The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The malicious scam campaign, " The 'HoeflerText' font wasn't found ," is back, which was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers. This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda , says   Kafeine , a security researcher at Proofpoint. Interestingly, the attackers behind this new campaign are so stupid that they forgot to change the name of the font, i.e. HoeflerText, due to which can be easily spotted. As I previously warned — Next time when you accidentally land up on a suspicious website with jumbled content prompting to update the Firefox or Chrome font pack by downloading a missing text font to read the article… Just don't download it. It's obviously a trap. Just like the previous one, the latest Firefox 'HoeflerText font wasn't found scam is also very convincing and easy to fall for. The attack in...

A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month. Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy money-making solution. Dubbed BondNet, the botnet was first spotted in December 2016 by GuardiCore researchers, who traced back the botnet malware developer, using online handle Bond007.01, to China. According to the GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies — primarily Monero, but also ByteCoin, RieCoin, and ZCash — but they warn that the hacker could easily take full control of compromised servers for malicious purposes, like mounting Mirai-style DDoS attacks. BondNet Attacks only Windows Server Machines Since mining cryptocurrencies require large amounts of CPU/GPU power, the botnet master goes after Windows Server machin...

WordPress, the most popular CMS in the world, is vulnerable to a logical vulnerability that could allow a remote attacker to reset targeted users' password under certain circumstances. The vulnerability (CVE-2017-8295) becomes even more dangerous after knowing that it affects all versions of WordPress — including the latest 4.7.4 version. The WordPress flaw was discovered by Polish security researcher Dawid Golunski of Legal Hackers last year in July and reported it to the WordPress security team, who decided to ignore this issue, leaving millions of websites vulnerable. "This issue has been reported to WordPress security team multiple times with the first report sent back in July 2016. It was reported both directly via security contact email, as well as via HackerOne website," Golunski wrote in an advisory published today. "As there has been no progress, in this case, this advisory is finally released to the public without an official patch." Golunski ...

Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Cellular networks, on the other hand, have consistently been ignoring this serious issue, saying that it is a very low risk for most people, as the exploitation of the SS7 flaws requires significant technical and financial investment. But some unknown hackers have just proved them wrong by recently exploiting the design flaws in the SS7 to drain victims' bank accounts, according to a report published Wednesday by German-based newspaper Süddeutsche Zeitung. SS7 is a telephony signaling protocol created in the 1980s by telcos and powered more than 800 telecom operators across the world, including AT&T and Verizon, to interconnect and exchange data, like routing calls and texts with one a...

Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] " has shared a document on Google Docs with you. " Once you clicked the link, you will be redirected to a page which says, " Google Docs would like to read, send and delete emails, as well access to your contacts, " asking your permission to "allow" access. If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to K...