Lucene search
K

20793 matches found

The Hacker News
The Hacker News
added 2020/12/08 5:44 a.m.130 views

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks

The US National Security Agency NSA on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMwar...

9.1CVSS1.1AI score0.23771EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 2:39 p.m.2 views

Iranian RANA Android Malware Also Spies On Instant Messengers

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 2:39 p.m.48 views

Iranian RANA Android Malware Also Spies On Instant Messengers

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 10:47 a.m.2 views

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization's...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 10:47 a.m.33 views

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization's...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 9:0 a.m.44 views

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News,...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/07 9:0 a.m.3 views

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News,...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 9:20 a.m.35 views

Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine col...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 9:20 a.m.3 views

Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine col...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 8:14 a.m.5 views

How Organizations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 8:14 a.m.123 views

How Organizations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 8:6 a.m.41 views

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/04 8:6 a.m.3 views

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.89 views

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...

8.8CVSS8.6AI score0.02883EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.71 views

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.7 views

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.6 views

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...

8.8CVSS7.7AI score0.02883EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/12/02 12:8 p.m.39 views

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/02 12:8 p.m.3 views

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/02 9:20 a.m.484 views

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as...

10CVSS0.4AI score0.99997EPSS
Exploits43
The Hacker News
The Hacker News
added 2020/12/02 9:20 a.m.4 views

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as...

10CVSS7.8AI score0.99997EPSS
Exploits43
The Hacker News
The Hacker News
added 2020/12/02 7:47 a.m.39 views

CISO with a small security team? Learn from your peers' experience with this free e-book

CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communication...

Exploits0
The Hacker News
The Hacker News
added 2020/12/02 7:47 a.m.4 views

CISO with a small security team? Learn from your peers' experience with this free e-book

CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communication...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/02 7:18 a.m.657 views

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

9.3CVSS8.1AI score0.1652EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/12/02 7:18 a.m.8 views

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

9.3CVSS8AI score0.03475EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/12/01 2:13 p.m.31 views

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access...

Exploits0
The Hacker News
The Hacker News
added 2020/12/01 2:13 p.m.4 views

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 8:54 a.m.42 views

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 8:54 a.m.5 views

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 8:24 a.m.5 views

4 Free Online Cyber Security Testing Tools For 2021

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 8:24 a.m.59 views

4 Free Online Cyber Security Testing Tools For 2021

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 7:37 a.m.5 views

Indian National Gets 20-Year Jail in United States for Running Scam Call Centers

An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel aka Hitesh Hinglaj, who hails from the city of...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 7:37 a.m.36 views

Indian National Gets 20-Year Jail in United States for Running Scam Call Centers

An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel aka Hitesh Hinglaj, who hails from the city of...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/30 12:52 p.m.59 views

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/30 12:52 p.m.5 views

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/27 8:17 a.m.6 views

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/27 8:17 a.m.58 views

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/26 6:53 a.m.50 views

Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF

Many of us here would love to turn hacking into a full-time career. To make that dream come true, you need to master your subject and earn some key certifications. To speed up this process, you might want to take a little guidance from the experts. Featuring 98 hours of content from top...

Exploits0
The Hacker News
The Hacker News
added 2020/11/26 6:53 a.m.4 views

Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF

Many of us here would love to turn hacking into a full-time career. To make that dream come true, you need to master your subject and earn some key certifications. To speed up this process, you might want to take a little guidance from the experts. Featuring 98 hours of content from top...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/26 6:17 a.m.4 views

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/26 6:17 a.m.47 views

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/25 7:14 a.m.83 views

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication 2FA protection on an account. The issue, tracked as "SEC-575" and discovered...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/25 7:14 a.m.4 views

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication 2FA protection on an account. The issue, tracked as "SEC-575" and discovered...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/25 6:36 a.m.5 views

China's Baidu Android Apps Caught Collecting Sensitive User Data

Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box —were found to collect device identifiers, such as the...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/25 6:36 a.m.65 views

China's Baidu Android Apps Caught Collecting Sensitive User Data

Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/24 2:56 p.m.35 views

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/24 2:56 p.m.4 views

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/24 7:8 a.m.181 views

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the...

9.1CVSS2.1AI score0.23771EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/11/24 7:8 a.m.3 views

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the...

9.1CVSS7.6AI score0.23771EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/11/23 8:1 a.m.4 views

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS Domain Name System related outage and Distributed denial of service DDoS lead a negative impact on...

6AI score
Exploits0
Total number of security vulnerabilities20793