#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for cyber attack | Breaking Cybersecurity News | The Hacker News

Hacker Steals $8.4 Million in Ethereum (4th Heist In A Month)

Hacker Steals $8.4 Million in Ethereum (4th Heist In A Month)

Jul 25, 2017
More Ethereum Stolen! An unknown hacker has just stolen nearly $8.4 Million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – in yet another Ethereum hack that hit Veritaseum's Initial Coin Offering (ICO). This incident marks as the fourth Ethereum hack this month and second cyber attack on an ICO, following a theft of $7 Million worth of Ether tokens during the hack of Israeli startup CoinDash's initial coin offering last week. A few days ago, a hacker also stole nearly $32 Million worth of Ethereum from wallet accounts by exploiting a critical vulnerability in Parity's Ethereum Wallet software, which followed a $1 Million worth of Ether and Bitcoins heist in crypto currency exchange Bithumb earlier this month. Now, Veritaseum has confirmed that a hacker stole $8.4 Million in Ether (ETH) from its ICO this Sunday, July 23. "We were hacked, possibly by a group. The hack seemed to be very sophisticated, but there'
Cyber attack hits Istanbul Airport passport control system

Cyber attack hits Istanbul Airport passport control system

Jul 26, 2013
The passport control system at Istanbul Ataturk Airport International departure terminal was under cyber attack on Friday, while another airport in the Turkish largest city was also affected. Passengers stood in lines for hours and plane departures were delayed, because cyberattack shutdown passport control systems at two facilities. Later Authorities has restored the systems. Few local media said that the passport control system at the Sabiha Gokcen International Airport in Istanbul also broke down due to the malfunction of the Istanbul provincial security directorate's Polnet data system. They believe that systems were infected using some malwares, But Authorities also investigating if the malware yielded user details from the infected machines or not. No claim of responsibility or blame was attributed to the alleged cyberattack. However, this is another malware attacks been reported, targeting vital infrastructure so far. Cybersecurity has emerged as an emergin
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
US military's offensive operations in cyberspace to shoot Hackers

US military's offensive operations in cyberspace to shoot Hackers

Nov 17, 2011
US military's offensive operations in cyberspace to shoot Hackers The US military is now legally in the clear to launch offensive operations in cyberspace, the commander of the US Strategic Command has said. The Pentagon has just sent a report to Congress where it says that it has the right to retaliate with military force against a cyber attack. Air Force General Robert Kehler said in the latest sign of quickening U.S. military preparations for possible cyber warfare that "I do not believe that we need new explicit authorities to conduct offensive operations of any kind". US Strategic Command is in charge of a number of areas for the US military, including space operations (like military satellites), cyberspace concerns, 'strategic deterrence' and combating WMDs. " When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country ," the DoD said in the report. " All states possess an inherent right to
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
EtherParty Breach: Another Ethereum ICO Gets Hacked

EtherParty Breach: Another Ethereum ICO Gets Hacked

Oct 03, 2017
Etherparty announced Sunday that its ICO (Initial Coin Offering) website selling tokens for a blockchain-based smart contract tool was hacked and the address for sending funds to buy tokens was replaced by a fraudulent address controlled by the hackers. Vancouver-based Etherparty is a smart contract creation tool that allows its users to create smart contracts on the blockchain. Companies like this launch ICO to let them raise funding from multiple sources. Etherparty said the company launched its Fuel token sale on Sunday, October 1 at 9 A.M. PDT, but just 45 minutes, some unknown attackers hacked into its ICO website and replaced the legitimate address by their own, redirecting cryptocurrencies sent by investors into their digital wallet. According to the details released by the Etherparty team, the company detected the hack after just 15 minutes and immediately took its website down for nearly one and half hour to fix the issue, preventing more people from sending funds to
Fine Gael website Hacked by Anonymous hackers !

Fine Gael website Hacked by Anonymous hackers !

Jan 11, 2011
Ireland's main opposition party confirms that the personal details of up to 2,000 people have been compromised by the attack Ireland's main opposition party's website has been hacked into by a group which has recently come to prominence for attacks on companies related to the WikiLeaks controversy. Up to 2,000 people's personal details were compromised in the attack by the hackers, known as Anonymous, Fine Gael said. The American internet firm ElectionMall, which reported the cyber attack to US authorities, has informed the party that the FBI is now involved in the investigation. A statement from Fine Gael confirmed that its site, Finegael.com had been compromised by the Anonymous group, which has backed WikiLeaks and its founder Julian Assange against attempts by the United States government to stop the leaking of sensitive American diplomatic cables. Anonymous has launched attacks on the websites of companies such as Visa, Mastercard and Amazon over allegations
CIO said - London Olympics Will Be 'ready' For Cyber-attacks !!

CIO said - London Olympics Will Be 'ready' For Cyber-attacks !!

Jan 21, 2011
London Olympics will be well prepared for attempted cyber attack, according to CIO Gerry Pennell London 2012. Speaking in London to start in 2012, and Atos Origin IT testing organization, Technology Lab, Pennell said the attacks at the Olympics - is also trying to overthrow the Games, to influence the results data and DDoS attacks on the pages of the event - were predictable. The former interior minister David Blunkett has also felt the impact of cyber attacks at the Olympics in 2009. Pennell said: "We have cyber attacks, certainly the previous games have always been attacked, then we will be attacked .. "We work with partners and government to ensure that we have the right of defense." With access to the laboratory of Technology, Atos and London of 2012 was 200 000 to start testing the entire Olympic Games IT infrastructure that is flexible, adaptable to change and secure. For example, scenarios such as computer room fire, or a virus, will be tested in real t
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

Jul 30, 2021
A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed " MeteorExpress " — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm  Amn Pardaz  and SentinelOne. Meteor is believed to have been in the works over the past three years. "Despite a lack of specific indicators of compromise, we were able to recover most of the attack components," SentinelOne's Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. "Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker," adding the offensive is "designed t
BitTorrent Invites Sony to Release 'The Interview' Movie On Its Paid Service

BitTorrent Invites Sony to Release 'The Interview' Movie On Its Paid Service

Dec 23, 2014
Sony was forced to pull the cinema release of " The Interview ," scheduled for Christmas day, after hacker group Guardians of Peace (GOP) threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives. HACKERS WARNED OF TERROR ATTACK The massive hacking attack against Sony Pictures Entertainment is getting worst day by day. The hack has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of 5 newest films leak , marking it as the most severe hack in the History. Week back, the hacker group GOP, who has claimed responsibility for the damaging Sony cyber-attack, demanded Sony to cancel the release of " The Interview " — the Seth Rogen and James Franco-starring comedy centered around a T
Finland's Ministry of Foreign Affairs networks hit by sophisticated Malware attack

Finland's Ministry of Foreign Affairs networks hit by sophisticated Malware attack

Nov 01, 2013
Finnish commercial broadcaster MTV3 reports that the Finnish Ministry of Foreign Affair networks has been targeted in a four-year-long cyber espionage operation. Finland's foreign minister said, " I can confirm there has been a severe and large hacking in the ministry's data network ," A large scale spying attack   targeted the communications between Finland and the European Union using  a malware , similar to, and more sophisticated than Red October . The breach was uncovered during the early part of this year. MTV3 also mentioned that the breach was not discovered by the Finns themselves, but from a foreign tip-off reported to CERT.FI. Further the Finnish authorities kept the information under wraps for continuing the forensics. There are indications that information with the lowest level security classification has been compromised, he said. In January, 2013, we had reported about Red October Cyber-espionage operation that targeted th
KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform

KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform

Jul 30, 2018
Again some bad news for cryptocurrency users. KICKICO, a blockchain-based initial coin offering (ICO) support platform, has fallen victim to a suspected cyber attack and lost more than 70 million KICK tokens (or KickCoins) worth an estimated $7.7 million. In a statement released on its Medium post on July 26, the company acknowledged the security breach, informing its customers that an unknown attacker managed to gain access to the account of the KICK smart contracts and the tokens of the KICKICO platform on last Thursday at around 9:04 (UTC). KICKICO admitted that the company had no clue about the security breach until and unless several of its customers fell victim and complained about losing KickCoin tokens worth $800,000 from their wallets overnight. However, after investigating, the company found that the total amount of stolen funds was 70,000,000 KickCoin, which, at the current exchange rate, is equivalent to $ 7.7 million. KICKICO reported that suspected attackers
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

Mar 29, 2023 Cyber Threat / Espionage
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker  APT43 , said the group's motives are both espionage- and financially-motivated, leveraging techniques like  credential harvesting  and social engineering to further its objectives. The monetary angle to its attack campaigns is an attempt on the part of the threat actor to generate funds to meet its "primary mission of collecting strategic intelligence." Victimology patterns suggest that targeting is focused on South Korea, the U.S., Japan, and Europe, spanning government, education, research, policy institutes, business services, and manufacturing sectors. The threat actor was also observed straying off course by striking health-related verticals and pharma companies from October 2020
Patch Where it Hurts: Effective Vulnerability Management in 2023

Patch Where it Hurts: Effective Vulnerability Management in 2023

Jan 12, 2023 Vulnerability Management
A recently published  Security Navigator  report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most. Company data and threat intelligence need to be correlated and automated. This is essential to enable internal teams focus their remediation efforts. Suitable technologies can take the shape of a global Vulnerability Intelligence Platform. Such a platform can help to prioritize vulnerabilities using a risk score and let companies focus on their real organizational risk.  Getting Started Three facts to have in mind before establishing an effective vulnerability management program:  1. The number of discov
Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Feb 07, 2023 Identity Protection / Cyber Insurance
With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy.  Ransomware attacks were up 80% last year , prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem the record number of claims. Among these are a mandate to enforce multi-factor authentication (MFA) across all admin access in a network environment as well as protect all privileged accounts, specifically machine-to-machine connections known as service accounts.  But identifying MFA and privileged account protection gaps within an environment can be extremely challenging for organizations, as there is no utility among the most commonly used security and identity products that can actually provide this visibility. In this article, we'll explore these identity protection challenges and suggest steps organizations can take to overcome them, including signing up for a  free identity risk a
Key Cybersecurity Tools That Can Mitigate the Cost of a Breach

Key Cybersecurity Tools That Can Mitigate the Cost of a Breach

Sep 05, 2023 Data Breach / Password Security
IBM's 2023 installment of their annual " Cost of a Breach " report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team's nightmare scenario.  The average cost of a breach rose once again to $4.45 million, increasing 15% over the last three years. Costs associated with escalation and detection have rocketed up 42% during the same period. With that in mind, I was surprised to learn that only 51% of the breached entities surveyed by IBM decided to bolster their security investments, despite the rising financial consequences of dealing with a breach. Headline stats around breach costs are interesting – but can digging into these trends actually help you save money? Organizations want to know where to invest their security budget and which technologies offer the bes
When Time is of the Essence – Testing Controls Against the Latest Threats Faster

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

Jun 12, 2019
A new threat has hit head the headlines ( Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint security have all been updated with the latest threats' indicators of compromise (IoCs) usually published by AV companies who detect the malware binaries first. Option 2 – Create a 'carbon copy' of your network and run the threat's binary on that copy. While safe, IT and security teams may be unaware of certain variations from the real deal. So while the attack simulation is running against an 'ideal' copy, your real network may have undergone inadvertent changes, such as a firewall running in monitoring mode, a patch not being installed on time, and other unintent
Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

Apr 21, 2020
A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays ( FPGAs ) have been covered in a paper titled " The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs " by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy. "We exploit a design flaw which piecewise leaks the decrypted bitstream," the researchers said. "In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely." The findings wil
Cybercrime (and Security) Predictions for 2023

Cybercrime (and Security) Predictions for 2023

Dec 19, 2022 Password Policy / Data Security
Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.  Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.  Increase in digital supply chain attacks  With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that  by 2025, 45% of organizations worldwide will have experienced attacks  on their software supply chains—this is a three-fold increase from 2021. Previously, these types of attacks weren't even likely to happen because supply chains weren't connected to the internet. But now that they are, supply chains need to be secured properly.  The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, but are essenti
A virus specialized for AutoCAD, a perfect cyber espionage tool

A virus specialized for AutoCAD, a perfect cyber espionage tool

Jun 23, 2012
A virus specialized for AutoCAD , a perfect cyber espionage tool In recent years we are assisting to a profoundly change in the nature of malware, it is increased the development for spy purposes, for its spread in both private and government sectors. The recent case of Flame malware has demonstrated the efficiency of a malicious agent as a gathering tool in a typical context of state-sponsored attack for cyber espionage. Event like this represent the tip of the iceberg, every day millions of malware instances infect pc in every place in the world causing serious damages related to the leak of sensible information. Specific viruses are developed to address particular sectors and information, that is the case for example of "ACAD/Medre.A", a malware specialized in the theft of AutoCAD files. The virus has been developed to steal blueprints from private companies mostly based in Peru according the expert of the security firm ESET. The virus is able to locate AutoCAD file on infected ma
Cybersecurity Resources