Skip to content
hacker news Page 109

hacker news

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Dec 12, 2024Ravie LakshmananWebsite Security / Vulnerability Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of… 

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Dec 12, 2024Ravie LakshmananCyber Crime / DDoS Attack A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a… 

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

Dec 11, 2024Ravie LakshmananMalware / Cyber Espionage The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices… 

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

Dec 11, 2024Ravie LakshmananMalware / Endpoint Security A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response… 

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Dec 11, 2024Ravie LakshmananVulnerability / Authentication Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a… 

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Dec 11, 2024Ravie LakshmananRansomware / Malware Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are… 

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Dec 11, 2024Ravie LakshmananCyber Espionage / Cyber Attack A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage… 

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Dec 11, 2024Ravie LakshmananVulnerability / Data Breach The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and…