20 March 2023
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
-
Emotet Rises Again: Evades Macro Security via OneNote Attachments
20 March 2023
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems.
Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down.
A
-
Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
18 March 2023
The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group.
Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim
-
Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
18 March 2023
U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin."
The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill."
"At one point, investigators were seen
-
THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
18 March 2023
Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph.
Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do
-
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions
18 March 2023
U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware.
"The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,"
Computer Security News, Advice and Research
-
Dangerous Android phone 0-day bugs revealed – patch or work around them now!
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
-
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
-
Microsoft fixes two 0-days on Patch Tuesday – update now!
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
-
Firefox 111 patches 11 holes, but not 1 zero-day among them…
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
-
Linux gets double-quick double-update to fix kernel Oops!
Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
-
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes
-
S3 Ep125: When security hardware has security holes [Audio + Text]
Lastest episode - listen now! (Full transcript inside.)
-
Serious Security: TPM 2.0 vulns – is your super-secure data at risk?
Security bugs in the very code you've been told you must have to improve the security of your computer...
-
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
-
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?