Security
Headlines
HeadlinesLatestCVEs

Tag

#The Hacker News

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,

The Hacker News
#web#windows#google#microsoft#git#c++#botnet#sap#The Hacker News
Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages (DM) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet. The statement comes days after the microblogging service announced it officially entered into

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN

U.S Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. <!--adsense--> That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand

CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."  "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS

QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available

Network-attached storage (NAS) appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), allowing Unix-like operating systems to serve as file servers for Apple macOS computers. <!-

[eBook] Your First 90 Days as MSSP: 10 Steps to Success

Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we’ve seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren’t just focusing their efforts on supply chains.For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State Department's Rewards for Justice Program