Lucene search
K

20784 matches found

The Hacker News
The Hacker News
added 2021/06/30 12:56 p.m.33 views

Authorities Seize DoubleVPN Service Used by Cybercriminals

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/30 11:28 a.m.456 views

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

A proof-of-concept PoC exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full contr...

9.3CVSS1.1AI score0.86132EPSS
Exploits80
The Hacker News
The Hacker News
added 2021/06/30 7:10 a.m.81 views

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/29 1:6 p.m.44 views

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/29 9:48 a.m.43 views

New API Lets App Developers Authenticate Users via SIM Cards

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity –...

Exploits0
The Hacker News
The Hacker News
added 2021/06/29 9:39 a.m.108 views

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/28 1:8 p.m.126 views

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 CVSS score: 5.4, the weakness...

2.1AI score0.02068EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/28 7:54 a.m.50 views

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control C2 servers located in China. The driver, called "Netfilter," is said to target gaming environments,...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/28 7:2 a.m.53 views

DMARC: The First Line of Defense Against Ransomware

There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action. The FBI IC3 report of 2020...

Exploits0
The Hacker News
The Hacker News
added 2021/06/28 6:39 a.m.622 views

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...

7.5CVSS1.6AI score0.99992EPSS
Exploits26
The Hacker News
The Hacker News
added 2021/06/28 3:27 a.m.56 views

SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/25 1:32 p.m.48 views

Google Extends Support for Tracking Party Cookies Until 2023

Google's sweeping proposal to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/25 10:37 a.m.92 views

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have...

10CVSS2.6AI score0.90049EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/06/25 10:16 a.m.61 views

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros $2 million in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/25 8:5 a.m.63 views

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33,...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/25 6:35 a.m.116 views

Clop Gang Partners Laundered $500 Million in Ransomware Payments

The cybercrime ring that was apprehended last week in connection with Clop aka Cl0p ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group — also known as...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 10:24 a.m.78 views

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the...

7.5CVSS1.1AI score0.00626EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 10:13 a.m.31 views

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had t...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 10:5 a.m.96 views

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on SSO capability. "With just one click, an attacker could have...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 8:0 a.m.87 views

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standar...

9.8CVSS1.1AI score0.10619EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 6:44 a.m.51 views

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/23 2:36 p.m.41 views

Pakistan-linked hackers targeted Indian power company with ReverseRat

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/23 9:33 a.m.37 views

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/23 8:43 a.m.71 views

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's...

8.8CVSS6.7AI score0.00921EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/06/23 5:11 a.m.1677 views

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcomin...

9.8CVSS9.6AI score0.26869EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/22 7:19 p.m.49 views

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software FOSS marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution RCE. "Linux marketplaces that are...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/22 10:2 a.m.61 views

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control C2 communications. "The ransomware is...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/22 7:24 a.m.94 views

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module SOM series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from...

1.1AI score0.00256EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/21 2:17 p.m.45 views

5 Critical Steps to Recover From a Ransomware Attack

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/21 10:5 a.m.50 views

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/21 7:30 a.m.54 views

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone's Wi-Fi functionality gets permanently disabled after...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/19 6:34 a.m.104 views

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

South Korea's state-run Korea Atomic Energy Research Institute KAERI on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/19 6:13 a.m.85 views

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future th...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/18 1:7 p.m.40 views

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Russia's telecommunications and media regulator Roskomnadzor RKN on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal,...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/18 7:20 a.m.50 views

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/18 6:33 a.m.45 views

[eBook] 7 Signs You Might Need a New Detection and Response Tool

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/18 3:16 a.m.183 views

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL aka Web...

8.8CVSS0.64701EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/06/17 12:9 p.m.49 views

Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

A Middle Eastern advanced persistent threat APT group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/17 10:25 a.m.62 views

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan RAT capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky,...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/17 8:6 a.m.49 views

Strengthen Your Password Policy With GDPR Compliance

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/17 7:46 a.m.59 views

Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique

Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malwar...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/16 2:44 p.m.29 views

Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks

Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of an international operation between the National Police of Ukraine and authoriti...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/16 12:25 p.m.33 views

Malware Attack on South Korean Entities Was Work of Andariel Group

A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development. "The way...

Exploits0
The Hacker News
The Hacker News
added 2021/06/16 8:36 a.m.34 views

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/16 7:0 a.m.116 views

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit SDK that could be abused by an adversary to gain improper access to audio and video streams. "Successful...

0.1AI score0.00578EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/15 1:5 p.m.35 views

Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures TTPs adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER. "In many ways, the GOLD WINTER...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/15 11:12 a.m.98 views

Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them

Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," security researcher Mayur Fartade said in a Medium post today. "An...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/15 3:32 a.m.499 views

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with fixes for three security bugs, including a memory corruption issue in ASN.1 decoder...

9.8CVSS0.7AI score0.68531EPSS
Exploits6
The Hacker News
The Hacker News
added 2021/06/14 2:26 p.m.54 views

Google Workspace Now Offers Client-side Encryption For Drive and Docs

Google on Monday announced that it's rolling out client-side encryption to Google Workspace formerly G Suite, thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. "With client-side encryption, customer data is...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/14 1:34 p.m.755 views

NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers

A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack...

9.3CVSS8.2AI score0.99966EPSS
Exploits42
Total number of security vulnerabilities20784