Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account
Mar 25, 2024The Hacker NewsData Breach / Password Security In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers…
Category: TheHackerNews
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Mar 25, 2024NewsroomSupply Chain Attack / Cryptocurrency Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub…
New “GoFetch” Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates…
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
Mar 25, 2024NewsroomCyber Espionage / Email Security The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new…
N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
Mar 24, 2024NewsroomArtificial Intelligence / Cyber Espionage The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed…
German Police Seize ‘Nemesis Market’ in Major International Darknet Raid
Mar 24, 2024NewsroomRansomware / Threat Intelligence German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data,…
Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed…
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects
Mar 22, 2024NewsroomWeb Security / Vulnerability A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious…
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws
Mar 22, 2024NewsroomCyber Defense / Vulnerability A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable…
New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.
Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact…
AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking
Mar 22, 2024NewsroomAmazon Web Services / Vulnerability Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for…
Implementing Zero Trust Controls for Compliance
The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their…