-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ZTNAs Address Requirements VPNs Cannot. Here's Why.

ZTNAs Address Requirements VPNs Cannot. Here's Why.

Jan 24, 2022
I recently hopped on the  Lookout podcast  to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper. When most organizations were forced to shift to remote work last year, they needed a quick-fix solution that would enable their remote employees to access work resources securely. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app use cases. While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workfo...
Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

Jan 24, 2022
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are  programs  stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority. By examining the  Solidity  source code used for implementing smart contracts, the Israeli cybersecurity company found instances of  hidden  and  hardcoded fees  that can't be changed, while allowing malicious actors to exert control over "who is allowed to sell." In another instance, a le...
Emotet Now Using Unconventional IP Address Formats to Evade Detection

Emotet Now Using Unconventional IP Address Formats to Evade Detection

Jan 24, 2022
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted decimal quad representation to initiate the request from the remote servers," Trend Micro's Threat Analyst, Ian Kenefick,  said  in a report Friday. The infection chains, as with previous Emotet-related attacks, aim to trick users into enabling document macros and automate malware execution. The document uses Excel 4.0 Macros, a feature that has been  repeatedly   abused  by malicious actors to deliver malware. Once enabled, the macro invokes a URL that's obfuscated with carets, with the host incorporating a hexadecimal representation of the IP address — "h...
cyber security

Take the AI Sprawl CISO Survey. We'll Ship You Swag For It

websiteRecoAI Security / SaaS Security
10 minutes, anonymized. Plus early access to the AI agent posture benchmark.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

Jan 24, 2022
The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG)  said  in an  advisory  published on January 20, 2021. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as  CVE-2022-21658  (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in  Rust version 1.58.1  shipped last week. Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka  symlinks ) in a standard library function named "std::fs::remove_dir...
Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

Jan 22, 2022
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to  NotPetya malware  that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed  WhisperGate , was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos  said  in a report detailing its response efforts. Stating that stolen credentials were likely used i...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources