The Hacker News

25 декабря 2024 14:33

⚠️ Apache Traffic Control users—an SQL injection flaw (CVE-2024-45387) has been found, enabling attackers to execute commands directly in your database.

This flaw is easily exploitable by sending a specially crafted PUT request.

🔧 How to act now:
» Update to version 8.0.2 ASAP.
» Audit access permissions for high-risk roles.
» Double-check database configurations for security loopholes.

Read: https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html

The Hacker News

24 декабря 2024 10:50

🔒 $308M stolen in a daring crypto heist targeting DMM Bitcoin. North Korean hackers used social engineering and malware to exploit insider access.

👉 Learn More: https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html

The Hacker News

24 декабря 2024 07:08

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

The Hacker News

23 декабря 2024 14:46

🚨 Top 10 Cybersecurity Trends for 2025: From AI-powered attacks to zero-day threats & supply chain risks, the future of cyber defense is evolving fast. Are you ready?

🔗 Read: https://thehackernews.com/2024/12/top-10-cybersecurity-trends-to-expect.html

The Hacker News

23 декабря 2024 10:27

🔒 A U.S. judge held NSO Group liable for breaching WhatsApp’s terms of service and misusing its servers to silently deploy Pegasus spyware, targeting 1,400 users within a single month.

Learn more: https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html

The Hacker News

21 декабря 2024 10:25

🔥 A dual Russian-Israeli national charged as the mastermind behind LockBit ransomware—a cyber weapon that caused chaos across 120+ countries and left $500M in illicit profits.

» Targeted hospitals, schools, and critical infrastructure.
» Gained access to systems using custom malware to disable antivirus.
» LockBit is now planning a comeback with version 4.0!

Explore the full story of LockBit’s rise and fall: https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html

The Hacker News

20 декабря 2024 09:18

🔔 Alert: Two critical vulnerabilities in Sophos Firewalls could grant attackers remote code execution and privileged access.

🔧 Action Plan:
✔️ Update to v21 MR1 or newer.
✔️ Restrict SSH access immediately.
✔️ Ensure user portals are not WAN-exposed.

🔗 Full advisory here: https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html

The Hacker News

20 декабря 2024 05:32

🚨 CISA warns of an actively exploited critical flaw (CVE-2024-12356, CVSS: 9.8) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products.

Attackers can exploit this flaw to run arbitrary commands—no authentication required.

Read: https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html

The Hacker News

19 декабря 2024 14:40

🚨 What if your device unknowingly became a tool for cybercrime? It’s happening now.

Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.

🔑 Don’t leave the door open. Secure your systems today.

Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html

The Hacker News

19 декабря 2024 11:02

🔥 Critical Alert: CISA’s new directive, BOD 25-01, sets a new benchmark in cloud security for federal agencies.

Why? Misconfigurations and weak controls are opening doors to attackers.

Key Deadlines:
» By Feb 2025: Identify all cloud tenants
» By Apr 2025: Deploy SCuBA assessment tools
» By Jun 2025: Implement mandatory policies

🔗 Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html

🛡️ Regularly update security configurations to reduce your attack surface.

The Hacker News

19 декабря 2024 09:53

⚠️ Ukraine’s CERT-UA uncovers a malware attack targeting military personnel.

Disguised as the Army+ app, this sophisticated attack:

» Exploits Cloudflare Workers and Pages to host fake login pages.
» Tricks users into giving up credentials.
» Installs OpenSSH and steals cryptographic keys via the TOR network.

💡 Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.

🔗 Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html

The Hacker News

18 декабря 2024 14:50

Are tech debt challenges holding you back?

📉 Dive into ActiveState's latest whitepaper, featuring best practices to turn tech debt into a strategic advantage.

🔍 Learn how effective open source management can reduce opportunity costs and security risks. Empower your team with actionable insights.

Download now: https://thn.news/tech-debt-best-practices

The Hacker News

18 декабря 2024 12:24

🔒 2024’s Cybersecurity Benchmark is Here! Cynet just achieved 100% Detection Visibility and 100% Protection in the 2024 MITRE ATT&CK Evaluation.

Here’s why this matters:

🛡️ 100% Detection across every test.
🚫 No false positives, no delays.
🔒 Protection on every attack step executed.

Evaluate how your current vendor compares. Read more about Cynet’s performance: https://thehackernews.com/2024/12/only-cynet-delivers-100-protection-and.html

The Hacker News

18 декабря 2024 10:12

🔒 “Words matter,” says INTERPOL.

Shifting from "pig butchering" to "romance baiting" shifts the narrative to support victims, not shame them.

Victims are not just losing money—they're trapped in emotional manipulation by transnational organized crime groups.

Read to know how these scams operate and how to defend against them 👉 https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html

The Hacker News

18 декабря 2024 06:05

🔥 A critical Apache Struts vulnerability (CVE-2024-53677) with a 9.5/10 CVSS score is actively being exploited, putting corporate IT stacks at risk.

» Hackers are uploading malicious files, enabling remote code execution.
» Systems running Struts versions 2.0.0 to 6.3.0.2 are vulnerable.

👉 Don’t be tomorrow’s headline. Upgrade to Struts 6.4.0+ and adopt the Action File Upload mechanism NOW to stay secure.

Find details here: https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html

The Hacker News

25 декабря 2024 11:24

🚨 Charming Kitten strikes again! Iranian hackers deploy a new C++ variant of the infamous BellaCiao malware, targeting machines across Asia.

Learn how BellaCPP operates and prepare your team for emerging threats: https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html

The Hacker News

24 декабря 2024 10:26

🚨 CISA has added a high-severity vulnerability in USAHERDS (CVE-2021-44207) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw has an 8.1 CVSS score and allows attackers to execute arbitrary code on affected servers.

Learn more: https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html

The Hacker News

23 декабря 2024 14:52

👨‍💻 Is AI rewriting cybersecurity rules? Criminals are using LLMs to create natural-looking malware that evades detection.

🛡️ What’s happening:
» 10,000+ malware variants generated at scale.
» 88% trick tools like VirusTotal.
» Detection systems risk degradation over time.

🔗 Learn more: https://thehackernews.com/2024/12/ai-could-generate-10000-malware.html

The Hacker News

23 декабря 2024 12:27

🚨 Rockstar2FA, a notorious phishing-as-a-service (PhaaS) toolkit, suffered a major collapse on November 11. In its place, FlowerStorm has emerged as the new threat. These tools exploit legitimate services like Cloudflare Turnstile to bypass detection effortlessly.

📍 Key Targets:
» Sectors: Engineering, real estate, consulting
» Countries: U.S., Canada, UK, Germany, India

If you operate in these industries, you’re already in the crosshairs of attackers. Basic MFA protections are no longer sufficient.

🔗 Full story here: https://thehackernews.com/2024/12/rockstar2fa-collapse-fuels-expansion-of.html

The Hacker News

23 декабря 2024 07:45

🔒 Italy has fined OpenAI €15 Million for violating GDPR.

Key issues:
» Processing user data without legal basis
» Failing to notify users about a 2023 security breach
» No age verification, exposing kids under 13 to risky content

🔗 Full story here: https://thehackernews.com/2024/12/italy-fines-openai-15-million-for.html

The Hacker News

20 декабря 2024 11:46

The notorious Lazarus Group is targeting nuclear engineers using trojanized VNC tools disguised as job assessments for aerospace roles.

They’ve introduced a new modular malware—CookiePlus—capable of evading top-tier detection systems.

🔗 Explore the full story here: https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html

The Hacker News

20 декабря 2024 07:28

🛑 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect.

They’ve already targeted companies across 12 countries, leveraging:

» SQL injection for unauthorized access
» Password recovery tools like Mimikatz
» PowerShell scripts for persistence

Don’t just patch vulnerabilities—assume attackers are already inside.

Find details here: https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html

The Hacker News

19 декабря 2024 14:57

Threat actors are tricking developers with fake npm packages like typescript-eslint lookalikes, amassing thousands of downloads.

Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.

🔒 Your move:
✅ Review your dependencies.
✅ Learn how these attacks work.
✅ Build a resilient security strategy.

👉 Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html

The Hacker News

19 декабря 2024 11:36

🛑 Fortinet's Wireless LAN Manager (FortiWLM) is vulnerable to a path traversal flaw (CVE-2023-34990) with a 9.6/10 CVSS score.

Why it’s urgent: It allows attackers to...
1️⃣ Access admin accounts using static session IDs.
2️⃣ Execute unauthorized commands by chaining vulnerabilities.
3️⃣ Gain root access to your network in minutes.

🛠️ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6—update immediately.

Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html

The Hacker News

19 декабря 2024 10:27

Netflix has been fined €4.75M for violating GDPR by failing to explain how it used customer data like email addresses and payment details between 2018–2020.

Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html

The Hacker News

18 декабря 2024 15:11

🔒 Would you click on a fake DocuSign email? Thousands already did.

Phishers are baiting employees with urgent DocuSign alerts, exploiting trusted services like HubSpot Free Form Builder to redirect users to fake Office 365 login pages for credential theft.

The numbers tell the story:
💻 20,000+ users in Europe impacted
🛠️ Bulletproof hosting powers attackers’ infrastructure
🌍 Increasing abuse of trusted tools like Google Calendar

👉 Learn more: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html

The Hacker News

18 декабря 2024 14:37

🚨 A critical flaw (CVE-2024-12356, CVSS score: 9.8) has been discovered in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products.

An unauthenticated attacker could exploit this to inject commands and execute arbitrary OS actions, posing a serious security risk.

Learn more: https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html

The Hacker News

18 декабря 2024 12:18

APT29, a Russia-linked threat group, is repurposing legitimate red team tools for cyberespionage:

» Targeting: Governments, researchers, and think tanks
» Scale: 200 victims hit in just one day
» Method: Malicious RDP files that bypass malware defenses

Why should you care? These attacks silently steal data like credentials and sensitive documents—without leaving a trace.

🔗 Stay informed. Details here: https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html

The Hacker News

18 декабря 2024 06:45

🔒 Meta under fire (again): The 2018 Facebook breach has just cost the company €251 million—and exposed 29 million accounts worldwide, including sensitive data such as emails, phone numbers, and even children’s information.

A flaw in the 👀 “View As” feature allowed attackers to steal access tokens and compromise user accounts.

👉 Learn more about the case: https://thehackernews.com/2024/12/meta-fined-251-million-for-2018-data.html

The Hacker News

17 декабря 2024 17:40

⚠️ DarkGate isn’t new – but its delivery methods are evolving.

Attackers are now impersonating external suppliers on Microsoft Teams calls, tricking victims into installing AnyDesk for remote access.

🔍 DarkGate's Capabilities: Keylogging, screen capture, credential theft, and audio recording.

👉 Read the full article here: https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html