Skip to content
hacking news Page 10

hacking news

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes… 

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk — an expanded attack surface.… 

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious… 

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Dec 04, 2024Ravie LakshmananSupply Chain Attack Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with… 

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

Dec 04, 2024Ravie Lakshmanan A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications… 

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 04, 2024Ravie LakshmananVulnerability / Ransomware Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability,… 

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Dec 04, 2024Ravie LakshmananVulnerability / Software Security A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The… 

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Dec 04, 2024Ravie LakshmananEmail Security / Malware Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. “The ongoing… 

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Dec 03, 2024Ravie LakshmananVulnerability / Network Security Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120… 

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Dec 03, 2024Ravie LakshmananEndpoint Security / Vulnerability Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code…