The Hackers News

Microsoft Exchange Cyber Attack — What Do We Know So Far?

5 hours 54 minutes ago
Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious
Ravie Lakshmanan

Google Will Use 'FLoC' for Ad Targeting Once 3rd-Party Cookies Are Dead

8 hours 39 minutes ago
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while
Ravie Lakshmanan

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

8 hours 39 minutes ago
Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared
Ravie Lakshmanan

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

8 hours 40 minutes ago
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals an active malware campaign targeting organizations in South Asia that utilize malicious
Ravie Lakshmanan

Bug in Apple's Find My Feature Could've Exposed Users' Location Histories

2 days 23 hours ago
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link (
Ravie Lakshmanan

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

3 days ago
In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members — including usernames, email addresses, and hashed passwords — publicly
Ravie Lakshmanan

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

3 days 4 hours ago
As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions.  However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests + Courses Bundle helps you get certified faster, with 43 hours of video content and over 1,000
The Hacker News

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

3 days 6 hours ago
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.  Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of
Ravie Lakshmanan

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

3 days 9 hours ago
Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of "active exploitation" of the vulnerabilities. <!--adsense--> The alert comes on the heels of Microsoft's disclosure that China-based hackers were
Ravie Lakshmanan

Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions

4 days 9 hours ago
Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and
Ravie Lakshmanan

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

4 days 9 hours ago
Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an "
Ravie Lakshmanan

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

5 days 5 hours ago
The attack surface is virtually expanding before our eyes. Protecting assets across multiple locations, with multiple solutions from different vendors, has become a daily concern for CISOs globally.  In a new e-book recently published (download here), CISOs with small security teams talk about the drivers for replacing their EDR/NGAV solutions with an Autonomous XDR solution and why they believe
The Hacker News

A $50,000 Bug Could've Allowed Hackers Access Any Microsoft Account

5 days 5 hours ago
Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users' accounts without their knowledge. Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit security code that's sent to a user's email address or mobile number to corroborate his (or her)
Ravie Lakshmanan

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

5 days 8 hours ago
Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access
Ravie Lakshmanan

New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3

5 days 9 hours ago
A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its
Ravie Lakshmanan

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

6 days 1 hour ago
SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the
Ravie Lakshmanan

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

6 days 7 hours ago
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today. "In recent years
Ravie Lakshmanan

SolarWinds Blames Intern for 'solarwinds123' Password Lapse

6 days 7 hours ago
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.  The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the
Ravie Lakshmanan

Why do companies fail to stop breaches despite soaring IT security investment?

1 week ago
Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.3
The Hacker News

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

1 week ago
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated
Ravie Lakshmanan
Checked
4 hours 57 minutes ago
The Hackers News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
Subscribe to The Hackers News feed