There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs

15 February 2022 at 13:16
Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world's professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for reliable partners that can deliver services and support

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

15 February 2022 at 14:06
Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks said in a report

Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case

16 February 2022 at 04:32
Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally collected from those users. The development was first reported byΒ Variety. <!--adsense--> The

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

16 February 2022 at 05:18
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer

EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware

16 February 2022 at 08:55
The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

16 February 2022 at 11:25
VMware on Tuesday patched severalΒ high-severityΒ vulnerabilitiesΒ impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows – <!--adsense--> CVE-

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

16 February 2022 at 14:03
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand," Check Point researchers Aliaksandr

[Webinar] When More Is Not Better: Solving Alert Overload

16 February 2022 at 15:46
The increasing volume and sophistication of cyberattacks have naturally led many companies to invest in additional cybersecurity technologies. We know that expanded threat detection capabilities are necessary for protection, but they have also led to several unintended consequences. The β€œmore is not always better” adage fits this situation perfectly. An upcoming webinar by cybersecurity company

U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors

17 February 2022 at 05:42
State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according

Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage

17 February 2022 at 07:33
The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. FirstΒ publicly documentedΒ in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in

Researchers Warn of a New Golang-based Botnet Under Continuous Development

17 February 2022 at 08:16
Cybersecurity researchers have unpacked a nascent Golang-based botnet calledΒ KrakenΒ that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim's system," threat intelligence firm

This New Tool Can Retrieve Pixelated Text from Redacted Documents

17 February 2022 at 09:16
The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling the reversal of pixelized text back into its original form. Dan Petro, a lead researcher at offensive

Getting Your SOC 2 Compliance as a SaaS Company

17 February 2022 at 13:00
If you haven't heard of theΒ term, you will soon enough. SOC 2, meaning System and Organization Controls 2, is an auditing procedure developed by the American Institute of CPAs (AICPA). Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. In other words, you have to show (e.g., document

Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data

17 February 2022 at 13:21
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking Γ  la Apple's App Tracking Transparency (ATT) framework, effectively limiting sharing of

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

18 February 2022 at 03:38
Adobe on Thursday updated its advisory for anΒ actively exploited zero-dayΒ affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. <!--adsense--> Tracked asΒ CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an "Improper Input Validation" bug

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

18 February 2022 at 05:19
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling inΒ DNSΒ name resolution that could

4 Cloud Data Security Best Practices All Businesses Should Follow Today

18 February 2022 at 06:15
These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're trusting the bulk of their privileged business data to those cloud providers, too. And while most major

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

18 February 2022 at 07:40
A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-knownΒ Log4j vulnerabilityΒ to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the monikerΒ Phosphorus

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

18 February 2022 at 08:37
Multiple security vulnerabilities have been disclosed in Canonical'sΒ SnapΒ software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. <!--adsense--> Tracked