The Hacker News

Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific.

China-linked BackdoorDiplomacy Hacker Group Targets Middle East Telecoms in Latest Cyberattacks

The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021, through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server.

Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics

At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the malicious activity to an adversarial collective tracked as APT42.

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository.

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Collectively called BMC&C, the newly identified issues can be exploited by attackers having access to remote management interfaces such as Redfish, potentially enabling adversaries to gain control of the systems and put cloud infrastructures at risk.

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 ($623,256) for violating the European Union General Data Protection Regulation (GDPR) requirements.

Chinese Cyberespionage Hackers Using USB Devices to Infiltrate Entities in the Philippines

Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021.

Three New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags