#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Mar 26, 2020
Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Play Store searches related to the topic. "Most malicious apps found are bundle threats that range from ransomware to SMS-sending malware, and even spyware designed to clean out the contents of victims' devices for personal or financial data," Bitdefender researchers said in a telemetry analysis report shared with The Hacker News. The find by Bitdefender is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. Using Coronavirus-Relat...
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

Mar 25, 2020
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called " TrickMo " by IBM X-Force researchers, is under active development and has exclusively targeted German users whose desktops have been previously infected with the TrickBot malware. "Germany is one of the first attack turfs TrickBot spread to when it first emerged in 2016," IBM researchers said. "In 2020, it appears that TrickBot's vast bank fraud is an ongoing project that helps the gang monetize compromised accounts." The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication. The development is the latest addition in the ars...
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Mar 24, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982 , the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. While an 'opkg install' command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package or software update without verification. If exploited successfully, a remote attacker could gain complete control over the targeted OpenWrt network device, and subsequently, over the netwo...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

Jun 26, 2025Data Protection / Compliance
SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...
How to Provide Remote Incident Response During the Coronavirus Times

How to Provide Remote Incident Response During the Coronavirus Times

Mar 24, 2020
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible. Cynet 360, a tool of choice for a number of IR providers (offered to IR providers for free), enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely ( learn more here ) by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services. Attackers always seek easy opportunities, and it's no wonder many threat actors take advantage of the current mayhem of the Coronavirus pandemic to increase their attacks'...
Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

Mar 24, 2020
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed " Tekya ," the malware in the apps imitated users' actions to click ads from advertising networks such as Google's AdMob, AppLovin', Facebook, and Unity, cybersecurity firm Check Point Research noted in a report shared with The Hacker News. "Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on)," the researchers said. While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer an...
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Mar 23, 2020
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft , both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020. Both vulnerabilities reside in the Windows Adobe Type Manager Library , a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the 'Preview Pane' or 'Details Pane' without having users to open it. The flaws exist in Microsoft Windows when the Adobe Type Manager Library improperly "handles a specially-crafted multi-master font - Adobe Type ...
User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption

User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption

Mar 23, 2020
For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key features on Pulsar's product roadmap. Apache Pulsar is a cloud-native, distributed open source publish-subscribe (pub/sub) based high-performance server-to-server messaging and streaming system that manages hundreds of billions of events per day. It provides very low end-to-end latency, guaranteed message delivery, zero data loss, and a serverless lightweight computing framework for stream native data processing. Pulsar adoption has largely been driven by the market's increased demand for real-time, data-enabled technologies. While companies have tried to leverage monolithic messaging systems to build-out real-time offerings, they've hit major roadblocks. Ultimately, the...
Expert Insights Articles Videos
Cybersecurity Resources