#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Online Safety | Breaking Cybersecurity News | The Hacker News

Category — Online Safety
Expert Tips on How to Spot a Phishing Link

Expert Tips on How to Spot a Phishing Link

Sep 25, 2024 Cyber Awareness / Threat Detection
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination and mislead users.  The first step in protecting yourself is to inspect the URL carefully. Always ensure it begins with "HTTPS," as the "s" indicates a secure connection using an SSL certificate.  However, keep in mind that SSL certificates alone are not enough. Cyber attackers have increasingly used legitimate-looking HTTPS links to distribute malicious content. This is why you should be suspicious of links that are overly complex or look like a jumble of characters.  Tools like ANY.RUN's Safebrowsing allow users to check suspicious links in a secure and isolated environment w
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Sep 23, 2024 Encryption / Data Protection
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE , short for Discord's audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to be migrated to use DAVE. That said, it's worth noting that messages on Discord will remain unencrypted and are subject to its content moderation approach. "When we consider adding new privacy features like E2EE A/V, we do not do so in isolation from safety," Discord said . "That is why safety is integrated across our product and policies, and why messages on Discord are unencrypted." "Messages will still be subject to our content moderation approach, allowing us to continue offering additional safety protections." DAVE is publicly au
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Sep 18, 2024 Browser Security / Privacy
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects them against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only," the tech giant said . The improvements to Safety Check allow it to run automatically in the background, notifying users of the actions it has taken, such as revoking permissions for websites they no longer visit, and flagging potentially unwanted notifications. It's also designed to notify users of security issues that need to be addressed, while automatically revoking notification permissions from suspicious sites identified by Google Safe Browsing . "On Desktop, Safety Check will continue to notify you if you have any Chrome extensions installed that may pose
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Sep 17, 2024 Cryptocurrency / Malware
Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers , is a type of malware that Microsoft calls cryware , which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker's control. In doing so, digital asset transfers initiated on a compromised system are routed to a rogue wallet instead of the intended destination address. "In clipping and switching, a cryware monitors the contents of a user's clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address," the tech giant noted way back in 2022. "If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipbo
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Sep 06, 2024 Privacy / Data Security
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed by third-parties on the platform he manages is a misguided approach." Durov was charged late last month for enabling various forms of criminal activity on Telegram, including drug trafficking and money laundering, following a probe into an unnamed person's distribution of child sexual abuse material on the messaging service. He also highlighted the struggles to balance both privacy and security, noting that Telegram is ready to exit markets that aren't compatible with its mission to "protect our users in authoritarian regimes." Durov also blamed &q
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

Aug 29, 2024 Online Crime / Privacy
French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime, illicit transactions, drug trafficking, and fraud. Durov has also been charged with a "refusal to communicate, at the request of competent authorities, information or documents necessary for carrying out and operating interceptions allowed by law," according to an English translation of the press release. The 39-year-old was detained at Le Bourget airport north of Paris at 8 p.m. local time on Saturday after disembarking from a private jet. To avoid pretrial detention, Durov has been ordered to pay a €5 million bail, but he is barred from leaving the country and must rep
PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Aug 23, 2024 Malware / Threat Intelligence
Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said . "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of the malware strains distributed using this technique are Lumma Stealer , Hijack Loader (aka DOILoader, IDAT Loader, or SHADOWLADDER), and CryptBot , all of which are advertised under the malware-as-a-service (SaaS) model. The starting point of the attack chain is a Windows shortcut (LNK) file that's downloaded via drive-by download techniques -- e.g., when users look up a movie on search engines. It's worth pointing out that the LNK files are distributed within ZIP archives that are disguised as pirated movies. The LNK file connects to a content delivery network
Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique

Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique

Aug 01, 2024 Vulnerability / Threat Intelligence
Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed. "In a Sitting Ducks attack, the actor hijacks a currently registered domain at an authoritative DNS service or web hosting provider without accessing the true owner's account at either the DNS provider or registrar," the researchers said. "Sitting Ducks is easier to perform, more likely to succeed, and harder to detect than other well-publicized domain hijacking attack vectors, such as dangling CNAMEs ." Once a domain has been taken over by the threat actor, it could be used for all kinds of nefarious activities, including serving malware and conducting spams, while abusing the
Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

Jul 25, 2024 Cybercrime / Online Safety
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said . "They targeted primarily adult men in the U.S. and used fake accounts to mask their identities." In cases where some of these accounts attempted to target minors, Meta said it reported them to the National Center for Missing and Exploited Children (NCMEC). Separately, Meta said it also removed 7,200 assets, including 1,300 Facebook accounts, 200 Facebook Pages and 5,700 Facebook Groups, based in Nigeria that were used to organize, recruit and train new scammers. "Their efforts included offering to sell scripts and guides to use when scamming people, and sharing links to collections of photos to use when populating fake accounts," it sai
New Chrome Feature Scans Password-Protected Files for Malicious Content

New Chrome Feature Scans Password-Protected Files for Malicious Content

Jul 25, 2024 Browser Security / Data Protection
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said . To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice. Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In
Telegram App Flaw Exploited to Spread Malware Hidden in Videos

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

Jul 24, 2024 Zero-Day / Malware
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "Attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files," security researcher Lukáš Štefanko said in a report. It's believed that the payload is concocted using Telegram's application programming interface ( API ), which allows for programmatic uploads of multimedia files to chats and channels. In doing so, it enables an attacker to camouflage a malicious APK file as a 30-second video.  Users who click on the video are displayed an actual warning message stating the video cannot be played and urges t
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Jul 12, 2024 Digital Security / Online Safety
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's reputation in tatters. This isn't just a hypothetical scenario – it's the harsh reality faced by countless individuals and organizations every day. Recent data reveals that compromised credentials are the single biggest attack vector in 2024. That means stolen passwords, not exotic malware or zero-day exploits, are the most common way hackers breach systems and wreak havoc. To help you navigate this critical issue, we invite you to join our exclusive webinar, " Compromised Credentials in 2024: What to Know About the World's #1 Attack Vector. " What You'
Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

Mar 20, 2024 Cybercrime / Dark Web
The Cyber Police of Ukraine has  arrested  three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were taken over by carrying out brute-force attacks, which employ trial-and-error methods to guess login credentials. The group operated under the direction of a leader, who distributed the hacking tasks to other members. The cybercrime group subsequently monetized their ill-gotten credentials by putting them up for sale on dark web forums. Other threat actors who purchased the information used the compromised accounts to conduct a variety of  fraudulent schemes , including those in which scammers reach out to the victim's friends to urgently transfer money to their bank account. "You can protect
FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law

FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law

Dec 20, 2022 Privacy / Data Security
Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the  Fortnite  creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act ( COPPA ) by collecting the personal information of Fortnite players under the age of 13 without seeking permission from their parents. It will also pay $245 million to reimburse customers who were deceived by its  dark pattern  tricks to make accidental purchases as well as for allowing children to rack up unauthorized charges through in-game content purchases without requiring any parental or card holder action or consent. "Epic Games possessed actual knowledge that it collected personal information from children, including their names, email addresses, and identifiers used to keep track of pla
FBI Investigates Gawker Media Hack Claimed by Gnosis

FBI Investigates Gawker Media Hack Claimed by Gnosis

Dec 20, 2010
The FBI is investigating the massive hack of Gawker Media. Reports indicate that FBI agents met with Gawker Media CEO Nick Denton on Monday following the hacking incident, which was claimed by a group called Gnosis. The Gawker website was paralyzed, temporarily forcing the gossip site to stop publishing. Hackers managed to access over 100,000 passwords and emails from the 1.3 million registered users. The site was forced to stop publishing on Sunday and sent emails to all registered users, urging them to change their passwords. According to reports, Gawker Media CEO Nick Denton admitted, "We're deeply embarrassed by this breach." Tips to Keep Your Passwords Safe Online Don't Use the Same Password for Everything Using one password for all your accounts is unsafe. If a hacker gets your password for one account, they can access all your online identities. Use Different Passwords for Different Accounts Create and use strong, unique passwords for your online banking, blogging, socia
Google Enhances Search Security to Flag Compromised Web Pages

Google Enhances Search Security to Flag Compromised Web Pages

Dec 19, 2010
Google has introduced a new security feature in its search engine to flag more web pages that might have been compromised by hackers. This new feature expands Google's long-standing program that marks websites hosting malicious software with a "This site may harm your computer" warning. Now, a new notation, "This site may be compromised," will indicate pages that may not be malicious but show signs that the site might not be fully controlled by its legitimate owner. This often happens when spammers add invisible links or redirects to unrelated websites, such as pharmacy sites. Additionally, Google will identify sites that have had phishing pages added by hackers. According to the Anti-Phishing Working Group, between 75% and 80% of phishing sites are legitimate sites that have been hacked and seeded with phishing kits to mimic trusted e-commerce and banking sites. It remains to be seen if Google can speed up the process of re-vetting sites flagged as compromised after th
Internet-Based Crime Rises to 11%, Nearing Traditional Theft Rates

Internet-Based Crime Rises to 11%, Nearing Traditional Theft Rates

Dec 18, 2010
Americans are nearly as likely to be victimized by Internet-based crime as by other forms of nonviolent theft. This perception emerges from a recent survey on crimes committed against individuals and their families. According to a Gallup Poll released Monday, 11% of American adults reported that they or a household member were victims of a computer or Internet crime on their home computers in the past year. This marks an increase from the previous seven years, where the percentage ranged between 6% and 8%. Gallup notes: "At 11 percent, computer/Internet-based crime is edging closer in reported frequency to the most common traditional forms of crime involving nonviolent theft of personal property and vandalism. Further, the increase is an exception in the overall crime picture, in that Americans' victimization reports have been fairly steady over the past several years. Not only has the overall percentage of Americans experiencing any type of crime been fairly flat, but Ameri
 Australian Police Arrest Man for Hacking Nearly 100 Online Accounts

Australian Police Arrest Man for Hacking Nearly 100 Online Accounts

Dec 16, 2010
The Australian police have arrested a 33-year-old man accused of hacking into nearly 100 online accounts. The Australian Federal Police's high-tech crime unit has been monitoring the suspect since last September. This surveillance began when a local telecom company alerted the authorities to suspicious activity within its network. The man allegedly hacked into private and business Internet accounts, downloading data and engaging in other fraudulent activities. The suspect was arrested yesterday, and police confiscated his computer equipment. He now faces charges related to computer intrusion, including unauthorized access, modification, or impairment with intent to commit a serious offense. Neil Gaughan, the national manager of high-tech crime operations and assistant commissioner, stated that this arrest serves as a reminder for people to protect their online safety. "Anyone can be targeted by criminals online; it's important to be aware of the risks and take appropriate act
Expert Insights / Articles Videos
Cybersecurity Resources