#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researchers Uncover Iranian State-Sponsored Ransomware Operation

Researchers Uncover Iranian State-Sponsored Ransomware Operation

May 03, 2021
Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps ( IRGC ) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint  said  in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel. Dubbed "Project Signal," the initiative is said to have kickstarted sometime between late July 2020 and early September 2020, with ENP's internal research organization, named the "Studies Center," putting together a list of unspecified target websites. A second spreadsheet validated by Flashpoint explicitly spelled out the project's financial motivations, with plans to launch the ransomware operations in late...
New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer

New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer

May 03, 2021
A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed " PortDoor ," according to Cybereason's Nocturnus threat intelligence team. "Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more," the researchers  said  in a write-up on Friday. Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting fo...
Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

Apr 30, 2021
An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product ( CVE-2021-20016 , CVSS score 9.8) that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers  said . "UNC2447 has been observed targeting organizations in Europe and North America and has consistently displayed advanced capabilities to evade detection and minimize post-intrusion forensics." CVE-2021-20016 is the same  zero-day  that the ...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

Jun 26, 2025Data Protection / Compliance
SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...
Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Apr 30, 2021
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems,"  said  Microsoft's 'Section 52' Azure Defender for IoT research group. The flaws have been collectively named " BadAlloc ," for they are rooted in standard  memory allocation functions  spanning widely used real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. A lack of proper input validations associated with these memory allocation functions ...
A New Slack channel for Cybersecurity Leaders Outside of the Fortune 2000

A New Slack channel for Cybersecurity Leaders Outside of the Fortune 2000

Apr 30, 2021
Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island. It's even more challenging for organizations outside the Fortune 2000 that are resource-constrained. Security leaders are expected to know everything and often don't have anyone inside their organization with whom to bounce ideas or even go to for advice. When a crisis arises, they must often go with their gut or guess at the best solution based on their own experiences. Security leaders could often use advice but don't have an outlet for it. Chris Roberts, Chief Security Strategist at Cynet Security, offers a new Slack-based community for InfoSec leaders ( register here ) as a solution. The new InfoSec Leaders Community will fea...
Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach

Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach

Apr 30, 2021
Click Studios, the Australian software firm which confirmed a  supply chain attack  affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company  said  in an updated advisory released on Wednesday. "These emails are not sent by Click Studios." Last week, Click Studios said attackers had employed sophisticated techniques to compromise Passwordstate's update mechanism, using it to drop malware on user computers. Only customers who performed In-Place Upgrades between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC are said to be affected. While Passwordstate serves about 29,000 customers, the Adelaide-based firm maintained that the total number of impacted customers is very low. It's also urging users to refrain from po...
A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

Apr 29, 2021
The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from  SonarSource , following which a hotfix was deployed less than 12 hours later. "Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders," Composer  said  its  release notes  for versions 2.0.13 and 1.10.22 published on Wednesday. "To the best of our knowledge the vulnerability has not been exploited." Composer  is billed as a tool for dependency management in PHP, enabling easy installation of packages relevant to a project. It also allows users to install PHP applications that are available on  Packagist , a repository that aggregates all publ...
LuckyMouse Hackers Target Banks, Companies and Governments in 2020

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

Apr 29, 2021
An adversary known for its  watering hole attacks  against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region. The attacks involved deploying a toolkit dubbed SysUpdate (aka Soldier) in a number of breached organizations, including government and diplomatic agencies, telecom providers, a TV media company, and a commercial bank. LuckyMouse , also referred to as APT27 and Emissary Panda, is a sophisticated cyberespionage group that has a history of breaching multiple government networks in Central Asia and the Middle East. The actor has also been linked to cyberattacks aimed at transnational organizations such as the International Civil Aviation Organization ( ICAO )...
How to Conduct Vulnerability Assessments: An Essential Guide for 2021

How to Conduct Vulnerability Assessments: An Essential Guide for 2021

Apr 29, 2021
Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment. Read this guide to learn how to perform vulnerability assessments in your organization and stay ahead of the hackers. Vulnerability assessment tools Vulnerability assessments are automated processes performed by scanners. This makes them accessible to a wide audience. Many of the scanners are geared towards cybersecurity experts, but there are solutions tailored for IT managers and developers in organizations without dedicated security teams.  Vulnerability scanners come in various types: some excel at network scanning, others at web applications, IoT devices, or container security. If you're a small business, you're likely to find...
Expert Insights Articles Videos
Cybersecurity Resources