Security News

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."

Retribution by hacking back might make you feel better, but experts urge caution and explain why it's a bad idea. In the tech realm, some victims of cyberattacks want to enact revenge by hacking their hackers, a.k.a. the hack back.

The U.S. government has entered a Deferred Prosecution Agreement with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. "These services included the provision of support, direction and supervision in the creation of sophisticated"Zero-click" computer hacking and intelligence gathering systems - i.e., one that could compromise a device without any action by the target" - the U.S. Department of Justice.

The U.S. Department of Justice on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. "The defendants worked as senior managers at a United Arab Emirates-based company that supported and carried out computer network exploitation operations for the benefit of the U.A.E. government," the DoJ said in a statement.

Threat actors are sharing Windows MSHTML zero-day tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7 said in an advisory published Tuesday.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

If you're reading this post, there is a pretty good chance you're interested in hacking. The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches.

" Home and small business routers under attack. The Navajo Nation's selfless cryptographic contribution to America.