The Hacker News

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating …

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught Read More »

Incentivizing Developers is the Key to Better Security Practices

The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win thanks to their often lax security controls. They are …

Incentivizing Developers is the Key to Better Security Practices Read More »

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since …

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit Read More »

Hackers Targeting Brazil’s PIX Payment System to Drain Users’ Bank Accounts

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil’s instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals’ control. “The attackers distributed …

Hackers Targeting Brazil’s PIX Payment System to Drain Users’ Bank Accounts Read More »

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called “intermittent encryption.” Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and …

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption Read More »

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. Attackers combine these links with social engineering baits that impersonate well-known productivity tools …

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects Read More »

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. Israeli cybersecurity …

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits Read More »

Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring

Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what’s known as a “Fraud-as-a-Service” operation. The apprehended suspects, a 24-year-old software …

Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring Read More »

Scroll to Top