cybersecurity | Breaking Cybersecurity News | The Hacker News

The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries. The 11-count indictment , which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of sensitive data, including from companies developing COVID-19 vaccines, testing technology, and treatments while operating both for private financial gain and behalf of China's Ministry of State Security. "China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being 'on call' to work for the benefit of the state, [and] to feed the Chinese Communist party's insatiable hunger for American and other non-Chinese companies' hard-earned intellectual property, includ

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects— Joshua Polloso Epifaniou , 21, a resident of Nicosia, and Ghassan Diab , 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend. According to the indictment , Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR's login and password protection to gain access to its database through an existing account associated with a ROR employee. In November 2016, Epifaniou tried to extort the company by emailing ROR's CEO with a hyperlink to a video demonstrating Epifaniou's unauthorized access to the ROR CEO's account, threatening him to publicly di

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler. In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver seat, security stalls the progress by saying NO to many things on the highway. — Is what he says. At that point, my friend Daniel got involved and argued that application security is no longer optional to our business as we rely on apps for our day-to-day activities. And, he added a powerful quote: "Because we've brakes in our cars, we can drive fast" - Robert Garigue Businesses will less likely advance if they don't have security (brakes) to do safely. The car's speed obtains improvement with brakes – the improvements to business are the improvement to th

In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software. The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. We know, social engineering attacks may sound a bit boring, but someone used the same to put Twitter on fire just last night when hundreds of high-profile Twitter accounts were hacked to promote a cryptocurrency scam, all thanks to an employee's compromised internal tooling account. The said vulnerability resides in Zoom's customizable URL feature dubbed Vanity URL, aiming to let companies create a custom URL on its subdomain and branded landing page, such as " yourcompany.zoom.us, " where the invitation link to a meeting then

In the world of professional IT, recruiters look for certificates as an important criterion for eligibility and assessing skills. Any IT professional with résumé that includes CompTIA certificates tends to rise up the pile. Of course, there are many different CompTIA exams you can choose from based on your interest and already chosen path. Our educational and industry partners have introduced " Complete 2020 CompTIA Certification Training Bundle ," aiming to help cybersecurity aspirants prepare for the big ones, with 14 courses covering A+, Security+, Network+, and more. The original fees for all these certification preparation courses are worth nearly $3,486 when subscribed directly through the instructor's platform. However, the great news is that The Hacker News has now partnered with these leading instructors to offer the same training bundle for only $89 to its readers with lifetime access. Special Offer — For a limited time, this bundle's one-time

In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us

Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 (!) days. To keep the enterprise protected, IT needs to figure out a way to break this endless cycle without purchasing complex security and data analysis tools and hiring the right (skilled and expensive) security professionals to operate them. Enter MDR An advanced security service, Managed Detection and Response (MDR), provides ongoing threat detection and response, leveraging AI and machine learning to investigate, alert, and contain threats. MDR is becoming popular and gaining traction. In fact, Gartner forecasts that by 2024, 25% of organizations will be using MDR services, up from less than 5% today. And by 2024, 40% of midsize enterprises will use MDR as their only managed security s

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss , Patrick Wardle , and Malwarebytes , the ransomware variant — dubbed " EvilQuest " — is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update. Besides encrypting the victim's files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files. With this development, EvilQuest joins a handful of ransomware strains that have exclusively singled out macOS, including KeRanger and Patcher . The source of the malware appears to be trojanized versions of popular macOS software — such as Little Snitch, a DJ software called Mixed In Key 8, and Ableton Live — that are distributed on popular torre

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the vulnerabilities last year following a routine security audit of a Singapore-based major retailer. "Malicious attackers can establish persistence on the network and spy on internal users, steal data — without ever getting detected," Acronis said. "They can reuse your fingerprint data to enter your home and/or personal devices, and photos can be easily reused by malicious actors to perpetrate identity theft based on biometric data." In all, the flaws affect at least 6 device families, with over 2,500 vulnerable devices discovered online across Brazil, US, Germany, Ta

Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar, GalComm. However, it's not immediately clear who is behind the spyware effort. "This campaign and the Chrome extensions involved performed operations such as taking screenshots of the victim device, loading malware, reading the clipboard, and actively harvesting tokens and user input," Awake Security said. The extensions in question posed as utilities offering capabilities to convert files from one format to the other, among other tools for secure browsing, while relying on thousands of fake reviews to trick unsuspecting users into installing them. Furthermore, the

High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week. "This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America." Called the GPRS Tunnelling Protocol ( GTP ), the affected Internet Protocol (IP)-based communications standard defines a set of rules governing data traffic over 2G, 3G, and 4G networks. It also forms the basis for GPRS core network and its successor Evolved Packet Core ( EPC ), thus making it possible for users to keep connected to the Internet while moving from one place to the ot

Last week, application security company ImmuniWeb released a new free tool  to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered for sale or leaked. All you need to launch a Dark Web search is to enter your domain name. The volume of stolen credentials on the Dark Web is booming This week, over 26 million user records, including plaintext passwords, stolen from LiveJournal appeared on a Dark Web marketplace for as low as $35. The present week is likewise sadly marked with a compromise of 31 SQL databases (with 1.6 million rows of client data) from webshop owners. There were 7,098 breaches reported in 2019, exposing over 15.1 billion records, a new worst year on record according to Risk Based Security report

As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourcing Guide ( download here ), providing IT Security executives with clear and actionable guidance on the pros and cons of each outsourcing alternative. The reason for security outsourcing increasing momentum is that unlike traditional IT, cyber threats evolve at a much faster pace. While relatively not long ago, AV and firewall covered most of the standard organization's cybersecurity needs, today no security posture can be considered complete without a certain level of incident response capabilities, alert prioritization, root cause analysis and forensic investigation – and security professional that are sufficiently qualified in this domain both are hard to find as well as costly t