Security
Headlines
HeadlinesLatestCVEs

Source

The Hacker News

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/AhpTI3xcGPs" height="1" width="1" alt=""/>

The Hacker News
#The Hacker News
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/nI_vQihlxnA" height="1" width="1" alt=""/>

New Android Malware Targeting US, Canadian Users with COVID-19 Lures

An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of an ongoing campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot." &lt;!--adsense--&gt; "The<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/onZZ-BuixwQ" height="1" width="1" alt=""/>

Why You Should Consider QEMU Live Patching

Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/Q0tJHjYUBvY" height="1" width="1" alt=""/>

Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/wX0ySGIpjl0" height="1" width="1" alt=""/>

New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.  Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xeFHS3DnjBY" height="1" width="1" alt=""/>

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/oor8QBAgjtY" height="1" width="1" alt=""/>

How Cynet's Response Automation Helps Organizations Mitigate Cyber Threats

One of the determining factors of how much damage a cyber-attack cause is how fast organizations can respond to it. Time to response is critical for security teams, and it is a major hurdle for leaner teams. To help improve this metric and enhance organizations’ ability to respond to attacks quickly, many endpoint detection and response (EDR) and extended detection and response (XDR) vendors<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/ksXg3mvAbC0" height="1" width="1" alt=""/>

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/lEF7-AJSuc0" height="1" width="1" alt=""/>

The Gap in Your Zero Trust Implementation

Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/TD8dPwSf7Ds" height="1" width="1" alt=""/>