Cyberattacks | Breaking Cybersecurity News | The Hacker News

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access. However, cybercriminals are relentless in their pursuit of finding ways to  bypass MFA systems . One such method gaining traction is MFA spamming attacks, also known as MFA fatigue, or  MFA bombing . This article delves into MFA spamming attacks, including the best practices to mitigate this growing threat. What is MFA spamming? MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes. The objective behind this tactic is to o

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as  Sandworm  was inside telecom operator Kyivstar's systems at least since May 2023. The development was  first reported  by Reuters. The  incident , described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services for millions of customers. Soon after the incident, a Russia-linked hacking group called Solntsepyok took responsibility for the breach. Solntsepyok has been assessed to be a Russian threat group with affiliations to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), which also operates Sandworm. The advanced persistent threat (APT) actor has a track record of orchestrating  disruptive cyber attacks , with Denmark  accusing  the hacking outfit of targeting 22 energy sector companies last year. Illia Vitiuk, head of the Security Service of Ukraine'

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a  major revenue generation mechanism  since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime's ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information," cybersecurity firm Recorded Future  said  in a report shared with The Hacker News. "The privileged access to resources, technologies, information, and sometimes international travel for a small set of selected individuals with promise in mathematics and computer science equips them with the necessary skills for conducting cyber attacks against the cryptocurrency industry." The disclosure comes as the U.S. Treasury Department  imp