The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Gootkit Malware Continues to Evolve with New Components and Obfuscationsby info@thehackernews.com (The Hacker News) on January 29, 2023 at 5:47 am
The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit, also called Gootloader, is spread through compromised websites that
- Microsoft Urges Customers to Secure On-Premises Exchange Serversby info@thehackernews.com (The Hacker News) on January 28, 2023 at 10:42 am
Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the tech giant’s Exchange Team said in a post. “There are too many
- Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Chargeby info@thehackernews.com (The Hacker News) on January 28, 2023 at 10:41 am
The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization’s data is a difficult task. Understanding the risks that
- ISC Releases Security Patches for New BIND DNS Software Vulnerabilitiesby info@thehackernews.com (The Hacker News) on January 28, 2023 at 7:55 am
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures,” the U.S. Cybersecurity
- Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attackby info@thehackernews.com (The Hacker News) on January 28, 2023 at 5:49 am
Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “Once executed it deletes shadow
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- NIST creates new risk management framework to build trust in AIon January 27, 2023 at 7:53 pm
The National Institute of Standards and Technology released an AI risk management framework to help companies safely navigate the use of AI.
- US DOJ busts ransomware hive, saves victims $130 million in ransomon January 27, 2023 at 4:01 pm
US DOJ announced the infiltration of the Hive ransomware group that has targeted more than 1,500 victims in more than 80 countries around the world.
- Security leaders share Data Privacy Week thoughts and adviceon January 27, 2023 at 2:00 pm
This Data Privacy Week, security leaders have shared both thoughts and advice on how best to protect personal information as digital data increases.
- Protecting data centers by layering physical security entranceson January 27, 2023 at 1:15 pm
Physical security helps prevent unauthorized persons from entering data facilities to steal intellectual property or harm people or property.
- 5 strategies for hotel & casino worker safetyon January 27, 2023 at 1:15 pm
Hospitality security leaders should focus on emergency plans, incident reporting and employee communication when looking to improve worker safety.
Threatpost
The first stop for security news.
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseby Nate Nelson on August 26, 2022 at 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerasby Nate Nelson on August 25, 2022 at 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Weekly
Connecting the Security Industry with the Security Community
- Feed has no items.