Security News
Learn ethical hacking for less than $50 with this online training We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. If you want to break into the lucrative industry of ethical hacking, now is a good time to do it because The Complete 2022 PenTest & Ethical Hacking Bundle is on sale now for only $49. This six-course bundle is curated by iCollege and covers some of the most important topics in pen-testing and ethical hacking today.
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government said, attributing the attacks to an APT actor known as Energetic Bear.
Security analysts have uncovered a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders. Also tracked as TA416, Mustang Panda is known to serve China-aligned interests and has been recently associated with phishing and espionage operations that targeted European diplomats.
The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022, targeting luxury hotels in Macao, China. DarkHotel is a sophisticated hacking group targeting the hospitality industry to conduct high-level espionage or data monetization via dark web sales.
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.
Enterprises are putting greater stock in cybersecurity, but outdated "Security by obscurity" is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs. That's according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they "Want to be seen as infallible." However, just as many - 64 percent - said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets.
Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage devices that could be chained to attain unauthenticated remote code execution with the highest privileges. "The issues reside in TOS, an abbreviation for TerraMaster Operating System, and"can grant unauthenticated attackers access to the victim's box simply by knowing the IP address, Ethiopian cyber security research firm Octagon Networks' Paulos Yibelo said in a statement shared with The Hacker News.
The attack works by using the device's speaker to issue voice commands. As long as the speech contains the device wake word followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy's University of Catania found.
Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by...
Russia will consider any cyberattacks targeting Russian satellite infrastructure an act of war, as the country's space agency director said in a TV interview. Dmitry Rogozin, the current head of the Russian Roscosmos State Space Corporation, added that such attempts would also be considered crimes and investigated by Russia's law enforcement agencies.