Lucene search
K

20783 matches found

The Hacker News
The Hacker News
added 2021/06/14 6:59 a.m.77 views

Chinese Hackers Believed to be Behind Second Cyberattack on Air India

Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/11 1:14 p.m.56 views

Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy

Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/11 9:28 a.m.90 views

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker t...

8.8CVSS1.4AI score0.00177EPSS
Exploits6
The Hacker News
The Hacker News
added 2021/06/11 8:17 a.m.47 views

Live Cybersecurity Webinar — Deconstructing Cobalt Strike

Organizations' cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/11 7:47 a.m.216 views

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 CVSS score: 7.8, the flaw affects polkit versions...

7.8CVSS0.6AI score0.22193EPSS
Exploits37
The Hacker News
The Hacker News
added 2021/06/11 7:1 a.m.290 views

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

Cybersecurity researchers on Thursday took the wraps off a new cyber espionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed "BackdoorDiplomacy," the campaign involves...

10CVSS0.8AI score0.99999EPSS
Exploits60
The Hacker News
The Hacker News
added 2021/06/11 4:38 a.m.52 views

U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins

The U.S. Department of Justice DoJ Thursday said it disrupted and took down the infrastructure of an underground marketplace known as "Slilpp" that specialized in trading stolen login credentials as part of an international law enforcement operation. Over a dozen individuals have been charged or...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/10 10:51 a.m.83 views

Emerging Ransomware Targets Dozens of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomwar...

7.5CVSS1AI score0.99906EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/10 9:52 a.m.50 views

Using Breached Password Detection Services to Prevent Cyberattack

Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/10 5:46 a.m.77 views

Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack

Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. "In consultation with internal IT professionals and third-party cybersecurity experts, the company made the...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/10 4:14 a.m.460 views

New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered...

8.8CVSS9.1AI score0.70435EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/06/09 4:39 p.m.132 views

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/09 10:43 a.m.109 views

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/09 10:17 a.m.53 views

EBook – Creating a Large Company Security Stack on a Lean Company Budget

The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity. Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/09 6:7 a.m.303 views

Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs

Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visu...

9.6CVSS0.9AI score0.80263EPSS
Exploits8
The Hacker News
The Hacker News
added 2021/06/08 4:1 p.m.102 views

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation FBI and Australian Federal Police AFP ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside AFP,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/08 10:31 a.m.172 views

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to...

7.8CVSS1.4AI score0.16012EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/08 10:0 a.m.42 views

Top 10 Privacy and Security Features Apple Announced at WWDC 2021

Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1 — Decouple Security Patches...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/08 7:56 a.m.53 views

U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers

In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins currently valued at $2.3 million paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/07 3:35 p.m.44 views

Shifting the focus from reactive to proactive, with human-led secure coding

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/07 2:52 p.m.46 views

Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/07 10:41 a.m.59 views

Hackers Breached Colonial Pipeline Using Compromised VPN Password

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network VPN account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomber...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/07 7:0 a.m.49 views

Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware

The U.S. Department of Justice DoJ on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/05 1:56 p.m.89 views

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilitie...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/05 11:29 a.m.58 views

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch, went into...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/05 10:58 a.m.686 views

ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by...

10CVSS1AI score0.99999EPSS
Exploits58
The Hacker News
The Hacker News
added 2021/06/04 4:10 p.m.41 views

Google to Let Android Users Opt-Out to Stop Ads From Tracking Them

Google is tightening its privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple's move to enable...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/04 1:3 p.m.80 views

10 Critical Flaws Found in CODESYS Industrial Automation Software

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers PLCs. "To exploit the vulnerabilities, an attacker does not need a username or...

9.8CVSS1.8AI score0.07356EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/04 6:1 a.m.64 views

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/03 5:1 p.m.641 views

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numero...

10CVSS10AI score0.9957EPSS
Exploits103
The Hacker News
The Hacker News
added 2021/06/03 2:19 p.m.49 views

The Vulnerabilities of the Past Are the Vulnerabilities of the Future

Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considere...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/03 11:54 a.m.104 views

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root...

8CVSS1.3AI score0.02009EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/06/03 10:28 a.m.53 views

Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia

An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years. "In this campaign, the attackers utilized the set of Microsoft Office exploits and...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/02 12:45 p.m.209 views

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/02 11:36 a.m.56 views

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed t...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/02 9:55 a.m.110 views

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/02 6:11 a.m.60 views

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice DoJ Tuesday said it intervened to take control of two command-and-control C2 and malware...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/01 12:35 p.m.51 views

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/01 8:41 a.m.79 views

Report: Danish Secret Service Helped NSA Spy On European Politicians

The U.S. National Security Agency NSA used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of t...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/31 12:13 p.m.56 views

Can Your Business Email Be Spoofed? Check Your Domain Security Now!

Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory -...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/31 12:13 p.m.150 views

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/31 7:52 a.m.103 views

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers PLCs that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code...

9.8CVSS1.9AI score0.05184EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/05/29 8:34 a.m.156 views

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the...

8.1CVSS7.1AI score0.10648EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/05/28 3:30 p.m.61 views

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/28 11:24 a.m.78 views

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were...

6.1CVSS0.2AI score0.07082EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/05/28 7:29 a.m.286 views

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures TTPs adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's...

10CVSS0.4AI score0.47172EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/05/27 2:34 p.m.48 views

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/27 10:3 a.m.59 views

Hackers Using Fake Foundations to Target Uyghur Minority in China

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creatin...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/27 6:35 a.m.63 views

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment IDE. The vulnerable extensions could be exploited to run arbitrary code on ...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/26 3:30 p.m.282 views

Data Wiper Malware Disguised As Ransomware Targets Israeli Entities

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. Cybersecurity firm SentinelOne attributed the attacks to a nation-stat...

9.8CVSS1.5AI score0.99999EPSS
Exploits22
Total number of security vulnerabilities20783