01 February 2023
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
-
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
01 February 2023
Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure.
The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022.
A
-
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
01 February 2023
A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that's scheduled next week.
Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript
-
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
01 February 2023
A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control.
Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.
"Each enrolled device complies with the policies you set until you wipe or deprovision it," Google
-
Auditing Kubernetes with Open Source SIEM and XDR
01 February 2023
Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in
-
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
01 February 2023
The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions.
Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its
Computer Security News, Advice and Research
-
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
-
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isn't great, but the good news isn't too bad...
-
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
-
Hive ransomware servers shut down at last, says FBI
Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...
-
Dutch suspect locked up for alleged personal data megathefts
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
-
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode - listen now! (Or read the transcript.)
-
GoTo admits: Customer cloud backups stolen together with decryption key
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.
-
Apple patches are out – old iPhones get an old zero-day fix at last!
Don't delay, especially if you're still running an iOS 12 device... please do it today!
-
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
It's a really cool and super-simple trick. The question is, "Will it help?"
-
T-Mobile admits to 37,000,000 customer records stolen by “bad actor”
Once more, it's time for Shakespeare's words: Once more unto the breach...