πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡The Hacker News

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

By: Ravie Lakshmanan β€”
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, ZimperiumΒ saidΒ in a report shared with
βœ‡The Hacker News

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

By: Ravie Lakshmanan β€”
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region,Β said. "And no customer account data was involved." <!--adsense--> It
βœ‡The Hacker News

Want More Secure Software? Start Recognizing Security-Skilled Developers

By: The Hacker News β€”
Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable β€œdigital gold”. Attackers are constantly
βœ‡The Hacker News

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

By: Ravie Lakshmanan β€”
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit calledΒ ImpacketΒ to gain their foothold within the environment and further compromise the
βœ‡The Hacker News

Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison

By: Ravie Lakshmanan β€”
A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after theΒ Canadian national pleaded guiltyΒ to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law
βœ‡The Hacker News

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

By: Ravie Lakshmanan β€”
Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamedΒ ProxyNotShellΒ due to similarities to another set of flaws calledΒ ProxyShell, which the tech giant resolved last year.
βœ‡The Hacker News

Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam

By: Ravie Lakshmanan β€”
India's Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary
βœ‡The Hacker News

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

By: Ravie Lakshmanan β€”
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. KasperskyΒ dubbedΒ the campaignΒ OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version
βœ‡The Hacker News

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

By: Ravie Lakshmanan β€”
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control ofΒ Packagist," SonarSource researcher Thomas ChauchefoinΒ saidΒ in a report shared with The Hacker News. Packagist is used by the PHP package manager
βœ‡The Hacker News

Back to Basics: Cybersecurity's Weakest Link

By: The Hacker News β€”
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.Β  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver
βœ‡The Hacker News

BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

By: Ravie Lakshmanan β€”
A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after
βœ‡The Hacker News

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

By: Ravie Lakshmanan β€”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability
βœ‡The Hacker News

ProxyNotShell – the New Proxy Hell?

By: The Hacker News β€”
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to
βœ‡The Hacker News

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

By: Ravie Lakshmanan β€”
Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of aΒ data breachΒ late last month. The company alsoΒ saidΒ it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it
βœ‡The Hacker News

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

By: Ravie Lakshmanan β€”
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the
βœ‡The Hacker News

Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers

By: Ravie Lakshmanan β€”
The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been outed as a handiwork of a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor
βœ‡The Hacker News

Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

By: Ravie Lakshmanan β€”
The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)
βœ‡The Hacker News

Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government

By: Ravie Lakshmanan β€”
A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer
βœ‡The Hacker News

Pay What You Want for This Collection of White Hat Hacking Courses

By: The Hacker News β€”
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get intoΒ white hat hacking. That said, picking up the necessary knowledge to build aΒ new careerΒ can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer:Β pay what you wantΒ for one video course, and
❌