The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional ( CISSP ) is a globally recognised certification in the field of information security, which has become a gold standard of achievement that is acknowledged worldwide. CISSP certification deals with a range of information security topics including security engineering and software development security and helps you understand the various areas of security you should be aware of. The CISSP exam is highly challenging and requires a broad level of knowledge. However, achieving the CISSP certification requires help, irrespective of your experience level. Choose the right CISSP Training Course There are a wide number of courses and training programs in the market, but make sure you sign up for one that equips you with the best practices in the industry and helps you to ace the exam in your first attempt. To help you

British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged guilty to three counts of making bomb threats to schools and airlines in Luton Magistrates' Court on Monday. Duke-Cohan spammed out more than 24,000 emails to schools across the UK and in the US as well, claiming that pipe bombs had been planted on the premises, which would blow up the building if $5,000 extortion money was not made within 3 hours. He Got Arrested Third-Time For Making Hoax Bomb Threats This is not the first time Duke-Cohan has been arrested for spreading fake bomb threats. He first created panic in March this year when he emailed thousands of schools in the UK warnin

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild. Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco Routers, Cisco Webex, Cisco Umbrella, Cisco SD-WAN Solution, Cisco Cloud Services Platform, Cisco Data Center Network, and more products. The three critical security vulnerabilities patched by Cisco address issues in Apache Struts, Cisco Umbrella API, and Cisco RV110W, RV130W and RV215W router's management interface. Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776) The vulnerability, reported late last month by Semmle security researcher Man Yue Mo, resides in the core of Apache Struts and originates due to insufficient validation of user-provided untrusted inputs in

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Malicious MEGA Chrome Extension Steals Passwords Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks . Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red , along with another MikroTik's Webfig remote code execution vulnerability. Both Winbox and Webfig are RouterOS management components with their corresponding communication ports as TCP/8291, TCP/80, and TCP/8080. Winbox is designed for Windows users to easily configure the routers that download some DLL files

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in exchange to access this information. Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg. According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google. Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertise