The Hacker News

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Fri, 23 Oct 2020 10:50:27 GMT

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems. Justtext

New Chrome 0-day Under Active Attacks – Update Your Browser Now

Wed, 21 Oct 2020 16:27:58 GMT

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to text

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

Wed, 21 Oct 2020 07:12:51 GMT

Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani text

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

Tue, 20 Oct 2020 14:02:47 GMT

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT"— now masquerades as legitimate Android and macOS apps to capture device data, contacttext

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

Tue, 20 Oct 2020 06:04:02 GMT

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks text

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Fri, 16 Oct 2020 07:19:45 GMT

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ protocol stack text

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?

Thu, 15 Oct 2020 06:58:51 GMT

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more

Police Raided German Spyware Company FinFisher Offices

Wed, 14 Oct 2020 18:27:09 GMT

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a text

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

Wed, 14 Oct 2020 13:05:01 GMT

A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying text

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Wed, 14 Oct 2020 10:20:04 GMT

Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security text

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Wed, 14 Oct 2020 10:10:31 GMT

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and text

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Tue, 13 Oct 2020 07:10:08 GMT

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit, Lumen's Black Lotus Labs, ESET, Financial Services Information Sharing and Analysis Center (FS-ISAC), text

A Self-Service Password Reset Project Can Be Quick Win For IT

Mon, 12 Oct 2020 11:39:26 GMT

Since the beginning of this year, organizations' IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and shift to a mainly remote workforce. Supporting end-users that are now working from home has introduced new challenges in troubleshooting since it isn’t as simple as visiting an end user’s desk to resolve issues as they arise. One support issue text

Watch Out — Microsoft Warns Android Users About A New Ransomware

Mon, 12 Oct 2020 07:52:49 GMT

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well astext

55 New Security Flaws Reported in Apple Software and Services

Fri, 09 Oct 2020 09:06:17 GMT

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of text

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

Thu, 08 Oct 2020 13:56:53 GMT

As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly

A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

Wed, 07 Oct 2020 12:43:43 GMT

Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. To address this issue, especially for small and mid-sized text

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

Wed, 07 Oct 2020 09:51:25 GMT

Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the text

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

Tue, 06 Oct 2020 08:33:43 GMT

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI (or Unified Extensible Firmware Interface) containing a malicious implant, making it the second known public case where a UEFI rootkit has been used in the wild. According to Kaspersky, the text

Secure Your SaaS Apps With Security Posture Management Platform

Mon, 05 Oct 2020 15:59:45 GMT

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. However, even when referred to as 'a game-changer,' many organizations are still highly text