The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]

  • Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers
    by [email protected] (Ravie Lakshmanan) on January 20, 2022 at 3:29 pm

    An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues

  • Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks
    by [email protected] (Ravie Lakshmanan) on January 20, 2022 at 1:09 pm

    Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query

  • Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang
    by [email protected] (Ravie Lakshmanan) on January 20, 2022 at 10:20 am

    A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with

  • A Trip to the Dark Site — Leak Sites Analyzed
    by [email protected] (The Hacker News) on January 20, 2022 at 8:28 am

    Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can

  • DoNot Hacking Team Targeting Government and Military Entities in South Asia
    by [email protected] (Ravie Lakshmanan) on January 20, 2022 at 7:54 am

    A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a

UK Computer Companies - Business Directory Uk - Business listings for computer repair, support and hardware companies Computer Networking, Network Directory - Computer networking solutions providers and companies