#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Internet Safety | Breaking Cybersecurity News | The Hacker News

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Mar 15, 2024 Malvertising / Threat Intelligence
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy  Geacon , a Golang-based implementation of Cobalt Strike. "The malicious site found in the notepad++ search is distributed through an advertisement block," Kaspersky researcher Sergey Puzan  said . "Opening it, an attentive user will immediately notice an amusing inconsistency: the website address contains the line vnote, the title offers a download of Notepad‐‐ (an analog of Notepad++, also distributed as open-source software), while the image proudly shows Notepad++. In fact, the packages downloaded from here contain Notepad‐‐." The website, named vnote.fuwenkeji[.]cn, contains download links to Windows, Linux, and macOS versions of the software, with the link to the Windows variant pointing to the official  Gitee repository  containing the Notepad-- ins
Facebook To Use Your Web Browsing History for Targeted Ads, Here's How To Opt-Out Now

Facebook To Use Your Web Browsing History for Targeted Ads, Here's How To Opt-Out Now

Jun 14, 2014
Surfing the Internet?? Facebook CEO Mark Zuckerberg is watching your every move on Web, and this time even more closure. It's not surprising that Facebook collects data of its 1.3 billion users, just like everyone else, which the company has said it only holds onto your data for security and advertisement purposes. But, this would be first time when some company is using people's browsing history to deliver 'targeted Ads' on its service. The biggest social networking giant recently announced it has plans to use information from our Web browsing and app history to deliver more targeted advertisements to us. HOW IT WORKS The move will track you with every site you visit, even its a non-Facebook website. EVERY SITE?? No! No! No! The company can't track your online activity while visiting any website, but only those that have Facebook " LIKE ", " Recommend ", " Share " buttons across the web, and I think almost all have at least one included in it. Yes! Any web
Why Regulated Industries are Turning to Military-Grade Cyber Defenses

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

Jun 14, 2024Cybersecurity / Regulatory Compliance
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard their operations. Regulatory Pressures Impacting Cyber Decisions Industries such as finance, healthcare, and government are subject to strict regulatory standards, governing data privacy, security, and compliance. Non-compliance with these regulations can result in severe penalties, legal repercussions, and damage to reputation. To meet regulatory requirements and mitigate the ever-increasing risk, organizations are shifting to adopt more robust cybersecurity measures. Understanding the Increase of Threats Attacks on regulated industries have increased dramatically over the past 5 years, with o
Australian medical centre infected with Ransomware Malware demanding $4000 to Unlock

Australian medical centre infected with Ransomware Malware demanding $4000 to Unlock

Dec 10, 2012
A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers . The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. " Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort, " Mr Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre. There have been 11 similar offences in Queensland this year, according to police. David Wood, Miami Family Medical Centre's co-owner said, " We've got all the anti-virus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software ". The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records. IT security exper
cyber security

Join the Live Session: How to Automate SOC 2 & ISO 27001 Compliance

websiteVantaCompliance / Risk Management
Learn about the in-demand frameworks and how Vanta's automation can help you quickly achieve compliance.
South Carolina Bill Targets Cybercrimes with Up to 10-Year Prison Terms

South Carolina Bill Targets Cybercrimes with Up to 10-Year Prison Terms

Dec 21, 2010
Computer hackers and unauthorized informants could face up to 10 years in prison under a proposed state law designed to protect South Carolina military installations from WikiLeaks-type scandals. Charleston Republican Rep. Chip Limehouse announced on Monday that his bill, which will be considered when the legislature reconvenes next month, aims to strengthen the state's laws against computer crimes. The bill also seeks to complement federal laws by imposing additional penalties if classified or confidential information from Shaw Air Force Base, the Marine Corps' Parris Island, or other South Carolina military sites is disclosed. "It will essentially give South Carolina the means to pursue computer criminals," Limehouse said. "Our laws need to keep pace with the evolving digital landscape." Limehouse's bill builds on existing legislation that makes online fraud a felony, punishable by up to a $50,000 fine and five years in prison. Unauthorized public r
 Banks Lack Cybersecurity Measures: Top Interpol Official Raises Concerns

Banks Lack Cybersecurity Measures: Top Interpol Official Raises Concerns

Dec 20, 2010
A top Interpol chief has expressed concerns about the cybersecurity measures in banks across the region. According to Major Ali Qubaisi, the Interpol team leader for the Middle East and North Africa, and head of the Economic Crimes unit of the Qatari Interior Ministry, banks in the region are "under-protected" against cybercrime. Additionally, legislation is not keeping pace with technological advancements. In an exclusive interview with Emirates 24|7, Major Qubaisi highlighted that the protective measures adopted by Arab banks against cybercrime are insufficient. "Some of these banks are surprised by the number of crimes being committed, but that is due to a lack of protection which should be adopted in this vital sector," he stated. He emphasized that as many as 50% of Arab banks need "electronic patrols." These patrols consist of groups that work online to track and detect any attempts to penetrate a bank's systems. Major Qubaisi explained that mo
New Trojan Targets User Credentials on Popular Sites

New Trojan Targets User Credentials on Popular Sites

Dec 17, 2010
A new information-stealing Trojan, believed to be of Chinese origin, has been identified by Avira researchers. This malware targets usernames and passwords for a variety of popular websites, including YouTube, Google, and PayPal, as well as Chinese sites like Youku, Tudou, Sogou, and Soho. The stolen credentials are sent to a server in China, reinforcing the researchers' belief about its origin. Unlike typical Trojans that modify registry keys or exploit the autorun feature to ensure execution, this Trojan exhibits unique behavior. It specifically targets shortcuts on the desktop or in special folders. The Trojan duplicates itself and places copies in folders containing the linked files, often executables. It renames the original files to click_[original-file-name].exe and assigns the original file names to its copies. As a result, each time a user clicks on a shortcut, the Trojan runs. To avoid detection for as long as possible, these copies are programmed to execute the rename
Michael Calce Warns of Online Dangers at HDS Canada's Forum

Michael Calce Warns of Online Dangers at HDS Canada's Forum

Dec 17, 2010
The guest keynote speakers at technology conferences can vary in quality, but Hitachi Data Systems (HDS) Canada (NYSE: HIT) made a smart choice by inviting Michael Calce, also known as Mafiaboy, to speak at their recent Information Forum event in Toronto. Calce gained notoriety as a teenage hacker from Montreal, who became the subject of an RCMP/FBI manhunt after a massive distributed denial-of-service (DDoS) attack in 2000. This attack brought down the websites of major companies like CNN, Amazon, Dell, and Yahoo. At the forum, he recounted his youthful indiscretions and delivered a stern warning about the dangers of over-sharing in the information age. Calce began his computing journey early, receiving his first white box PC at the age of six. He was engrossed by its capabilities, particularly playing games and storing data. His first programming venture was creating an application to track his hockey card collection, reflecting his passion for the Montreal Canadiens. By age nine,
How to Spot and Avoid Clickjacking Attacks on Facebook

How to Spot and Avoid Clickjacking Attacks on Facebook

Dec 03, 2010
When you see a post on a Facebook friend's wall that seems out of character, don't be too quick to click. Posts labeled "Pictures of girls in bikinis" or "All boys can stare at it but girls cannot" might be clickjacking attacks. These attacks typically don't carry malicious payloads, but they can certainly annoy any friends who fall for them. Here's how to avoid that scenario. Usually, the post itself uses a short, provocative phrase to spark your curiosity. If you fall for the attack currently making the rounds, you'll see a warning that the content might be inappropriate and a request to confirm that you're 18 or older. Once you click the button to confirm your age, you'll encounter another embedded dialog box. This one claims a need to verify that you're human, supposedly to avoid spam bots that are "putting an extra load on our servers." The box requests that you click numbered buttons in a specific order. Clicking th
New Firefox add-on "Firesheep" - hijacks Facebook, Twitter sessions

New Firefox add-on "Firesheep" - hijacks Facebook, Twitter sessions

Oct 30, 2010 Cybersecurity / Network Security
A new Firefox add-on called "Firesheep," developed by Seattle-based freelance Web application developer Eric Butler, enables almost anyone to scan a Wi-Fi network and hijack others' access to popular services like Facebook, Twitter, and others. Butler unveiled Firesheep at the ToorCon security conference in San Diego, which occurred from October 22-24. Butler explained that he developed Firesheep to highlight the risks associated with accessing unencrypted websites via public Wi-Fi spots. While many sites secure user log-ins with HTTPS or SSL, they often do not encrypt the rest of the traffic. "This leaves the cookie, and the user, vulnerable," Butler stated in a blog post. "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." Once a hacker obtains a user's cookie, they can perform any action that the user can on the website. Firesheep can hijack sessions on several major sites, includ
Expert Insights
Cybersecurity Resources