The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Examby noreply@blogger.com (Ravie Lakshmanan) on October 4, 2022 at 6:21 pm
India’s Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. “The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan,” the primary
- Popular YouTube Channel Caught Distributing Malicious Tor Browser Installerby noreply@blogger.com (Ravie Lakshmanan) on October 4, 2022 at 3:39 pm
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version
- Researchers Report Supply Chain Vulnerability in Packagist PHP Repositoryby noreply@blogger.com (Ravie Lakshmanan) on October 4, 2022 at 3:09 pm
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. “This vulnerability allows gaining control of Packagist,” SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager
- Back to Basics: Cybersecurity’s Weakest Linkby noreply@blogger.com (The Hacker News) on October 4, 2022 at 12:44 pm
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you’re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver
- BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Millionby noreply@blogger.com (Ravie Lakshmanan) on October 4, 2022 at 12:23 pm
A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- Former eBay security execs sentenced for corporate stalking campaignon October 4, 2022 at 4:19 pm
Two former eBay security executives, James Baugh and David Harville, have been sentenced to prison for their roles in a harassment campaign targeting two business journalists.
- $16.3M safety grant funds 911 dispatch improvements in North Carolinaon October 4, 2022 at 3:05 pm
Over $16 million has been awarded to North Carolina 911 dispatch centers for security technology improvements.
- Video surveillance aids security & wildlife conservation at Bristol Zooon October 4, 2022 at 1:52 pm
Leaders at the Bristol Zoo use video surveillance to identify damage to perimeter security and assist with wildlife conservation operations.
- How K-12 cybersecurity leaders can protect their schools this fallon October 4, 2022 at 4:00 am
K-12 school safety leaders can use cyber education initiatives to train students and staff to avoid cybersecurity risks.
- How to build more secure APIson October 4, 2022 at 4:00 am
Software developers are under pressure to develop programs quickly, but security professionals must work with them to make sure APIs remain secure.
Threatpost
The first stop for security news.
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseby Nate Nelson on August 26, 2022 at 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerasby Nate Nelson on August 25, 2022 at 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Weekly
Connecting the Security Industry with the Security Community
- The Unique Challenges of Companies Born in the Cloudby Bill Brenner on March 9, 2022 at 3:18 pm
There are stark differences between how to manage security policies for on-premises network environments and those that are 100% cloud-based. But many companies continue to struggle with those differences and have experienced plenty of pain as a result. It’s a challenge Rich Mogull has spent years trying to help companies navigate. Mogull, CISO at Firemon, The post The Unique Challenges of Companies Born in the Cloud appeared first on Security Weekly.
- Ransomware Damage Claims Driving Insurance Hikesby Deb Radcliff on January 12, 2022 at 11:12 pm
The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.
- Decrypt As If Your Security Depends on Itby Bill Brenner on November 2, 2021 at 5:35 pm
Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.
- DevSecOps Scanning Challenges & Tipsby Bill Brenner on October 26, 2021 at 3:57 pm
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.
- It Should Be ‘Cybersecurity Culture Month’by Bill Brenner on October 19, 2021 at 4:41 pm
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.