Search results for cyber | Breaking Cybersecurity News | The Hacker News

Microsoft has become the latest victim of to Cyber attack and confirm that small number of its computers, including some in its Mac software business unit, were infected with malware . Microsoft added , malicious software used in a cyber attack is very similar to those experienced by Facebook and Apple recently. Microsoft gave few other details about the break-in, " We have no evidence of customer data being affected and our investigation is ongoing. " " During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing, " Microsoft said. " This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries ," the company said. Last week, Apple said its

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is  urging  manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) for exploiting operational technology devices with default passwords to gain access to critical infrastructure systems in the U.S. Default passwords  refer to factory default software configurations for embedded systems, devices, and appliances that are typically publicly documented and identical among all systems within a vendor's product line. As a result, threat actors could scan for internet-exposed endpoints using tools like Shodan and attempt to breach them through default passwords, often gaining root or administrative privileges to  perform po

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The recent "disconcerting" reports that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. The revelation that the Indian embassy in the US was among the list of 38 diplomatic missions which were being spied upon by American intelligence agencies, as per the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden has raised questions like How much of liberty should the cyber space grant to maintain national security and at what cost?  So far, legality is the main rationale US officials have used to defend the government's PRISM spying program. It's all perfectly legal, approved by govt. and the courts, but a more potent argument might be just because something is legal doesn't necessarily make it a good thing. In the context of the recent findings and the debate that it has just drawn, The Hackers Conference 2013 will raise important questions on the th

The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors," the Treasury  said . The agency also accused Iranian state-sponsored actors of  staging disruptive attacks  aimed at Albanian government computer systems in mid-July 2022, an incident that forced the latter to temporarily suspend its online services. The development comes months nearly nine months after the U.S. Cyber Command characterized the advanced persistent threat (APT) known as MuddyWater as a  subordinate element  within MOIS. It also comes almost two years following the Treasury's sa

Data breaches and security incidents are a constant in the headlines these days. Hackers and cyber criminals   are motivated by status or money and finding new innovative and more creative attacks to achieve this. One of them are, Digital Bank robbery  - where the thieves didn't need masks and guns to pull off the job, all they need are - Hacking Skills, a computer and the Internet. Another way is  Cyber extortion  - threat of attack against an enterprise or a bank, coupled with a demand for money to avert or stop the attack. According to Haaretz news, A Hacker - who is the operator of a biggest botnet malware network in the Israel, has threatens 3 major Israeli banks, i.e. Israel Discount Bank, Bank Yahav and the First International Bank of Israel. " Bank received an e-mail message threatening that unless they handed over a certain sum in Bitcoins by the end of next week, a list of customers' details would be given to hostile elements. " Banks database, network an

A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs), which can be used as a backdoor to steal personal information and conduct surveillance through microphones and cameras, catching the attention of the U.K. National Crime Agency (NCA). The cyber voyeur's modus operandi involved catfishing potential targets by using fake profiles on different messaging apps such as Skype, leveraging the online encounters to send rogue links hosting the malware through the chats. "Davies was infecting his victims' phones or computers with malicious software by disguising it with the crypters so their antivirus protection would not detect it,&qu

As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behaviour constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats, such as data breaches, ransomware attacks, and malicious insiders, organizations are facing significant challenges in successfully monitoring and securing their networks. Furthermore, the talent shortage in the field of cybersecurity makes manual threat hunting and log correlation a cumbersome and difficult task. To address these challenges, organizations are turning to predictive analytics and Machine Learning (ML) driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad. The Role of ML-Driven Network Security Solutions

Japan developing cyber weapons for Counter Attack Japanese technology firm Fujitsu is developing a ' seek and destroy ' virus which could identify and combat hacking and other cyber threats in a more effective way. The weapon is the culmination of a 179 million yen three-year project entrusted by the government to technology maker Fujitsu Ltd to develop a virus and equipment to monitor and analyse attacks, the daily said. The chief snag for the plan is that Japanese law currently forbids the manufacturing of computer viruses. However, we would suspect that a compromise can be reached in due course, given the project is being carried out in the interest of national security. Japan was a notable victim of hacking in 2011, which proved to be a year in which cyber crimes and threats rose to prominence.  Japan's parliament had its computer system hacked into, while a number of cyber espionage campaigns including one targeting almost 50 US companies were waged on governments and firms a

The United States House of Representatives on Thursday voted to approve the highly controversial  cyber security bill CISPA , which stands for the Cyber Intelligence Sharing and Protection Act. The Bill called the Cyber Intelligence Sharing and Protection Act (CISPA) was presented under the guise National Security , but in reality opens up a loop hole for companies that collect personal information about their users and in some cases want to trade of even sell these to other companies for money or other services.  This was the second time that the US House of Representatives passed the CISPA. Senators had earlier rejected the first draft of this bill on the grounds that it wasn't providing enough for protecting the privacy. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. The first parts of CISPA are relevant and necessary. If we're " hacked ," CISPA a

Indonesian and Australian police launched Cyber Crime Investigation Center Indonesian and Australian police officially launched a joint project called the Cyber Crime Investigation Center. The center was officiated by Indonesian National Police chief Gen. Timur Pradopo and Australian Federal Police chief Comr. Tony Negus at the National Police Headquarters in Jakarta on Thursday. Timur said the center had been planned since six months ago. " Today, we launch the center, which will be equipped with tools needed to carry out cyber crime investigation ," Timur said, adding that its communication technology equipment was being provided by the Australian government." Of course, this [center] will improve our capacity to detect and [investigate cyber] crimes, particularly transnational crimes ," he said. Negus said the center would allow the Indonesian National Police to deal with technology and IT-related crimes. He added that the Australian police force was looki

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations ( TAO ), a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA), of orchestrating thousands of attacks against the entities located within the country. "The U.S. NSA's TAO has carried out tens of thousands of malicious cyber attacks on China's domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data," the NCVERC  said . According to the U.S. Department of Justice ( DoJ ), Northwestern Polytechnical Unive

The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control an

Computer networks at major South Korean banks and top TV broadcasters crashed simultaneously Wednesday, during a Massive cyber attack. South Korean police investigating reports from several major broadcasters and banks. least three broadcasters KBS, MBC and YTN and the Shinhan and Nonghyu banks reported that their computer networks had been crached. The state-run Korea Information Security Agency said that Screens went blank at 2 p.m. and more than seven hours later some systems were still down.  The take down was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches. The Associated Press says: " The latest network paralysis took place ju

In the digital age, the battleground for security professionals is not only evolving, it's expanding at an alarming rate. The upcoming webinar, " The Art of Privilege Escalation - How Hackers Become Admins ," offers an unmissable opportunity for IT security experts to stay ahead in this relentless cyber war. Privilege escalation - the term might sound benign, but in the hands of a skilled hacker, it's a devastating tactic. It's a method where cyber attackers, starting as standard users, clandestinely climb the ladder of access, eventually gaining root-level control. This isn't just a breach; it's a systematic takeover of your entire network. Picture a scenario where cybercriminals roam freely through your network, turning your layers of defense into mere spectators. It's a chilling thought, but it's a reality faced by organizations across the globe. What if you could anticipate and counter these threats? Expertly delivered by Joseph Carson , Ch

After hacking PCs, Cyber criminals have now begun targeting Smartphones with a special piece of malicious software that locks up the devices until the victims pay a ransom to get the keys to unlock the phone, called Ransomware .  Ransomware typically targets users' personal computers and has become a profitable way for cyber criminals to earn money. To deliver the Ransomware malwares to the mobile devices, cyber criminals have started creating malicious software programs that masquerade as antivirus apps or other play store apps, but instead of protecting your smart devices, they lock up your Smartphone until you pay a ransom to unlock it. RANSOMWARE - POLICE &  CRYPTOLOCKER As we reported earlier in news updates, security researchers disclosed various Police ransomware targeting users' personal computers. The ransomware software once installed, cyber criminals attempts to lock the victim's computer hard disk and files from a remote location. Usually

Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an actual hacker would. However, there is a very important distinction between the two - and when each is the better option. Manual or automated? Penetration testing is a  manual  security assessment where cyber security professional attempts to find a way to break into your systems. It's a hands-on, in-depth test to evaluate security controls across a variety of systems, including web application, network and cloud environments. This kind of testing could take several weeks to complete, and due to its complexity and cost, is commonly carried out once a year. Vulnerability scanning,

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center  said  that the "attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes." "Any failure in the operation of [critical information infrastructure] objects due to a reason that is not reliably established, first of all, should be considered as the result of a computer attack," the agency added. Furthermore, it notified of possible influence operations undertaken to "form a negative image of the Russian Federation in the eyes of the world community," echoing a  similar alert  released by the U

Peace deal between Indian Cyber Army and Pakistan Cyber Army C00lt04d  [ ICA ] has given a Statement :  Hello all... C00lt04d here i think everyone know what's happening out there we here were Defacing Pakistani sites.. and on that side Pakistanis were hacking ours... This has gone too far that both the governments are involved in this and they are taking down every black hat activity out here I think every1 have heard how that Adil got arrested by FIA for hacking into their own Government site we don't want this happen to every other hacker out here.... Lets keep the fight As Hackers vs anti-humanity ... and stop the fight between each other....at least for few days Also we know People like Amar Jeet singh are raging cyber war between Rival countries so i suggest all the Hackers Indian And Pakistani to lets move to these guys First and also move our attacks to Third World countries So that the things will settle down here also take

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson,  tweeted . The Security Service of Ukraine, the country's law-enforcement authority,  alluded  to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack." Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS ( CVE-2021-32648 ), which cou