The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Governments in Turkey and Syria have been caught hijacking local internet users' connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users' web traffic in Egypt. Governments, or agencies linked to it, and ISPs in the three countries are using Deep Packet Inspection technology from Sandvine (which merged with Procera Networks last year), to intercept and alter Internet users' web traffic. Deep packet inspection technology allows ISPs to prioritize, degrade, block, inject, and log various types of Internet traffic, in other words, they can analyze each packet in order to see what you are doing online. According to a new report by Citizen Lab, Turkey's Telecom network was using Sandvine PacketLogic devices to redirect hundreds of targeted users (journalists, lawyers, and human rights defenders) to malicious versions of legitimate progra

Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed. Chinese Qihoo 360's Netlab, whose global DDoS monitoring service ' DDosMon ' initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some new statistics about the victims and sources of these attacks. The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub ( 1.35 Tbps attack ), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, and Pinterest. Overall, the victims are mainly based in the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, and the Netherlands.

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Microsoft has confirmed that the company is planning to convert Windows 10 S from a dedicated operating system to a special " S Mode " that will be available in all versions of Windows. Windows 10 S, a new operating system designed for simplicity, security, and speed, was released by Microsoft last year. It locks a computer down to run applications only downloaded from official Windows Store, but the slimmed-down and restricted flavor of Windows did not exactly turn out to be a success. Therefore, the company has now decided Windows 10 S be offered as an optional mode rather than a dedicated operating system. Windows 10 S was developed to simplify administration for school or business sysadmins that want the 'low-hassle' guaranteed performance version. It has been designed to deliver predictable performance and quality through Microsoft-verified apps via the Microsoft Store. However, in a blog post published Wednesday, the corporate VP of Microsoft's

Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil , aka Smoke Loader , the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs. On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded. The research team found that all these instances, rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload, which masqueraded as a legitimate Windows binary to evade detection. However, Microsoft has not mentioned how these instances were delivered to such a massive audienc

A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning (PCP) application allows administrators to remotely control the installation and management of Cisco communication devices (integrated IP telephony, video, voicemail) deployed in the company and services for its subscribers. The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH), which could be exploited by a local attacker to connect to the PCP's Linux operating system and gain low-level privileges. Cisco PCP Hard-Coded Password Flaw According to an advisory released by Cisco, with low-level privileges, an attacker could then elevate its privileges to root and take full control of the affected devices. Although this vulnerability has been given a Common Vulnerability Scoring System (CVSS) bas