The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Specops

Racoon Stealer is Back — How to Protect Your Organization

Racoon Stealer is Back — How to Protect Your Organization

July 25, 2022The Hacker News
The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of personal information ranging from basic contact data to credit card numbers. As if all of that were not enough, Racoon Stealer also had the ability to steal cryptocurrency and to steal (or drop) files on an infected system. As bad as Racoon Stealer might have been, its developers have recently created a new version that is designed to be far more damaging than the version that previously existed.  New Racoon Stealer Capabilities The new version of Raccoon Stealer  still has the ability to steal browser passwords, cookies, and auto-fill data. It also has the ability to steal any credit card numbe
Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

December 09, 2021The Hacker News
It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.  So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of cyberattack Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.  Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and distracted m
Before and After a Pen Test: Steps to Get Through It

Before and After a Pen Test: Steps to Get Through It

October 21, 2021The Hacker News
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial efforts and solutions put in place to overcome previously discovered security vulnerabilities.  Let's look more closely at the pen test. What is included in a penetration test? How are they performed, and by whom? What steps should be taken after a penetration test? What is a penetration test? 1 — Simulated cyberattack A penetration test is, for all practical purposes, a simulated cyberattack on your business. However, it is carried out by the "good guys." An outside resource often conducts a penetration test, whether a third-party security consulting company or another security entity. Securit
The Gap in Your Zero Trust Implementation

The Gap in Your Zero Trust Implementation

September 21, 2021The Hacker News
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device. In a zero trust model, a user is no longer considered to be trustworthy just because they entered a password at the beginning of their session. Instead, the user's identity is verified through multi-factor authentication, and the user may be prompted to re-authenticate if they attempt to access resources that are particularly sensitive or if the user attempts to do something out of the ordinary. How Complic
Using Breached Password Detection Services to Prevent Cyberattack

Using Breached Password Detection Services to Prevent Cyberattack

June 10, 2021The Hacker News
Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and financially impactful. Unfortunately, account compromise is a very successful attack method and requires much less effort than other attack vectors. One of the essential types of password protection recommended by noted cybersecurity standards is  breached password detection . Hackers often use known breached password lists in credential stuffing or password spraying attacks. Here are some critical criteria to consider when your sysadmins are evaluating breached password protection solutions.  Breached password recommendations In the last few years, password security recommendations have evolved past the traditional recommendations regarding password security.  Businesses have used M
How Should the Service Desk Reset Passwords?

How Should the Service Desk Reset Passwords?

May 04, 2021The Hacker News
Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. Sure, helpdesk technicians do plenty of other things too, but in many organizations, a disproportionate number of helpdesk calls are tied to password resets. On the surface, having a  helpdesk technician reset a user's password  probably doesn't seem like a big deal. After all, the technician simply opens Active Directory Users and Computers, right-clicks on the user account, and chooses the Reset Password command from the shortcut menu. Resetting a password in this way is an easy process. Organizations can even opt to use an alternative tool such as the Windows Admin Center or even PowerShell if they prefer. One thing that most people probably don't stop and think about, however, is that even though the steps involved in the password reset process are simple enough, the  process as a whole constitutes a major security risk . Security and the service desk Th
The Top Free Tools for Sysadmins in 2021

The Top Free Tools for Sysadmins in 2021

February 25, 2021The Hacker News
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software picks to help tackle different duties more efficiently.  Thankfully, these free tools are also respectful of tight budgets—without sacrificing core functionality. Best for Permissions Management: SolarWinds Permissions Analyzer for Active Directory Whether you are part of an organization with many members or numerous resources, keeping track of permissions can be challenging. Changes in responsibilities, titles, or even employment statuses can influence one's access to proprietary data. Each user has unique privileges. We not only need to visualize these but manage them on
How to Audit Password Changes in Active Directory

How to Audit Password Changes in Active Directory

February 04, 2021The Hacker News
Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire infrastructure. Unfortunately, the personal nature of passwords has its shortcomings. Passwords are easily forgotten. They may also be too simplistic; many companies don't enforce stringent password-creation requirements. This is where the Active Directory Password Policy comes in. Additionally, the following is achievable: Changing user passwords Recording password changes and storing them within a history log Active Directory accounts for any impactful changes across user accounts. We'll assess why and how administrators might leverage these core features. Why change user
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.