Researchers unveil a new sophisticated backdoor, dubbed "RedXOR," targeting Linux endpoints and servers, believed to be the work of Chinese nation-state actors.
Read details: https://thehackernews.com/2021/03/researchers-unveil-new-linux-malware.html
Read details: https://thehackernews.com/2021/03/researchers-unveil-new-linux-malware.html
A critical pre-auth RCE flaw (CVE-2021-22986) has been discovered in the F5's Big-IP and BIG-IQ software — Patch ASAP!
Read details: https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html
Besides this, a few other newly reported flaws also result in a denial of service (DoS) attack.
Read details: https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html
Besides this, a few other newly reported flaws also result in a denial of service (DoS) attack.
WARNING — A public PoC exploit has been released for Microsoft Exchange ProxyLogon flaw, likely to fuel mass exploitation and more disruptive cyberattacks against thousands of unpatched servers.
Details: https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html
Situation is escalating. Patch your servers ASAP!
Details: https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html
Situation is escalating. Patch your servers ASAP!
Researchers demonstrate a new Browser-based Side-Channel attack that can then be leveraged to track users online even when the #JavaScript is completely disabled.
The latest attack is also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs — making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets.
Read details: https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
The latest attack is also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs — making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets.
Read details: https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
Watch Out! Cybercriminals are now leveraging the heavily exploited #ProxyLogon flaws to target unpatched Microsoft Exchange servers with a new strain of ransomware called #DearCry.
https://thehackernews.com/2021/03/icrosoft-exchange-ransomware.html
https://thehackernews.com/2021/03/icrosoft-exchange-ransomware.html
Researchers have spotted a new malware, dubbed 'NimzaLoader,' written in Nim, a rare programming language, likely to avoid detection.
Read details: https://thehackernews.com/2021/03/researchers-spotted-malware-written-in.html
Read details: https://thehackernews.com/2021/03/researchers-spotted-malware-written-in.html
🔥 WARNING — A second Google Chrome browser zero-day vulnerability (CVE-2021-21193) has been found actively exploited in-the-wild.
Read details: https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html
Update your browser for Windows, Mac, and Linux systems to 89.0.4389.90 or the latest available version.
Read details: https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html
Update your browser for Windows, Mac, and Linux systems to 89.0.4389.90 or the latest available version.
🔥Deal : CompTIA Security Certification Prep — Get lifetime access to online program offering training for 4 cybersecurity certifications: Security+, CySA+, CASP, and PenTest.
Register now for taking benefit of a 🕒 limited-time 97% discount: https://thehackernews.com/2021/03/comptia-security-certification-prep.html
Register now for taking benefit of a 🕒 limited-time 97% discount: https://thehackernews.com/2021/03/comptia-security-certification-prep.html
The Hacker News
CompTIA Security Certification Prep — Lifetime Access for just $30
The CompTIA Security Infrastructure Expert Bundle: Get lifetime access to all four courses for just $29.99.
Microsoft has released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange server cyberattacks.
Find details here: https://thehackernews.com/2021/03/use-this-one-click-mitigation-tool-from.html
Find details here: https://thehackernews.com/2021/03/use-this-one-click-mitigation-tool-from.html
Part 1 — A new wave of ongoing cyberattacks exploiting a new set of vulnerabilities to deploy Mirai variants and brute-forcers on compromised systems.
Part 2 — In a related development, a new Mirai-based botnet called ZHtrap has been spotted turning infected devices into honeypot to harvest additional infected devices.
Read details: https://thehackernews.com/2021/03/new-mirai-variant-and-zhtrap-botnet.html
Part 2 — In a related development, a new Mirai-based botnet called ZHtrap has been spotted turning infected devices into honeypot to harvest additional infected devices.
Read details: https://thehackernews.com/2021/03/new-mirai-variant-and-zhtrap-botnet.html
🔥 iOS 14.5 Beta code suggests Apple may soon start delivering security patches separately from other OS updates.
Details: https://thehackernews.com/2021/03/apple-may-start-delivering-security.html
It aims to deliver emergency patches without forcing users to re-re-downloading the entire 'heavily sized' OS updates each time.
Details: https://thehackernews.com/2021/03/apple-may-start-delivering-security.html
It aims to deliver emergency patches without forcing users to re-re-downloading the entire 'heavily sized' OS updates each time.
18-year-old hacker get 3 years in jail for masterminding the last year's massive Twitter hack.
Read: https://thehackernews.com/2021/03/18-year-old-hacker-gets-3-years-in.html
The attack involved hijacking several high-profile accounts—including of Barack Obama, Joe Biden, Bill Gates—to push a widespread cryptocurrency scam.
Read: https://thehackernews.com/2021/03/18-year-old-hacker-gets-3-years-in.html
The attack involved hijacking several high-profile accounts—including of Barack Obama, Joe Biden, Bill Gates—to push a widespread cryptocurrency scam.
Email security firm Mimecast revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded its source code out of a limited number of repositories.
Details: https://thehackernews.com/2021/03/mimecast-finds-solarwinds-hackers-stole.html
Details: https://thehackernews.com/2021/03/mimecast-finds-solarwinds-hackers-stole.html
Critical flaws reported in two highly popular WordPress plugins—Elementor and WP Super Cache—which, if successfully exploited, could allow attackers to take over unpatched website in certain scenarios. PATCH NOW!
https://thehackernews.com/2021/03/flaws-in-two-popular-wordpress-plugins.html
https://thehackernews.com/2021/03/flaws-in-two-popular-wordpress-plugins.html
🔥 Here's everything Google tracks about you!
Apple's App Tracking Transparency rule forced Google to reveal and clarify what personal data Chrome and other of its apps collect on you.
Read: https://thehackernews.com/2021/03/google-to-reveals-what-personal-data.html
Apple's App Tracking Transparency rule forced Google to reveal and clarify what personal data Chrome and other of its apps collect on you.
Read: https://thehackernews.com/2021/03/google-to-reveals-what-personal-data.html
The Hacker News
Google Reveals What Personal Data Chrome and Its Apps Collect On You
Apple App Tracking Transparency Feature Forces Google to Reveal What Personal Data Chrome and It’s Apps Collect on You
A pair of critical vulnerabilities have been found in the popular MyBB forum/bulletin software, which an unprivileged remote attacker can exploit to achieve RCE on targeted sites.
https://thehackernews.com/2021/03/critical-rce-flaw-reported-in-mybb.html
MyBB v1.8.26 released to patch reported issues. Update Now!
https://thehackernews.com/2021/03/critical-rce-flaw-reported-in-mybb.html
MyBB v1.8.26 released to patch reported issues. Update Now!
A new 'unpatched bug' in Zoom's screen-sharing feature could let other attendees in calls access restricted applications and leak sensitive information.
Read more: https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html
Read more: https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html
Watch Out—Hackers are leveraging trojanized Xcode projects in a newly spotted supply-chain attack to compromise macOS systems belonging to Apple platform developers with a backdoor.
Read: https://thehackernews.com/2021/03/hackers-infecting-apple-app-developers.html
Read: https://thehackernews.com/2021/03/hackers-infecting-apple-app-developers.html
👍1
U.S. Department of Justice announces updates on 2 separate hacking cases:
—a Swiss hacktivist charged for theft and fraud.
—a Russian who planned to plant ransomware in the Tesla company pleads guilty.
Details: https://thehackernews.com/2021/03/tesla-ransomware-hacker-pledges-guilty.html
—a Swiss hacktivist charged for theft and fraud.
—a Russian who planned to plant ransomware in the Tesla company pleads guilty.
Details: https://thehackernews.com/2021/03/tesla-ransomware-hacker-pledges-guilty.html
A critical vulnerability (CVE-2021-22986 / CVSS score: 9.8) affecting F5's BIG-IP and BIG-IQ products is UNDER ACTIVE ATTACKS after a PoC exploit was posted online.
Read details: https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html
Read details: https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html
A high severity RCE vulnerability (CVE-2021-26295) has been found in Apache OFBiz that could let unauthenticated, remote hackers seize control of the enterprise resource planning (ERP) systems.
Read details: https://thehackernews.com/2021/03/critical-rce-vulnerability-found-in.html
A patched version has now been released. Update your software immediately.
Read details: https://thehackernews.com/2021/03/critical-rce-vulnerability-found-in.html
A patched version has now been released. Update your software immediately.