🦜 The Hacker News | #1 Trusted Cybersecurity News Site
@thehackernews.com.m.1@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis.
Your feed and you don't want it here? Just
e-mail the birb.
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html
Published: October 12, 2024 05:06
The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation.
The law enforcement action – codenamed…
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html
Published: October 11, 2024 17:13
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among…
How Hybrid Password Attacks Work and How to Defend Against Them
https://thehackernews.com/2024/10/how-hybrid-password-attacks-work-and.html
Published: October 11, 2024 11:00
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit…
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html
Published: October 11, 2024 08:34
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target…
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html
Published: October 11, 2024 06:29
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary…
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
https://thehackernews.com/2024/10/bohemia-and-cannabia-dark-web-markets.html
Published: October 11, 2024 06:01
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.
The takedown is the result of a collaborative…
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html
Published: October 10, 2024 13:27
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year.
This activity encompassed debugging malware, writing articles…
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html
Published: October 10, 2024 12:10
Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.
The flaw, assigned the CVE identifier…
6 Simple Steps to Eliminate SOC Analyst Burnout
https://thehackernews.com/2024/10/6-simple-steps-to-eliminate-soc-analyst.html
Published: October 10, 2024 11:00
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing…
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html
Published: October 10, 2024 07:18
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.
"At first glance, the thing that stood out was the script's obfuscation, which seemed a…
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html
Published: October 10, 2024 05:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability,…
Firefox Zero-Day Under Attack: Update Your Browser Immediately
https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html
Published: October 10, 2024 04:24
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the…
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale
https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html
Published: October 9, 2024 17:00
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams.
The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create…
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
https://thehackernews.com/2024/10/researchers-uncover-major-security.html
Published: October 9, 2024 15:33
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments.
"The vulnerabilities could…
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html
Published: October 9, 2024 13:33
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret.
The activity cluster, tracked as CL-STA-0240, is part of a…
Social Media Accounts: The Weak Link in Organizational SaaS Security
https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html
Published: October 9, 2024 11:00
Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many…
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild
https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html
Published: October 9, 2024 06:53
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are…
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html
Published: October 9, 2024 04:22
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic.
The end goal of the campaigns are broad and…
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
Published: October 8, 2024 16:38
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched…
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html
Published: October 8, 2024 16:26
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads.
"These attacks capitalize on the popularity of Lua gaming engine…
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html
Published: October 8, 2024 11:17
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho.
"The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had…
New Case Study: The Evil Twin Checkout Page
https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html
Published: October 8, 2024 10:58
Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here.
The Invisible Threat in Online Shopping
When is…
The Value of AI-Powered Identity
https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html
Published: October 8, 2024 10:10
Introduction
Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed…
GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets
https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html
Published: October 8, 2024 09:21
A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets.
Victims included a South…
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday
https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html
Published: October 8, 2024 05:49
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters.
The incident took place on the night of October 7, VGTRK confirmed,…
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html
Published: October 8, 2024 04:07
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS…
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html
Published: October 7, 2024 11:25
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales…
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless
https://thehackernews.com/2024/10/modernization-of-authentication-webinar.html
Published: October 7, 2024 10:05
The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations…
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html
Published: October 7, 2024 09:59
Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code.
Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued…
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Published: October 7, 2024 09:30
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.
The flaw, tracked as CVE-2024-47561, impacts all…
THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)
https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html
Published: October 7, 2024 09:16
Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans.
Get the scoop before it's too late!
⚡…
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html
Published: October 7, 2024 09:15
Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.
The enhanced fraud protection feature aims to keep…
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html
Published: October 7, 2024 06:32
Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious…
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html
Published: October 5, 2024 04:50
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology.
The vulnerability, tracked as CVE-2024-44204, has been described as a…
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html
Published: October 4, 2024 13:06
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.
"The Russian government ran this…
How to Get Going with CTEM When You Don't Know Where to Start
https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html
Published: October 4, 2024 09:53
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery,…
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html
Published: October 4, 2024 09:50
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
The web infrastructure and security company said it fended off "over one hundred…
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
Published: October 4, 2024 09:11
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.
The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has…