#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

Sep 22, 2021
The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department  said  in a press release. "Analysis of known SUEX transactions shows that over 40% of SUEX's known transaction history is associated with illicit actors. SUEX is being designated pursuant to  Executive Order 13694 , as amended, for providing material support to the threat posed by criminal ransomware actors." According to blockchain analytics firm  Chainalysis , SUEX is legally registered in the Czech Republic and operates out of office
The Gap in Your Zero Trust Implementation

The Gap in Your Zero Trust Implementation

Sep 22, 2021
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device. In a zero trust model, a user is no longer considered to be trustworthy just because they entered a password at the beginning of their session. Instead, the user's identity is verified through multi-factor authentication, and the user may be prompted to re-authenticate if they attempt to access resources that are particularly sensitive or if the user attempts to do something out of the ordinary. How Complic
Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Apr 22, 2024Red Team / Pentesting
Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac
High-Severity RCE Flaw Disclosed in Several Netgear Router Models

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

Sep 22, 2021
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as  CVE-2021-40847  (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700 (fixed in firmware version 1.0.2.26) R6700v3 (fixed in firmware version 1.0.4.120) R6900 (fixed in firmware version 1.0.2.26) R6900P (fixed in firmware version 3.3.142_HOTFIX) R7000 (fixed in firmware version 1.0.11.128) R7000P (fixed in firmware version 1.3.3.142_HOTFIX) R7850 (fixed in firmware version 1.0.5.76) R7900 (fixed in firmware version 1.0.4.46) R8000 (fixed in firmware version 1.0.4.76) RS400 (fixed in firmware version 1.5.1.80) According to GRIMM security researcher Adam Nichols, the vulnerability resides within Circle , a third-party component included in the firmware that offer
cyber security

SaaS Security Buyers Guide

websiteAppOmniSaaS Security / Threat Detection
This guide captures the definitive criteria for choosing the right SaaS Security Posture Management (SSPM) vendor.
VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

Sep 22, 2021
VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company  noted ,  adding  "this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server." Although VMware has published  workarounds  for the flaw, the company cautioned that they are "meant to be a temporary solution until updates […] can be deployed." The complete list of flaws patched by the virtualization services
Unpatched High-Severity Vulnerability Affects Apple macOS Computers

Unpatched High-Severity Vulnerability Affects Apple macOS Computers

Sep 21, 2021
Cybersecurity researchers on Tuesday disclosed details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user," SSD Secure Disclosure  said  in a write-up published today. Park Minchan, an independent security researcher, has been credited with reporting the vulnerability which affects macOS versions of Big Sur and prior. The weakness arises due to the manner macOS processes INETLOC files — shortcuts to open internet locations such as RSS feeds, Telnet connections, or other online resources and local files — resulting in a scenario that allows commands embedded in those files to be executed wit
Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Sep 21, 2021
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. "Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target," Sophos principal researcher Andrew Brandt  said . "The surprising thing is that this server was in active daily use. Often the most vulnerable devices are inactive or ghost machines, either forgotten about or overlooked when it comes to patching and upgra
New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

Sep 21, 2021
A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, these systems are then used to mine cryptocurrency," Akamai security researcher Larry Cashdollar  said  in a write-up published last week. The PHP malware — codenamed "Capoae" (short for "Сканирование," the Russian word for "Scanning") — is said to be delivered to the hosts via a backdoored addition to a WordPress plugin called "download-monitor," which gets installed after successfully brute-forcing WordPress admin credentials. The attacks also involve the deployment of a  Golang binary  with decryption functionality, with the obfusc
Cybersecurity Resources