The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerabilityby noreply@blogger.com (Ravie Lakshmanan) on September 25, 2021 at 6:39 am
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that’s known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and “perform a seamless transition to a new state, where the
- SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devicesby noreply@blogger.com (Ravie Lakshmanan) on September 25, 2021 at 5:41 am
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an
- A New APT Hacker Group Spying On Hotels and Governments Worldwideby noreply@blogger.com (Ravie Lakshmanan) on September 25, 2021 at 5:16 am
A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the
- Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Daysby noreply@blogger.com (Ravie Lakshmanan) on September 25, 2021 at 4:58 am
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group’s Pegasus surveillance tool to target iPhone users. <!–adsense–> Chief among them is CVE-2021-30869, a type confusion flaw
- Google Warns of a New Way Hackers Can Make Malware Undetectable on Windowsby noreply@blogger.com (Ravie Lakshmanan) on September 25, 2021 at 4:57 am
Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. “Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products,” Google
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- Insurance digitalization spawns increase in identity fraud, report findson September 24, 2021 at 6:09 pm
Combining security strategies could reduce the risk of fraud, which has only risen since the start of the COVID-19 pandemic. A new report suggests steps insurance carriers can take to ensure their security plan works to combat identity fraud.
- Ellen K. Tannor joins OSAC as Executive Directoron September 24, 2021 at 4:12 pm
Ellen K. Tannor has been named Executive Director at the Overseas Security Advisory Council (OSAC).
- CISA releases de-escalation training series for critical infrastructure operatorson September 24, 2021 at 4:00 pm
The Cybersecurity and Infrastructure Security Agency created a new de-escalation series to help critical infrastructure owners and operators recognize, assess, de-escalate and report behaviors that raise concern.
- 5 minutes with David Bradbury – Hiring globally to prevent security burnouton September 24, 2021 at 3:00 pm
Increasing workloads and attacks on organizations are a major source of burnout among security professionals. David Bradbury, Chief Security Officer at Okta, explains how hiring globally can help reduce the burden on security employees that are already overworked.
- Creating a culture of security for social butterflieson September 24, 2021 at 2:15 pm
Ensure your employees understand the security risks of social media, provide awareness training and implement best practice policies for smarter socializing.
Threatpost
The first stop for security news.
- Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwordsby Lisa Vaas on September 24, 2021 at 6:46 pm
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
- TangleBot Malware Reaches Deep into Android Device Functionsby Tara Seals on September 24, 2021 at 3:48 pm
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
- Critical Cisco Bugs Allow Code Execution on Wireless, SD-WANby Tara Seals on September 24, 2021 at 2:01 pm
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
- Apple Patches 3 More Zero-Days Under Active Attackby Elizabeth Montalbano on September 24, 2021 at 11:29 am
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
- REvil Affiliates Confirm: Leadership Were Cheating Dirtbagsby Lisa Vaas on September 23, 2021 at 11:00 pm
After news of REvil’s rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in “Hackers Court.”
Security Weekly
Connecting the Security Industry with the Security Community
- Building a More Secure AppDev Processby Bill Brenner on September 20, 2021 at 8:52 pm
Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft. Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development. Data from The post Building a More Secure AppDev Process appeared first on Security Weekly.
- Web App and API Security Needs to Be Modernized: Here’s Howby Bill Brenner on August 31, 2021 at 10:25 pm
Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data The post Web App and API Security Needs to Be Modernized: Here’s How appeared first on Security Weekly.
- How The Best Defense Gets Better: Part 2by Bill Brenner on August 5, 2021 at 7:21 pm
For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from everyone else. It doesn’t have to be that way. Advanced security teams have learned that The post How The Best Defense Gets Better: Part 2 appeared first on Security Weekly.
- Diversifying Cybersecurity Talent Through Aptitude Testingby Deb Radcliff on July 20, 2021 at 9:38 pm
With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.That’s what the University of Maryland did The post Diversifying Cybersecurity Talent Through Aptitude Testing appeared first on Security Weekly.
- Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environmentsby Matt Alderman on June 30, 2021 at 3:02 pm
In 2020, cyber criminals used cloud applications, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain. How do we prevent these criminals from injecting chaos into our hybrid work environments? As The post Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments appeared first on Security Weekly.