Users Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a “massive global…

Read more →

Read the original article: InvisiMole Hackers Target High-Profile Military and Diplomatic Entities Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage. The findings…

Read more →

Read the original article: Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more…

Read more →

Read the original article: Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East…

Read more →

Read the original article: New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking The Department of Homeland Security and CISA ICS-CERT will today issue a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting…

Read more →

Read the original article: New Critical Flaws Put Billions of Internet-Connected Devices at Risk of Hacking The Department of Homeland Security and CISA ICS-CERT will today issue a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting…

Read more →

Read the original article: Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations If your business operations and security of sensitive data rely on Oracle’s E-Business Suite (EBS), make sure you recently updated and are running the latest available version…

Read more →

Read the original article: WebAuthn Passwordless Authentication Now Available for Atlassian Products Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git…

Read more →

Read the original article: New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and…

Read more →

Read the original article: Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room You might not believe it, but it’s possible to spy on secret conversations happening in a room from a nearby remote location…

Read more →

Read the original article: A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered…

Read more →

Read the original article: Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE).…

Read more →

Read the original article: MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider…

Read more →

Read the original article: Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.…

Read more →

Read the original article: SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined…

Read more →

Read the original article: Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems…

Read more →

Read the original article: Security Drift – The Silent Killer Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual…

Read more →

Read the original article: Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and…

Read more →

Read the original article: Any Indian DigiLocker Account Could’ve Been Accessed Without Password The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass…

Read more →

Read the original article: New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research…

Read more →

Read the original article: Two Critical Flaws in Zoom Could’ve Let Attackers Hack Systems via Chat If you’re using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version…

Read more →

Read the original article: Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the…

Read more →

Read the original article: New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task…

Read more →

Read the original article: Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers Cybersecurity researchers today disclosed details for a new vulnerability in VMware’s Cloud Director platform that could potentially allow an attacker to gain access to sensitive…

Read more →

Read the original article: How to Create a Culture of Kick-Ass DevSecOps Engineers Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more…

Read more →

Read the original article: Joomla Resources Directory (JRD) Portal Suffers Data Breach Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources…

Read more →

Read the original article: Critical ‘Sign in with Apple’ Bug Could Have Let Attackers Hijack Anyone’s Account Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in…

Read more →

Read the original article: New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly…

Read more →

Read the original article: Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds Mitron (means “friends” in Hindi), you have been fooled again! Mitron is not really a ‘Made in India’ product, and the viral app…

Read more →

Read the original article: A New Free Monitoring Tool to Measure Your Dark Web Exposure Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization’s exposure on the Dark Web. To improve the decision-making…

Read more →

Read the original article: Researchers Uncover Brazilian Hacktivist’s Identity Who Defaced Over 4800 Sites It’s one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It’s, however, an entirely different thing…

Read more →

Read the original article: Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The…

Read more →

Read the original article: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to…

Read more →

Read the original article: New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages…

Read more →

Read the original article: New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug The hacking team behind the “unc0ver” jailbreaking tool has released a new version of the software that can unlock every single iPhone, including…

Read more →

Read the original article: How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19 The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other,…

Read more →

Read the original article: Iranian APT Group Targets Governments in Kuwait and Saudi Arabia Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were…

Read more →

Read the original article: [Guide] Finding Best Security Outsourcing Alternative for Your Organization As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar…

Read more →

Read the original article: New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown…

Read more →

Read the original article: Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email…

Read more →

Read the original article: Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users Brazil’s biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers’ personal and payment-related information publicly accessible online that could have been accessed…

Read more →

Read the original article: British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers’ Data British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled “highly sophisticated,” exposing email addresses and travel…

Read more →

Read the original article: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing…

Read more →

Read the original article: HTTP Status Codes Command This Malware How to Control Hacked Systems A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted…

Read more →

Read the original article: Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the…

Read more →

Read the original article: Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s…

Read more →

Read the original article: Researcher Spots New Malware Claimed to be ‘Tailored for Air‑Gapped Networks’ A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware…

Read more →

Read the original article: U.S Defence Warns of 3 New Malware Used by North Korean Hackers Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about…

Read more →

Read the original article: Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase Databases More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords,…

Read more →

Read the original article: Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no…

Read more →

Read the original article: An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that…

Read more →

Read the original article: 7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past…

Read more →

Read the original article: DigitalOcean Data Leak Incident Exposed Some of Its Customers Data DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown…

Read more →

Read the original article: This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam,…

Read more →

Read the original article: Facebook Launches ‘Discover,’ A Secure Proxy to Browse the Internet for Free More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back…

Read more →

Read the original article: Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities…

Read more →

Read the original article: Download: ‘Coronavirus Cyber Security for Management’ Template for CISOs The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations’ management. As a result, CIOs and CISOs face a double challenge on…

Read more →

Read the original article: Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should…

Read more →

Read the original article: New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers A researcher from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive…

Read more →

Read the original article: Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach…

Read more →

Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on…

Read more →

Read the original article: Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany,…

Read more →

Read the original article: New Android Malware Steals Banking Passwords, Private Data and Keystrokes A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and…

Read more →

Read the original article: Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use…

Read more →

Read the original article: Cato SDP: Cloud-Scale and Global Remote Access Solution Review The Scouts acknowledged the necessity to “Be Prepared” over 100 years (!) ago; the industry should have, as well. Yet COVID-19 took businesses – more like the…

Read more →

Read the original article: Critical Security Patches Released for Magento, Adobe Illustrator and Bridge It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical…

Read more →

Read the original article: Researchers Uncover Novel Way to De-anonymize Device IDs to Users’ Biometrics Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The…

Read more →

Read the original article: How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire…

Read more →

Read the original article: Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly…

Read more →

Read the original article: Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to…

Read more →

Read the original article: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails Watch out Apple users! The default mail app pre-installed on millions of iPhone and iPad has been found vulnerable to two critical flaws that could…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghurs Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: The Incident Response Challenge 2020 — Win $5,000 Prize! Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges…

Read more →

Read the original article: Researcher Discloses 4 Zero-Day Bugs in IBM’s Enterprise Security Software A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company…

Read more →

Read the original article: Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the…

Read more →

Read the original article: COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive…

Read more →

Read the original article: CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as…

Read more →

Read the original article: Why SaaS opens the door to so many cyber threats (and how to make it safer) Cloud services have become increasingly important to many companies’ daily operations, and the rapid adoption of web apps has allowed…

Read more →

Read the original article: Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to…

Read more →

Read the original article: U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers The United States agencies today released a joint advisory warning the world about the ‘significant cyber threat’ posed by North Korean state-sponsored hackers…

Read more →

Read the original article: How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize Revolutionary ideas in science, technology, engineering, and mathematics don’t occur every day. But when those “eureka” moments happen, we need to provide…

Read more →

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of a coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch…

Read more →

Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS. Dubbed ‘SafeBIOS Events & Indicators of Attack’ (IoA), the…

Read more →

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo…

Read more →