Lucene search
K

20793 matches found

The Hacker News
The Hacker News
added 2020/09/04 12:37 p.m.5 views

Evilnum hackers targeting financial firms with a new Python-based RAT

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereas...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/03 8:58 a.m.30 views

(Live) Webinar – XDR and Beyond with Autonomous Breach Protection

Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/03 8:58 a.m.4 views

(Live) Webinar – XDR and Beyond with Autonomous Breach Protection

Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/03 8:36 a.m.2 views

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncover...

9.9CVSS8.2AI score0.61862EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/09/03 8:36 a.m.157 views

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncover...

9.9CVSS0.6AI score0.61862EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/09/02 8:54 a.m.4 views

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/02 8:54 a.m.29 views

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/01 9:51 a.m.3 views

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months 825 days. In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/01 9:51 a.m.24 views

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months 825 days. In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates...

Exploits0
The Hacker News
The Hacker News
added 2020/09/01 7:39 a.m.7 views

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...

8.6CVSS7.2AI score0.03631EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/09/01 7:39 a.m.62 views

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...

8.6CVSS0.7AI score0.03631EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/28 10:36 a.m.54 views

Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group,...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/28 10:36 a.m.5 views

Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group,...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/27 9:59 a.m.5 views

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/27 9:59 a.m.93 views

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/26 6:17 p.m.33 views

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware

Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's compute...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/26 6:17 p.m.7 views

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware

Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's compute...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/26 9:33 a.m.157 views

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/26 9:33 a.m.5 views

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 10:54 a.m.39 views

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

A popular iOS software development kit SDK used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 10:54 a.m.7 views

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

A popular iOS software development kit SDK used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 9:46 a.m.29 views

Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59

"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 9:46 a.m.6 views

Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59

"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 6:52 a.m.163 views

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...

9.8CVSS1.9AI score0.90039EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/08/25 6:52 a.m.5 views

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...

9.8CVSS7.8AI score0.90039EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/08/22 7:49 a.m.60 views

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/22 7:49 a.m.6 views

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 9:39 p.m.56 views

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 9:39 p.m.3 views

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

The federal prosecutors in the United States have charged Uber's former chief security officer,Joe Sullivan , for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 7:44 p.m.5 views

Hackers Target Defense Contractors' Employees By Posing as Recruiters

The United States Cybersecurity and Infrastructure Security Agency CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN ,' the advanced remo...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 7:44 p.m.134 views

Hackers Target Defense Contractors' Employees By Posing as Recruiters

The United States Cybersecurity and Infrastructure Security Agency CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN,' the advanced remot...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 6:17 p.m.5 views

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 6:17 p.m.71 views

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 5:6 p.m.87 views

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service RAS in a way i...

7.8CVSS2.1AI score0.01007EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 5:6 p.m.4 views

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service RAS in a way i...

7.8CVSS7.4AI score0.01007EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 11:59 a.m.76 views

Experts Reported Security Bug in IBM's Db2 Data Management Software

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw CVE-2020-4414, which impacts IBM Db2 V9.7, V10.1,...

5.5CVSS2.3AI score0.00351EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 11:59 a.m.5 views

Experts Reported Security Bug in IBM's Db2 Data Management Software

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw CVE-2020-4414, which impacts IBM Db2 V9.7, V10.1,...

5.1CVSS7AI score0.00328EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/19 11:36 a.m.44 views

XDR: The Next Level of Prevention, Detection and Response [New Guide]

One new security technology we keep hearing about is Extended Detection and Response XDR. This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control an...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/19 11:36 a.m.8 views

XDR: The Next Level of Prevention, Detection and Response [New Guide]

One new security technology we keep hearing about is Extended Detection and Response XDR. This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control an...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/19 10:5 a.m.3 views

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog ," the modular, multi-threaded and file-less botnet has breached more than 500 servers ...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/19 10:5 a.m.154 views

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers t...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/18 9:55 a.m.601 views

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...

9.4CVSS0.2AI score0.11138EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/18 9:55 a.m.3 views

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...

9.4CVSS7.5AI score0.11138EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/17 12:45 p.m.8 views

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/17 12:45 p.m.43 views

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/17 10:20 a.m.5 views

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/17 10:20 a.m.48 views

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/13 1:9 p.m.5 views

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE ,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/13 1:9 p.m.31 views

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/13 9:59 a.m.5 views

Amazon Alexa Bugs Could've Let Hackers Install Malicious Skills Remotely

Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today...

5.7AI score
Exploits0
Total number of security vulnerabilities20793