Lucene search
K

20790 matches found

The Hacker News
The Hacker News
added 2021/02/25 1:59 p.m.3 views

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/25 11:18 a.m.4 views

The Top Free Tools for Sysadmins in 2021

It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/25 11:18 a.m.72 views

The Top Free Tools for Sysadmins in 2021

It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/25 9:13 a.m.55 views

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of informatio...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/25 9:13 a.m.7 views

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of informatio...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 4:4 p.m.24 views

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 4:4 p.m.3 views

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 3:29 p.m.5 views

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or othe...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 3:29 p.m.14 views

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or othe...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 12:32 p.m.4 views

Everything You Need to Know About Evolving Threat of Ransomware

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 12:32 p.m.197 views

Everything You Need to Know About Evolving Threat of Ransomware

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/24 7:54 a.m.4 views

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...

10CVSS7.9AI score0.9957EPSS
Exploits54
The Hacker News
The Hacker News
added 2021/02/24 7:54 a.m.1836 views

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...

10CVSS1AI score0.99999EPSS
Exploits103
The Hacker News
The Hacker News
added 2021/02/23 1:37 p.m.46 views

Experts Find a Way to Learn What You're Typing During Video Calls

A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 1:37 p.m.10 views

Experts Find a Way to Learn What You're Typing During Video Calls

A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 11:1 a.m.45 views

5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...

Exploits0
The Hacker News
The Hacker News
added 2021/02/23 11:1 a.m.4 views

5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 10:46 a.m.139 views

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

7.8CVSS1.1AI score0.02328EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 10:46 a.m.4 views

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

7.8CVSS7.5AI score0.02328EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 7:18 a.m.111 views

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance FTA servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting...

10CVSS0.7AI score0.56686EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 7:18 a.m.9 views

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance FTA servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting...

10CVSS7.5AI score0.56686EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/22 11:21 a.m.4 views

How to Fight Business Email Compromise (BEC) with Email Authentication?

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/22 11:21 a.m.54 views

How to Fight Business Email Compromise (BEC) with Email Authentication?

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/22 11:15 a.m.79 views

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

7.8CVSS0.1AI score0.11022EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/22 11:15 a.m.4 views

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

7.8CVSS7.5AI score0.11022EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/22 7:47 a.m.148 views

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x8664 and the iPhone maker's M1 processors. However, the ultimate goal of th...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/22 7:47 a.m.4 views

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x8664 and the iPhone maker's M1 processors. However, the ultimate goal of th...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/20 4:16 p.m.56 views

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release V1.20.108 made available yesterday. Brave...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/20 4:16 p.m.7 views

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release V1.20.108 made available yesterday. Brave...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 3:8 p.m.4 views

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 3:8 p.m.217 views

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 9:18 a.m.59 views

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 9:18 a.m.4 views

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 7:25 a.m.9 views

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 7:25 a.m.60 views

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/18 10:20 a.m.78 views

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transiti...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/18 10:20 a.m.4 views

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transiti...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/18 7:26 a.m.56 views

U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist

The U.S. Department of Justice DoJ on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/18 7:26 a.m.5 views

U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist

The U.S. Department of Justice DoJ on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/17 1:29 p.m.52 views

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit SDK could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research ATR team today, which found the aforementioned...

5.9CVSS1.4AI score0.06041EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/17 1:29 p.m.4 views

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit SDK could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research ATR team today, which found the aforementioned...

5.9CVSS6.5AI score0.06041EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/17 12:2 p.m.58 views

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely. The tool — dubbed "APOMacroSploit" — is a macro exploit...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/17 12:2 p.m.5 views

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely. The tool — dubbed "APOMacroSploit" — is a macro exploit...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/17 7:11 a.m.2 views

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...

6.5CVSS7.2AI score0.01515EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/17 7:11 a.m.98 views

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...

6.5CVSS0.8AI score0.01515EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:30 p.m.172 views

Learn How to Manage and Secure Active Directory Service Accounts

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:30 p.m.4 views

Learn How to Manage and Secure Active Directory Service Accounts

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:2 p.m.42 views

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:2 p.m.3 views

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 12:33 p.m.20 views

Managed Service Provider? Watch This Video to Learn about Autonomous XDR

As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately. In the meanwhile, your clients are constantly demanding more...

Exploits0
Total number of security vulnerabilities20790