Security News

The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation. Security Joes researcher Tom Malka, who shared the source code with BleepingComputer, compiled the package and found it creates three executables - a ransomware configuration builder, the encryptor, and a decryptor.

The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects of cybersecurity. The purpose of ethical hacking is to find weaknesses in the system that a malicious hacker may exploit.

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong.

The United States Supreme Court has ruled that a police officer who received money for obtaining data from a law-enforcement database for an associate did not violate a controversial federal hacking law, marking a victory for the ethical hacking community by limiting the law's scope. In a landmark ruling in Van Buren v. United States, the court ruled that former Georgia police sergeant Nathan Van Buren did not violate the Computer Fraud and Abuse Act of 1986 when he accessed a police database to retrieve information about a license plate in exchange for $6,000 in cash.

The Supreme Court on Thursday limited prosecutors' ability to use an anti-hacking law to charge people with computer crimes. The justices ruled prosecutors had overreached in using the federal Computer Fraud and Abuse Act to charge him.

A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits. The man, Charles Onus, 34, who was arrested in San Francisco on April 14, is accused of participating in a scheme that resulted in the compromise of approximately 5,500 user accounts at an unnamed human resources and payroll services company in the U.S. In 2017 and 2018, Onus allegedly employed a credential stuffing attack to gain unauthorized access to user accounts at the targeted company.

The Swedish Public Health Agency has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts. "The Swedish Public Health Agency has discovered that there have been several attempted intrusions into the SmiNet database. The database has therefore been closed down temporarily," the agency said on Thursday, May 27.

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers made by Siemens. The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.

An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign. "Initially engaged in espionage activity, Agrius deployed a set of destructive wiper attacks against Israeli targets, masquerading the activity as ransomware attacks," said Amitai Ben Shushan Ehrlich, Threat Intelligence Researcher at SentinelOne.

The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. While the Indonesian government has not confirmed if the data is legitimate, they have performed a random investigation of 1 million records and believe a more thorough investigation needs to be conducted by the government's information technology and cybersecurity agencies.