-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Feb 10, 2022
A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump's Dumps, and UAS, were confiscated and plastered with a banner that warned "theft of funds from bank cards is illegal." Also embedded into the HTML source code was a message asking, "Which one of you is next?" The seizures were orchestrated by the Department "K," a division of the Ministry of Internal Affairs of the Russian Federation that focuses primarily on information technology-related crimes, according to  Flashpoint . In a related development, state-owned news agency TASS  said  that six Russian individuals were being charged with "the illegal circulation o...
Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites

Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites

Feb 10, 2022
Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is  used  to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system's Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows - CVE-2022-24663  - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24664  - Remote Code Execution by Contributor+ users via metabox, and CVE-2022-24665  - Remote Code Execution by Contributor+ users via gutenberg block Successful exploitation of the three vulnerabilities could result in the execution of malicious PHP code that could be leveraged to achieve a complete site tak...
U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

Feb 09, 2022
The U.S. Justice Department (DoJ) on Tuesday  announced  the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the  hack  of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "largest financial seizure ever." Prosecutors charged the couple not for the hack itself, but rather for receiving the stolen bitcoin into a digital wallet under their ownership, a part of which was laundered to conceal the activities and the movement of the money. In 2019, Israeli authorities apprehended two brothers, Eli and Assaf Gigi, over their supposed involvement in the 2016 security breach. "Bitfinex will work with the Do...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Guide: Alert Overload and Handling for Lean IT Security Teams

Guide: Alert Overload and Handling for Lean IT Security Teams

Feb 09, 2022
Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as  70% of teams  report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity.  This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for...
Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign

Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign

Feb 09, 2022
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed  Marlin  as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea"  — to a threat actor called  OilRig  (aka APT34), while also conclusively connecting its activities to a second Iranian group tracked under the name  Lyceum  (Hexane aka  SiameseKitten ). "Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates," ESET noted in its  T3 2021 Threat Report  shared with The Hacker News. Active since at least 2014, the hacking group is known to strike Middle Eastern governments and a variety of business verticals, including chemical, energy, financial, and telecommunications. In April 2021, the actor targeted a Lebanese e...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources