#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hackers Target Indian Nuclear Power Plant – Everything We Know So Far

Hackers Target Indian Nuclear Power Plant – Everything We Know So Far

Oct 30, 2019
A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant. Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam Nuclear Power Plant . Relax! That's not what happened. The attack merely infected a system that was not connected to any critical controls in the nuclear facility. Here we have shared a timeline of the events with brief information on everything we know so far about the cyberattack at Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. From where this news came? The story started when Indian security researcher Pukhraj Singh tweeted that he informed Indian authorities a few months ago about an information-stealing malware, dubbed Dtrack, which successfully hit "extre
Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Oct 29, 2019
Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service. Earlier this year, it was discovered that WhatsApp had a critical vulnerability that attackers were found exploiting in the wild to remotely install Pegasus spyware on targeted Android and iOS devices. The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered. Developed by NSO Group, Pegasus allows access to an incredible amount of data from victims' smartphones remotely, including their text messages, emails, WhatsApp chats,
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Mysterious malware that re-installs itself infected over 45,000 Android Phones

Mysterious malware that re-installs itself infected over 45,000 Android Phones

Oct 29, 2019
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices. Dubbed Xhelper , the malware has already infected more than 45,000 Android devices in just the last six months and is continuing to spread by infecting at least 2,400 devices on an average each month, according to the latest report published today by Symantec. Here below, I have collected excerpts from some comments that affected users shared on the online forums while asking for how to remove the Xhelper Android malware: "xhelper regularly reinstalls itself, almost every day!" "the 'install apps from unknown sources' setting turns itself on." "I rebooted my phone and also wiped my phone yet the app xhelper came back." "Xhelper came pre-installed on the phone from China."
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
The Pirate Bay was recently down for over a week due to a DDoS attack

The Pirate Bay was recently down for over a week due to a DDoS attack

Oct 29, 2019
It seems like the prolonged downtime and technical difficulties faced by The Pirate Bay over the past several weeks were due to a series of distributed denial of service (DDoS) attacks against the widely-popular torrent website by malicious actors. For those unaware, The Pirate Bay was down for more than a week with most visitors displayed a Cloudflare error mentioning that a "bad gateway" is causing problems, while others served with a "database maintenance" message prompting users to check back in 10 minutes. Though the site's moderators did not reveal any details regarding the Pirate Bay downtime, a reputable source with a direct link with the operators told Torrent Freak that the recent Pirate Bay downtime issues "were likely caused by malicious actors who DDoSed the site's search engine with specially crafted search queries." The attacker(s) flooded The Pirate Bay with "searches that break the Sphinx search daemon," effecti
How MSPs can become Managed Detection and Response (MDR) Providers

How MSPs can become Managed Detection and Response (MDR) Providers

Oct 29, 2019
Managed detection and response (MDR) is one of the fastest-growing segments in the cybersecurity market. ESG research from April 2019 reveals that 27% of organizations are actively pursuing an MDR project, while another 11% plan to pursue an MDR project in the future. Cynet now enables service providers to add MDR to their portfolio and gain an important competitive advantage over competitors with Cynet 360 integrated offering of breach protection platform and CyOps 24\7 SOC team ( Learn more here ). MDR is a relatively new security service offering that emerged in recent years to assist the standard organization with a team of experts that provide 24\7 alert prioritization, investigation, and proactive threat hunting — tasks that are typically beyond its in-house capabilities. Cynet 360's complete coverage across endpoints, network, and user accounts makes it a tool of choice that provides MDR providers with real-time threat coverage across the entire environment with a
Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

Oct 29, 2019
As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and sporting organizations around the world. The attacks are originating from the 'Strontium' Russian hacking group, widely known as Fancy Bear or APT28, and are believed to be linked to the upcoming 2020 Summer Olympics in Tokyo. The Fancy Bear hacking group, also known as APT28, Sofacy, X-agent , Sednit , Sandworm , and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since at least 2007. Over these past three decades, the group has been credited to many high profile hacking incidents, like hacking the US presidential elections
UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

Oct 28, 2019
UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers. Officially founded in 1870, UniCredit is Italy's biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 countries. What happened? — Though UniCredit did not disclose any details on how the data incident happened, the bank did confirm that an unknown attacker has compromised a file created in 2015 containing three million records relating only to its Italian customers. What type of information was compromised? — The leaked data contains personal information of 3 million customers, including their: Names Cities Telephone numbers Email addresses What type of information was not compromised? — Unicredit confirmed that the compromised user records did not include any other perso
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

Oct 26, 2019
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043 , affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly. PHP-FPM is an alternative PHP FastCGI implementation that offers advanced and highly-efficient processing for scripts written in PHP programming language. The main vulnerability is an "env_path_info" underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers. The vulnerability was spotted by Andrew Danau, a security researcher at Wallarm while hun
Cybersecurity Resources