The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the  best DDoS protection  software solutions. Many unplanned data center outages are owing to DDoS attacks. The threat of DDoS is due to access to easy-to-use tools and the profit potential through extortion.  The attacks target businesses directly, leading to substantial financial and personal losses, making it critical to have robust DDoS protection software solutions in place. According to the report of  Market Research Inc , the DDoS protection Software Market is predicted to reach +14% CAGR by 2020 – 2028.  Important Statistics to illustrate the growing demand for DDoS Software Solutions Demand for the DDoS ...

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO), according to warrants issued for their arrests. "The indictment alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement," Acting U.S. Attorney Randy Grossman  said  in the announcement. "This groundbreaking investigation should send a serious message to companies who think they can aid criminals in their unlawful ac...

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to choose from. If you would like to scoop them all,  The CompTIA Security Infrastructure Expert Bundle  is worth your attention. This collection of courses offers 111 hours of video tutorials, working towards four certifications: Security+, CySA+, CASP, and PenTest+. The content in this bundle is worth $1,180 — but The Hacker News has partnered with iCollege to bring the price crashing down.  Special Offer  — Right now, you can  get lifetime access to all four courses for just $29.99 . This is the final reduction on this bundle, so you won't get a better price! Whether you want to become a cybersecurity specialist or just build a strong technical résumé, taking CompTIA...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a  use after free  vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193. Details about the flaw are scarce except that it was reported to Google by an anonymous researcher on March 9. According to IBM, the vulnerability is rated 8.8 out of 10 on the CVSS scale, and could allow a remote attacker to execute arbitrary code on the target system. "By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system," the...

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in  Nim  programming language. Dubbed " NimzaLoader " by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape. "Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim's implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it," the researchers said. Proofpoint is tracking the operators of the campaign under the moniker "TA800," who, they say, started distributing NimzaLoader starting February 3, 2021. Prior to the latest raft of activity, TA800 is known to have predominantly used BazaLoader since April 2020. While APT28 has been previously linked to delivering  Zeb...

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up.  According to the latest reports , cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry." "Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner  tweeted . "Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers." Microsoft's security intelligence team, in a separate tweet,  confirmed  that it has begun "blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers....

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system." In avoiding JavaScript, the side-channel attacks are also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs — making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets. The  findings , which come from a group of academics from the Ben-Gurion U...