Feed aggregator

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

The Hacker News - 2 hours 8 min ago
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing
Categories: Cyber Security News

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

The Hacker News - 6 hours 54 min ago
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for
Categories: Cyber Security News

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

The Hacker News - 8 hours 23 min ago
A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service.
Categories: Cyber Security News

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

The Hacker News - 8 hours 41 min ago
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5
Categories: Cyber Security News

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

The Hacker News - 11 hours 5 min ago
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,
Categories: Cyber Security News

Podstawy Bezpieczeństwa: Bezpieczne zakupy online – jak rozpoznać fałszywą bramkę płatności

ZaufanaTrzeciaStrona.pl - 12 hours 6 min ago

Pandemia skłoniła wielu ludzi do przestawienia się na zakupy online, a galopująca inflacja ugruntowała ich decyzję. Według statystyk w 2022 r. z możliwości tej mogło korzystać nawet 81% Polaków, co zaostrzyło apetyt oszustów. Zobaczmy, jak się przed nimi uchronić.

W poradniku opracowanym niedawno przez CERT Polska można przeczytać, że w tym roku liczba incydentów związanych z oszustwami na portalach zakupowych takich, jak Allegro, OLX czy Vinted, w porównaniu z rokiem 2020 zwiększyła się niemal siedmiokrotnie.… Czytaj dalej

The post Podstawy Bezpieczeństwa: Bezpieczne zakupy online – jak rozpoznać fałszywą bramkę płatności first appeared on Zaufana Trzecia Strona.

3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies

The Hacker News - 13 hours 17 min ago
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an
Categories: Cyber Security News

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

The Hacker News - 14 hours 17 min ago
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September
Categories: Cyber Security News

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

The Hacker News - Tue, 11/29/2022 - 11:39
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as
Categories: Cyber Security News

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

The Hacker News - Tue, 11/29/2022 - 06:59
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter called Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a
Categories: Cyber Security News

7 Cyber Security Tips for SMBs

The Hacker News - Tue, 11/29/2022 - 06:30
When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort?  Unfortunately, when it comes to cyber security, size doesn’t matter.  Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple
Categories: Cyber Security News

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

The Hacker News - Tue, 11/29/2022 - 03:25
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated
Categories: Cyber Security News

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The Hacker News - Mon, 11/28/2022 - 23:20
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions,, and
Categories: Cyber Security News

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

The Hacker News - Mon, 11/28/2022 - 06:56
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported
Categories: Cyber Security News

The 5 Cornerstones for an Effective Cyber Security Awareness Training

The Hacker News - Mon, 11/28/2022 - 06:45
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.  The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including:
Categories: Cyber Security News

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

The Hacker News - Mon, 11/28/2022 - 05:07
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including
Categories: Cyber Security News

Lotto.pl informuje o masowych przejęciach kont użytkowników

Niebezpiecznik.pl - Mon, 11/28/2022 - 04:18
Totalizator Sportowy, który prowadzi serwis Lotto.pl rozesłał właśnie swoim użytkownikom “Informacje o bezpieczeństwie danych osobowych”. W związku z tym przesyłacie nam masę pytań. Wyjaśniamy więc kto powinien zacząć panikować a kto może spać spokojnie… Nikt nie może spać spokojnie ;) Zanim przejdziemy do tematu incydentu w Lotto.pl odpowiedzmy na pytanie z poprzedniego akapitu: nikt, kto umieszcza swoje […]

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

The Hacker News - Mon, 11/28/2022 - 00:25
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for
Categories: Cyber Security News

* BNP Paribas zachęca firmy do wspólnej walki z cyberprzestępcami

Niebezpiecznik.pl - Sun, 11/27/2022 - 15:09
W BNP Paribas ruszył Digital Fraud Innovation Lab, czyli program do którego bank zaprasza firmy zewnętrzne ale i sami pracownicy banku — każdy, kto ma pomysł na zwiększenie bezpieczeństwa klientów bankowości. BNP obiecuje wspólnie wdrożyć najlepsze pomysły. – W ramach prac w Digital Fraud Innovation Lab będziemy wyznaczać kierunki rozwoju w obszarze cyberbezpieczeństwa i pracować […]

* Zapraszamy na LIVE o Wojnie Hybrydowej i Zero Trust

Niebezpiecznik.pl - Sun, 11/27/2022 - 14:26
1 grudnia (w czwartek) o 20:00 robimy LIVE o tym, jak zmieniły się ataki na polskie firmy na przestrzeni ostatnich miesięcy. Na spotkaniu pokażemy przydatne dla bezpieczników narzędzia, które pomagają chronić swoje sieci przed aktualnymi zagrożeniami. Powiemy też czym jest model Zero Trust i jak najsprawniej go wdrożyć oraz jak chronić tożsamość, dane, aplikacje, sieć, urządzenia […]