There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

19 October 2021 at 12:03
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence toΒ TA505, which is the name assigned to the financially motivated threat

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

19 October 2021 at 06:11
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked asΒ LyceumΒ (aka

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

18 October 2021 at 16:00
Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you can just run a command line to install

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting

18 October 2021 at 08:21
Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."Β  "From malign operations against local health providers that endanger patient care, to

Is Your Data Safe? Check Out Some Cybersecurity Master Classes

18 October 2021 at 06:30
Since cybersecurity is definitely an issue that’s here to stay, I’ve just checked out the recently released first episodes of Cato NetworksΒ Cybersecurity Master Class Series.Β  According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

18 October 2021 at 06:49
REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. The development, firstΒ spottedΒ by Recorded Future'sΒ Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking

Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021

18 October 2021 at 05:53
Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this yearΒ includedΒ Google Chrome running on Windows 10 21H1, Apple Safari running on Macbook Pro, Adobe

Attackers Behind Trickbot Expanding Malware Distribution Channels

15 October 2021 at 14:40
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak),

Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages

15 October 2021 at 14:23
A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva. The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers connected to an

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

15 October 2021 at 14:10
The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021. "This activityβ€”which includes attempts to compromise system integrity via unauthorized accessβ€”threatens the ability of WWS facilities to provide

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

14 October 2021 at 16:30
Google's Threat Analysis Group (TAG) on ThursdayΒ saidΒ it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33% increase from 2020, the internet giant said, with the spike largelyΒ stemmingΒ from "blocking an

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

14 October 2021 at 16:16
Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been

VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples

14 October 2021 at 14:48
As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed. Google's cybersecurity arm VirusTotal attributed a

The Ultimate SaaS Security Posture Management (SSPM) Checklist

14 October 2021 at 16:20
Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

14 October 2021 at 14:27
A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled

Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets

13 October 2021 at 13:06
A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following

[eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams

13 October 2021 at 12:52
The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today’s business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It’s not an overstatement to say that most companies today run on SaaS. This poses an

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack

13 October 2021 at 05:49
Microsoft on Tuesday rolled outΒ security patchesΒ to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 are rated Important

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

12 October 2021 at 09:02
The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows β€” CVE-2021-41830Β /Β CVE-2021-25633Β - Content and Macro Manipulation with