The Hacker News

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Fri, 07 Aug 2020 13:01:06 GMT

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes text

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

Fri, 07 Aug 2020 12:33:51 GMT

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that text

How COVID-19 Has Changed Business Cybersecurity Priorities Forever

Fri, 07 Aug 2020 08:30:27 GMT

For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the text

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

Fri, 07 Aug 2020 05:34:00 GMT

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and text

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Wed, 05 Aug 2020 18:57:24 GMT

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP text

Case Study: How Incident Response Companies Choose IR Tools

Wed, 05 Aug 2020 10:20:22 GMT

Many companies today have developed a Cybersecurity Incident Response (IR) plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while frantically responding to the incident, a recipe ripe for mistakes. Heavyweight boxer Mike Tyson oncetext

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Wed, 05 Aug 2020 09:46:54 GMT

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to text

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

Tue, 04 Aug 2020 08:32:36 GMT

Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor," the malware has done an 'excellent' job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access. "[The] FBI has text

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

Fri, 31 Jul 2020 20:33:47 GMT

A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam. According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolextext

EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI

Fri, 31 Jul 2020 13:47:40 GMT

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud text

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Fri, 31 Jul 2020 10:10:39 GMT

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network text