The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex banking trojan , Trickbot banking trojan , Locky ransomwar e, and Jaff ransomware , has now started spreading a new version of Scarab ransomware. According to F-Secure , Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns. Scarab ransomware is a relatively new ransomware family that was initially spotted by ID Ransomware creator Michael Gillespie in June this year. Massive Email Campaign Spreads Scarab Ransomware According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at

A security researcher has discovered and publicly disclosed two critical vulnerabilities in the popular Internet mail message transfer agent Exim , one of which could allow a remote attacker to execute malicious code on the targeted server. Exim is an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is responsible for routing, delivering and receiving email messages. The first vulnerability, identified as CVE-2017-16943 , is a use-after-free bug which could be exploited to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands. "To trigger this bug, BDAT command is necessary to perform an allocation by raising an error," the researcher said. "Through our research, we confirm that this vulnerability can be exploited to remote code execution if the binary is not compiled with PIE." The researcher ( mehqq_ ) has also published a Proof-of-Concept (PoC)

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Only after a few days of Uber admitting last year's data breach of 57 million customers , the popular image sharing site disclosed that it had suffered a major data breach in 2014 that compromised email addresses and passwords of 1.7 million user accounts. In a blog post published on Friday, Imgur claimed that the company had been notified of a three-year-old data breach on November 23 when a security researcher emailed the company after being sent the stolen data. Imgur Chief Operating Officer (COO) then alerted the company's founder and the Vice President of Engineering to the issue before began working to validate that the data belonged to Imgur users. After completing the data validation, the company confirmed Friday morning that the 2014 data breach impacted approximately 1.7 million Imgur user accounts (a small fraction of its 150 million user base) and that the compromised information included only email addresses and passwords. Since Imgur has never asked fo

Earlier this month a cybersecurity researcher shared details of a security loophole with The Hacker News that affects all versions of Microsoft Office, allowing malicious actors to create and spread macro-based self-replicating malware. Macro-based self-replicating malware, which basically allows a macro to write more macros, is not new among hackers, but to prevent such threats, Microsoft has already introduced a security mechanism in MS Office that by default limits this functionality. Lino Antonio Buono, an Italian security researcher who works at InTheCyber , reported a simple technique (detailed below) that could allow anyone to bypass the security control put in place by Microsoft and create self-replicating malware hidden behind innocent-looking MS Word documents. What's Worse? Microsoft refused to consider this issue a security loophole when contacted by the researcher in October this year, saying it's a feature intended to work this way only—just like MS Offic

Security researchers have discovered a potentially dangerous vulnerability in the firmware of various Hewlett Packard (HP) enterprise printer models that could be abused by attackers to run arbitrary code on affected printer models remotely. The vulnerability (CVE-2017-2750), rated as high in severity with 8.1 CVSS scale, is due to insufficiently validating parts of Dynamic Link Libraries (DLL) that allows for the potential execution of arbitrary code remotely on affected 54 printer models. The security flaw affects 54 printer models ranging from HP LaserJet Enterprise, LaserJet Managed, PageWide Enterprise and OfficeJet Enterprise printers. This remote code execution (RCE) vulnerability was discovered by researchers at FoxGlove Security when they were analyzing the security of HP's MFP-586 printer (currently sold for $2,000) and HP LaserJet Enterprise M553 printers (sold for $500). According to a technical write-up posted by FoxGlove on Monday, researchers were able to