#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Chinese Man Gets 5-Year Prison for Running 'Unauthorized' VPN Service

Chinese Man Gets 5-Year Prison for Running 'Unauthorized' VPN Service

Dec 22, 2017
While continuing its crackdown on services that help Chinese citizens to bypass Great Firewall, Chinese authorities have sentenced a man to five-and-a-half years in prison for selling a VPN service without obtaining a proper license from the government. Earlier this year, the Chinese government announced a ban on "unauthorized" VPN services , making it mandatory for companies to obtain an appropriate license from the government in order to operate in the country. Citizens in China usually make use of VPN and Proxy services to bypass the country's Great Firewall, also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country. The Great Firewall project already blocked access to more than 150 out of the world's 1,000 top websites, which includes Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate Bay in the country. VPN helps Chinese citizens encrypt their Internet traffic and route it through a distant c
Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Dec 22, 2017
If you receive a video file ( packed in zip archive ) sent by someone ( or your friends ) on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices. Dubbed Digmine , the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name "video_xxxx.zip" (as shown in the screenshot), but is actually contains an AutoIt executable script. Once clicked, the malware infects victim's computer and downloads its components and related configuration files from a remote command-and-control (C&C) server. Digimine primarily installs a cryptocurrency miner, i.e.  miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for h
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

Apr 29, 2024Exposure Management / Attack Surface
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,
Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

Dec 22, 2017
It's the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not know precisely how many customers were affected by the data breach, Nissan is contacting all of its roughly 1.13 million current and previous customers. In a statement released Thursday, Nissan Canada said the company became aware of an " unauthorized access to personal information " of some customers on December 11. " Nissan Canada Finance recently became aware it was the victim of a data breach that may have involved an unauthorized person(s) gaining access to the personal information of some customers that have financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada, " the company said . It's believed that the unkno
cyber security

Want to Bolster Your CI/CD Pipeline?

websiteWizSecurity Auditing / Container Security
This cheat sheet covers best practices with actionable items in Infrastructure security, code security, secrets management, access and authentication, and monitoring and response.
Apple Admits Deliberately Slowing Older iPhones — Here’s Why

Apple Admits Deliberately Slowing Older iPhones — Here's Why

Dec 21, 2017
Why is my iPhone slow? Do you also ask this question again and again? Well, the biggest conspiracy theory floating around from years that Apple deliberately slows down performance on your older iPhones whenever the company is about to launch the next version of its flagship to push its sale is TRUE ( at least partially ). Apple has finally admitted that it does indeed intentionally slow down older iPhone models, without notifying its customers, though the company claims the move is not intended to encourage customers to upgrade to newer iPhone models. Instead, Apple says it is a feature—implemented on the iPhone 6, 6S and SE last year during a software update, and on the iPhone 7 in December with the release of iOS 11.2—to protect against unexpectedly shutting down of older iPhones due to aging batteries and prolong their lifespan. " Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent
Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Dec 21, 2017
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore Labs have analyzed thousands of attacks launched in recent months and identified at least three attack variants— Hex, Hanako, and Taylor —targeting different MS SQL and MySQL servers for both Windows and Linux. The goals of all the three variants are different—Hex installs cryptocurrency miners and remote access trojans (RATs) on infected machines, Taylor installs a keylogger and a backdoor, and Hanako uses infected devices to build a DDoS botnet. So far, researchers have recorded hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month and found that most compromised machines are based in China, and some in Thailand, the United States, Japan and others.
Cybersecurity
Expert Insights
Cybersecurity Resources