The Hacker News

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

53 minutes 20 seconds ago
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework
Ravie Lakshmanan

Hackers Turning to 'Exotic' Programming Languages for Malware Development

1 hour 15 minutes ago
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of
Ravie Lakshmanan

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

2 hours 41 minutes ago
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory
Ravie Lakshmanan

BIMI: A Visual Take on Email Authentication and Security

3 hours 50 minutes ago
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify
The Hacker News

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

8 hours 35 minutes ago
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared
Ravie Lakshmanan

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

8 hours 41 minutes ago
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense--> "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the
Ravie Lakshmanan

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

1 day 2 hours ago
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords
The Hacker News

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

1 day 3 hours ago
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known
Ravie Lakshmanan

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

1 day 10 hours ago
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual
Ravie Lakshmanan

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

1 day 22 hours ago
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been
Ravie Lakshmanan

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code

3 days 23 hours ago
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no
The Hacker News

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

4 days 9 hours ago
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent
Ravie Lakshmanan

APT Hackers Distributed Android Trojan via Syrian e-Government Portal

5 days 1 hour ago
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu
Ravie Lakshmanan

Reduce End-User Password Change Frustrations

5 days 3 hours ago
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for
The Hacker News

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

5 days 5 hours ago
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without
Ravie Lakshmanan

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

5 days 5 hours ago
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish
Ravie Lakshmanan

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

5 days 7 hours ago
A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and
Ravie Lakshmanan

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

5 days 10 hours ago
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of
Ravie Lakshmanan

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

5 days 10 hours ago
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any
Ravie Lakshmanan

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

5 days 10 hours ago
Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT
Ravie Lakshmanan
Checked
10 minutes 11 seconds ago
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
The Hacker News Subscribe to The Hacker News feed

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer