The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Securityby firstname.lastname@example.org (Ravie Lakshmanan) on January 18, 2021 at 6:42 am
Apple has removed a controversial feature from its macOS operating system that allowed the company’s own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called “ContentFilterExclusionList,” it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network
- Researchers Disclose Undocumented Chinese Malware Used in Recent Attacksby email@example.com (Ravie Lakshmanan) on January 18, 2021 at 6:07 am
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A
- NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolversby firstname.lastname@example.org (Ravie Lakshmanan) on January 16, 2021 at 5:11 pm
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors. “DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by
- Joker’s Stash, The Largest Carding Marketplace, Announces Shutdownby email@example.com (Ravie Lakshmanan) on January 16, 2021 at 5:35 am
Joker’s Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name “JokerStash” — said “it’s time for us to leave forever” and that “we will never ever open again,”
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- Only 3 in 10 victims of sexual harassment in Singapore report the incidenton January 18, 2021 at 3:54 pm
According to the first national survey conducted in Singapore regarding sexual harassment, two in five workers in the country report being sexually harassed at the workplace in the past five years.
- Duval County Public Schools in Florida will use half-penny tax rise toward safety and security measureson January 18, 2021 at 3:26 pm
Duval County Public Schools in Florida have a 15-year priority plan to use a half-penny sales tax increase to improve the school through safety and security measures and major renovations.
- Establishing a cybersecurity framework for your businesson January 18, 2021 at 5:00 am
Finding and implementing a cybersecurity risk framework is a challenge every organization faces. Time has shown that this endeavor almost always calls for the heavy lifting to be carried by chief information security officers (CISOs) and their staff. So where do you start?
- Why outbound email is your organization’s biggest security riskon January 18, 2021 at 5:00 am
On average, organizations experience 180 incidents involving sensitive data, or one every 12 working hours, according to Egress. The three top causes of outbound email data breaches include: the wrong recipient added, wrong file attached or replying to a phishing scam.
- NSA releases guidance on encrypted DNS in enterprise environmentson January 18, 2021 at 5:00 am
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
The first stop for security news.
- Medical Device Security: Diagnosis Criticalby Tom Spring on January 18, 2021 at 3:35 pm
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
- CES 2021 Gadgets: Worst in Privacy and Security Awardsby Becky Bracken on January 15, 2021 at 10:04 pm
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.
- Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’by Lindsey O’Donnell on January 15, 2021 at 9:47 pm
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.
- Apple Kills MacOS Feature Allowing Apps to Bypass Firewallsby Lindsey O’Donnell on January 15, 2021 at 5:02 pm
Security researchers lambasted the controversial macOS Big Sur feature for exposing users’ sensitive data.
- Google Boots 164 Apps from Play Marketplace for Shady Ad Practicesby Elizabeth Montalbano on January 15, 2021 at 4:19 pm
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.
Connecting the Security Industry with the Security Community
- Selecting the Right Brain for Your Sensorsby Matt Alderman on January 12, 2021 at 2:32 pm
The post Selecting the Right Brain for Your Sensors appeared first on Security Weekly.
- Security Awareness Training – Time for a Change in Philosophy?by Matt Alderman on December 29, 2020 at 10:13 pm
The post Security Awareness Training – Time for a Change in Philosophy? appeared first on Security Weekly.
- How Can We Vaccinate Our Networks?by Matt Alderman on December 29, 2020 at 6:59 pm
The post How Can We Vaccinate Our Networks? appeared first on Security Weekly.
- Integrating Application Security Testing Data to Drive Better Decisionsby Matt Alderman on December 7, 2020 at 2:45 pm
The post Integrating Application Security Testing Data to Drive Better Decisions appeared first on Security Weekly.
- Applying Math to Solve Risk-Based Vulnerability Managementby Matt Alderman on December 4, 2020 at 11:33 pm
The post Applying Math to Solve Risk-Based Vulnerability Management appeared first on Security Weekly.