Security
Headlines
HeadlinesLatestCVEs

Tag

#The Hacker News

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said

The Hacker News
#web#apple#google#auth#chrome#firefox#The Hacker News
Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik

Expert Tips on How to Spot a Phishing Link

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include - Wuta Camera - Nice Shot Always (com.benqu.wuta) - 10+ million

U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and