Lucene search
K

20791 matches found

The Hacker News
The Hacker News
added 2021/02/04 10:20 a.m.51 views

Why Human Error is #1 Cyber Security Threat to Businesses in 2021

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 10:20 a.m.4 views

Why Human Error is #1 Cyber Security Threat to Businesses in 2021

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 8:36 a.m.6 views

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A...

8.1CVSS8.1AI score0.02636EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/02/04 8:36 a.m.112 views

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A...

8.1CVSS1.7AI score0.02636EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/02/03 2:0 p.m.43 views

Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question — including...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/03 2:0 p.m.3 views

Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question — including...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/03 11:31 a.m.4 views

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws CVE-2021-25274 and CVE-2021-25275 were identified in...

10CVSS8.1AI score0.36426EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/02/03 11:31 a.m.330 views

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws CVE-2021-25274 and CVE-2021-25275 were identified in...

10CVSS9.5AI score0.36426EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/02/03 11:6 a.m.34 views

Guide: How Security Consolidation Helps Small Cybersecurity Teams

The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions—from different vendors—creating a layered security infrastructure that introduces new challenges to any team, with a much more...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/03 11:6 a.m.4 views

Guide: How Security Consolidation Helps Small Cybersecurity Teams

The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions—from different vendors—creating a layered security infrastructure that introduces new challenges to any team, with a much more...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/03 10:43 a.m.36 views

A New Linux Malware Targeting High-Performance Computing Clusters

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands o...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/03 10:43 a.m.3 views

A New Linux Malware Targeting High-Performance Computing Clusters

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands o...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 2:0 p.m.2 views

Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 2:0 p.m.57 views

Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 10:28 a.m.86 views

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

The Office of the Washington State Auditor SAO on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerabilit...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 10:28 a.m.4 views

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

The Office of the Washington State Auditor SAO on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerabilit...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 10:13 a.m.4 views

Sigma Rules to Live Your Best SOC Life

Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 10:13 a.m.53 views

Sigma Rules to Live Your Best SOC Life

Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security...

Exploits0
The Hacker News
The Hacker News
added 2021/02/02 5:28 a.m.55 views

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices

SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access SMA 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v, came to light after the NCC Group on...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 5:28 a.m.4 views

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices

SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access SMA 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v, came to light after the NCC Group on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 12:13 p.m.120 views

A New Software Supply‑Chain Attack Targeted Millions With Spyware

Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 12:13 p.m.3 views

A New Software Supply‑Chain Attack Targeted Millions With Spyware

Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 11:43 a.m.43 views

LIVE Webinar: Major Lessons to be Learned from Top Cyber Attacks in 2020

We likely all agree that 2020 was a year we won't soon forget - for many reasons. One area particularly impacted last year was and continues to be cybersecurity. While Internet access allowed many businesses to continue functioning during the COVID-19 stay at home requirements, the unprecedented...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 11:43 a.m.6 views

LIVE Webinar: Major Lessons to be Learned from Top Cyber Attacks in 2020

We likely all agree that 2020 was a year we won't soon forget - for many reasons. One area particularly impacted last year was and continues to be cybersecurity. While Internet access allowed many businesses to continue functioning during the COVID-19 stay at home requirements, the unprecedented...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 11:15 a.m.6 views

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke , the...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 11:15 a.m.2950 views

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the...

9.8CVSS0.5AI score0.99993EPSS
Exploits64
The Hacker News
The Hacker News
added 2021/02/01 7:14 a.m.49 views

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 7:14 a.m.6 views

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.39 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.4 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor ," the improved sandbox system for iMessage data was...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 12:12 p.m.61 views

New CISOs Survey Reveals How Small Cybersecurity Teams Can Confront 2021

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same relative damages and consequences when breaches occur as the largest enterprises but are...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 12:12 p.m.5 views

New CISOs Survey Reveals How Small Cybersecurity Teams Can Confront 2021

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same relative damages and consequences when breaches occur as the largest enterprises but are...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 10:8 a.m.5 views

Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide

A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan RAT to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 10:8 a.m.348 views

Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide

A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan RAT to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli...

10CVSS1.8AI score0.99913EPSS
Exploits33
The Hacker News
The Hacker News
added 2021/01/28 1:44 p.m.7 views

Italy CERT Warns of a New Credential Stealing Android Malware

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed "Oscorp" by Italy's CERT-AGID and spotted by AddressIntel, the malware "induces the user to install an accessibility service wi...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/28 1:44 p.m.62 views

Italy CERT Warns of a New Credential Stealing Android Malware

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed "Oscorp" by Italy's CERT-AGID and spotted by AddressIntel, the malware "induces the user to install an accessibility service wi...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/28 10:26 a.m.22 views

Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware

U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/28 10:26 a.m.5 views

Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware

U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/28 9:23 a.m.3 views

European Authorities Disrupt Emotet — World's Most Dangerous Malware

Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet , a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed "Operation...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/28 9:23 a.m.71 views

European Authorities Disrupt Emotet — World's Most Dangerous Malware

Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed "Operation...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 3:1 p.m.5 views

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 3:1 p.m.36 views

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 1:59 p.m.41 views

Warning Issued Over Hackable ADT's LifeShield Home Security Cameras

Newly discovered security vulnerabilities in ADT's Blue formerly LifeShield home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities tracked as CVE-2020-8101 were identified in the video doorbell camera by Bitdefender researchers in February 2020...

8.8CVSS0.6AI score0.01219EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 1:59 p.m.9 views

Warning Issued Over Hackable ADT's LifeShield Home Security Cameras

Newly discovered security vulnerabilities in ADT's Blue formerly LifeShield home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities tracked as CVE-2020-8101 were identified in the video doorbell camera by Bitdefender researchers in February 2020...

8.8CVSS7.5AI score0.01219EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 12:58 p.m.3 views

New Attack Could Let Remote Hackers Target Devices On Internal Networks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack CVE-2020-16043 and CVE-2021-23961 builds on the previously disclose...

8.8CVSS7.7AI score0.01323EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 12:58 p.m.98 views

New Attack Could Let Remote Hackers Target Devices On Internal Networks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack CVE-2020-16043 and CVE-2021-23961 builds on the previously disclose...

8.8CVSS0.8AI score0.01323EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 11:9 a.m.48 views

Top Cyber Attacks of 2020

With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting o...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 11:9 a.m.6 views

Top Cyber Attacks of 2020

With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting o...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 10:18 a.m.2 views

Using the Manager Attribute in Active Directory (AD) for Password Resets

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 10:18 a.m.35 views

Using the Manager Attribute in Active Directory (AD) for Password Resets

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...

0.3AI score
Exploits0
Total number of security vulnerabilities20791