#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for cyber security | Breaking Cybersecurity News | The Hacker News

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

Jun 02, 2022
Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India," the company  said . "These 'virtual' India servers will instead be physically located in Singapore and the U.K." The development comes as the CERT-In has enforced new  controversial   data retention requirements  that are set to come into effect on June 27, 2022, and mandate VPN service providers to store subscribers' real names, contact details, and IP addresses assigned to them for at least five years. The logged user data, CERT-In emphasized, will only be requested for the purposes of "cyber incident response, protective and preventive
U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

Feb 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  published  a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The " Free Cybersecurity Services and Tools " resource hub comprises a mix of 101 services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. "Many organizations, both public and private, are target rich and resource poor," CISA Director, Jen Easterly, said in a statement. "The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment." The tools catalog is the latest in a string of initiatives launched by CISA to combat cyber threats and help organizations adopt foundational measures to maximize re
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware

Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware

Feb 07, 2018
Security researchers have discovered a custom-built piece of malware that's wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao , the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, technology, education, and telecommunications sectors in Asia and the United States. Researchers believe nature, infrastructure, and payloads, including variants of the Gh0stRAT trojan, used in the PZChao attacks are reminiscent of the notorious Chinese hacker group— Iron Tiger . However, this campaign has evolved its payloads to drop trojan, conduct cyber espionage and mine Bitcoin cryptocurrency. The PZChao campaign is attacking targets across Asia and the U.S. by using similar attack tactics as of Iron Tiger, which, according to the researchers, si
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Korean Cyber espionage attack Targets Russia

Korean Cyber espionage attack Targets Russia

Dec 17, 2012
Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the
Former military adviser urged Obama to pardon Gary McKinnon

Former military adviser urged Obama to pardon Gary McKinnon

Feb 06, 2013
John Arquilla, a professor at the U.S. Naval Academy and former military adviser has urged President Barack Obama to pardon the British computer hacker Gary McKinnon and to recruit master hackers to US Cyber Command. Gary McKinnon faced extradition for hacking into Pentagon and Nasa systems, and but they believe that he could encourage other hackers to become government cyber warriors. ' If the notion of trying to attract master hackers to our cause is ever to take hold, this might be just the right case in which President Obama should consider using his power to pardon, ' says Arquilla. China is widely thought to employ hackers, so the Pentagon aims to expand its cyber security personnel from 900 to 4,900 in the next few years and Hackers are frequently employed by security firms after serving sentences and Arquilla suggest Obama to do so. ' Today's masters of cyberspace are not unlike the German rocket scientists who, after World War II, were so ea
Microsoft Critical Vulnerabilities that You Must Patch Coming Tuesday

Microsoft Critical Vulnerabilities that You Must Patch Coming Tuesday

Apr 05, 2014
On passed Thursday, Microsoft has released an advance advisory alert for upcoming Patch Tuesday which will address Remote Code Execution vulnerabilities in several Microsoft's products. Microsoft came across a limited targeted attacks directed at their Microsoft Word 2010 because of the vulnerability in the older versions of Microsoft Word. This Tuesday Microsoft will release Security Updates to address four major vulnerabilities, out of which two are labeled as critical and remaining two are Important to patch as the flaws are affecting various Microsoft software such as, Microsoft Office suite, Microsoft web apps, Microsoft Windows, Internet Explorer etc. VULNERABILITY THAT YOU  MUST PATCH Google Security Team has reported a critical Remote code execution vulnerability in Microsoft Word 2010 ( CVE-2014-1761 ) which could be exploited by an attacker to execute the malicious code remotely via a specially crafted RTF file , if opened by a user with an affected vers
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

Sep 10, 2022
The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors," the Treasury  said . The agency also accused Iranian state-sponsored actors of  staging disruptive attacks  aimed at Albanian government computer systems in mid-July 2022, an incident that forced the latter to temporarily suspend its online services. The development comes months nearly nine months after the U.S. Cyber Command characterized the advanced persistent threat (APT) known as MuddyWater as a  subordinate element  within MOIS. It also comes almost two years following the Treasury's sa
India's leading telecom Company BSNL hacked by Pakistani Hacker

India's leading telecom Company BSNL hacked by Pakistani Hacker

Oct 26, 2011
India's leading telecom Company  BSNL hacked by Pakistani Hacker A Pakistani hacker "KhantastiC haX0r" today hack into the official website of India's leading telecom Company Bharat Sanchar Nigam Limited (BSNL) . This is not 1st time when BSNL become victim of any cyber attack. Pakistani Hackers hit Indian Corporate and National Government Websites, Servers time by time Just for FUN or so called Cyber War b/w these two countries. This year 2011, Attack/ defacement are less than the records of previous years. Most of the hacking groups from India now become White hat hackers and working for Cyber Security Awareness and Development. We wish same for all Pakistani hackers to start working for Security and Development. Anyway, The Hacker domain is  https://bsnl.co.in/tender1/  .
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities

Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities

Mar 01, 2024 Rootkit / Threat Intelligence
The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security. "Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets," the agencies  said . To date, Ivanti has disclosed five security vulnerabilities impacting its products since January 10, 2024, out of which four have come under active exploitation by multiple threat actors to deploy malware - CVE-2023-46805  (CVSS score: 8.2) - Authentication bypass vulnerability in web component CVE-2024-21887  (CVSS score: 9.1) - Command injection vulnerability in web component CVE-2024-21888  (CVSS score: 8.8) - Privilege escalation vulnerability in web component CVE-2024-21893  (CVSS score: 8
Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

Feb 25, 2022
The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center  said  that the "attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes." "Any failure in the operation of [critical information infrastructure] objects due to a reason that is not reliably established, first of all, should be considered as the result of a computer attack," the agency added. Furthermore, it notified of possible influence operations undertaken to "form a negative image of the Russian Federation in the eyes of the world community," echoing a  similar alert  released by the U
FBI’s Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

FBI's Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

Sep 02, 2015
In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM) . These attacks resulted in 21 million current and former Federal government employees' information being stolen. After months of investigation, the FBI's Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the attack. One of the more effective tools discovered is named ' FF-RAT '. FF-RAT evades endpoint detection through stealth tactics, including the ability to download DLLs remotely and execute them in memory only. Hackers use RATs to gain unlimited access to infected endpoints. Once the victim's access privilege is acquired, it is then used for malware deployment, command and control (C&C) server communication, and data exfiltration. Most Advanced Persistent Threat (APT) attacks also take advantage of RAT functionality for bypassing strong authentication, reconnaissance, spreading
NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

Feb 17, 2015
The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets' computers, according to an analysis by Kaspersky labs and subsequent reports. 'EQUATION GROUP' BEHIND THE MALWARE The team of malicious actors is dubbed the the " Equation Group " by researchers from Moscow-based Kaspersky Lab, and describes them as " probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen. " The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware. TOP MANUFACTURERS' HARD DRIVES ARE INFECTED Russian security experts reportedly uncovered sta
How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

Dec 07, 2020
21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that  65% of US-based companies were vulnerable to email phishing and impersonation attacks . This calls for upgrading your organization's security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable employees via spoofed emails while impersonating senior executives in your company Send fake invoices to your employees and partners Deal in illegal goods via your domain  Spread Ransomware Impersonate customer support to steal confidential customer or partner information Such situations can have long-lasting consequences on your business. From inflicting a blow on thebrand's reputation and credibility among its partners and customer base to loss of valuable company information and millions of dollars, the risks are countless. What is Domain Spoofing? Domain
How Cyberattacks Are Transforming Warfare

How Cyberattacks Are Transforming Warfare

Sep 13, 2023 Cyberwarfare / Threat Assessment
There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.  From the 2009 South Korea DDoS attacks to the 2010 attacks on Burma and the 2016 US election interference attacks on the Democratic National Committee, the list of historical cyberwarfare incidents continues to expand. The main players? Nation-state-supported cybercriminal groups and organizations linked to Russia, North Korea, China, and several countries in the Middle East. This report dives into three top cyberwarfare trends in an effort to understand their impact. Russia: The Cyber Invasion of Ukraine  On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencie
NSA Stole Millions Of SIM Card Encryption Keys To Gather Private Data

NSA Stole Millions Of SIM Card Encryption Keys To Gather Private Data

Feb 20, 2015
Edward Snowden is back with one of the biggest revelations about the government's widespread surveillance program. The US National Security Agency ( NSA ) and British counterpart Government Communications Headquarters ( GCHQ ) hacked into the networks of the world's biggest SIM card manufacturer, according to top-secret documents given to The Intercept by former NSA-contractor-turned-whistle blower, Edward Snowden . OPERATION DAPINO GAMMA The leaked documents suggests that in a joint operation, the NSA and the GCHQ formed the Mobile Handset Exploitation Team (MHET) in April 2010, and as the name suggests, the unit was built to target vulnerabilities in cellphone. Under an operation dubbed DAPINO GAMMA, the unit hacked into a Digital security company Gemalto , the largest SIM card manufacturer in the world, and stole SIM Card Encryption Keys that are used to protect the privacy of cellphone communications. Gemalto, a huge company that operates in 85 countr
Cybersecurity Resources