There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

Former Twitter Employee Found Guilty of Spying for Saudi Arabia

10 August 2022 at 15:12
A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, BloombergΒ reportedΒ Tuesday. He faces up to 20 years in prison when sentenced. TheΒ verdictΒ comes nearly three years

GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions

11 August 2022 at 06:07
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories,"

Critical Flaws Disclosed in Device42 IT Asset Management Software

11 August 2022 at 09:23
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platformΒ Device42Β that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with anΒ LFI) or obtain full access to the

What the Zola Hack Can Teach Us About Password Security

11 August 2022 at 10:10
Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known asΒ credential

Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

11 August 2022 at 10:21
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. TheΒ new findingsΒ come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under theΒ constellation-themed monikerΒ 

Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang

11 August 2022 at 15:04
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco TalosΒ saidΒ in a detailed write-up.

Conti Cybercrime Cartel Using 'BazarCall' Phishing Attacks as Initial Attack Vector

11 August 2022 at 17:52
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntelΒ saidΒ in a Wednesday report.

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

12 August 2022 at 06:14
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on ThursdayΒ addedΒ two flaws to itsΒ Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925Β (CVSS score: 7.2)

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

12 August 2022 at 08:10
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies β€” things like packet switching and TCP/IP β€” gave much consideration to the need to secure the

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

12 August 2022 at 08:14
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifierΒ CVE-2022-20866Β (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)

Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger

12 August 2022 at 09:09
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the

U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang

12 August 2022 at 10:30
The U.S. State Department on ThursdayΒ announcedΒ a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other alleged members have been referred to as "Tramp," "Dandis," "Professor," and "

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

12 August 2022 at 12:20
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

12 August 2022 at 20:02
A security feature bypass vulnerability has been uncovered in three signed third-party Unified ExtensibleΒ Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader
Yesterday β€” 13 August 2022The Hacker News

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

13 August 2022 at 12:41
A pair of reports from cybersecurity firmsΒ SEKOIAΒ andΒ Trend MicroΒ sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the
Today β€” 14 August 2022The Hacker News

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

14 August 2022 at 07:11
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and
  • There are no more articles