❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 29 March 2024The Hacker News

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

By: Newsroom
29 March 2024 at 14:54
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively namedΒ UnsaflokΒ by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

By: Newsroom
29 March 2024 at 12:12
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, whichΒ emergedΒ inΒ 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

The Golden Age of Automated Penetration Testing is Here

29 March 2024 at 11:19
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

By: Newsroom
29 March 2024 at 10:49
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamedΒ WallEscapeΒ by security researcher Skyler Ferrante. It has been described as a case of improper

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

By: Newsroom
29 March 2024 at 05:37
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56

Yesterday β€” 28 March 2024The Hacker News

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

By: Newsroom
28 March 2024 at 17:02
A Linux version of a multi-platform backdoor calledΒ DinodasRATΒ has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan,Β new findingsΒ from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

By: Newsroom
28 March 2024 at 16:50
The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "

❌
❌