#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

sslstrip attack | Breaking Cybersecurity News | The Hacker News

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

Destructive and MiTM Capabilities of VPNFilter Malware Revealed
Jun 06, 2018
It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malware that infected more than 500,000 routers in at least 54 countries, allowing attackers to spy on users, as well as conduct destructive cyber operations. Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE. "First, we have determined that are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-L

Google catches Indian Government Agency with Fake Digital Certificates

Google catches Indian Government Agency with Fake Digital Certificates
Jul 09, 2014
Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India's Ministry of Communications and Information Technology. National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government's top CA, Indian Controller of Certifying Authorities (India CCA), which are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome. The use of rogue digital certificates could result in a potentially serious security and privacy threat that could allow an attacker to spy on an encrypted communication between a user's device and a secure HTTPS website, which is thought to be secure. Google became aware of the fake certificates last Wednesday on July 2 and within 24 hours, the Indian Controller of Certifying Authorities (Ind

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack
Jun 19, 2014
Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users' account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson from it. WHAT IS MAN-IN-THE-MIDDLE (MitM) ATTACK Before moving on to the story, let us discuss some emerging and common threats against the social networking sites nowadays. If we talk about less publicized but more danger, then Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users' internet communication, steal sensitive information and even hijack sessions. Though MitM attacks are popular and have existed for years, a major categories of today's largest websites and social networking sites still haven't taken the necessary steps to safeguard their users' personal and sensitive data from the vulnerabil

Protecting Your Organization From Insider Threats - All You Need to Know

cyber security
websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo
Expert Insights
Cybersecurity Resources