The Hacker News | #1 Trusted Cybersecurity News Site
In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy.
Medusa Ransomware on the Rise: From Data Leaks to Multi …
Jan 12, 2024 · The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. "As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is …
THN Cybersecurity Recap: Last Week's Top Threats and Trends …
Sep 23, 2024 · THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22) Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga.
New Perfctl Malware Targets Linux Servers for Cryptocurrency …
Oct 3, 2024 · Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a …
KeePass Exploit Allows Attackers to Recover Master Passwords …
May 22, 2023 · A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in ...
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver ...
Oct 5, 2024 · Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology.. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.
Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene
Sep 19, 2024 · This is the reality healthcare faces as cybercriminals exploit people who need care. Healthcare accounted for 17.8% of all breach events and 18.2% of destructive ransomware events since 2012 1, surpassing other sectors like finance, government, and education. This alarming rise in attacks makes one thing clear: poor cybersecurity hygiene is the ...
Hackers Could Have Remotely Controlled Kia Cars Using Only …
Sep 26, 2024 · Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an ...
Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on …
Aug 29, 2023 · Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities.
Cybercriminals Exploit HTTP Headers for Credential Theft via Large ...
Sep 16, 2024 · The attacks are the latest in a long list of tactics that threat actors have employed to obfuscate their intent and trick email recipients into parting with sensitive information, including taking advantage of trending top-level domains (TLDs) and domain names to propagate phishing and redirection attacks.. The infection chains are characterized by the delivery of malicious …