The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
- Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojackingby [email protected] (The Hacker News) on 17 May 2024 at 5:20 pm
The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining
- New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEsby [email protected] (The Hacker News) on 17 May 2024 at 11:29 am
A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber
- China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RATby [email protected] (The Hacker News) on 17 May 2024 at 11:20 am
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes
- Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacksby [email protected] (The Hacker News) on 17 May 2024 at 8:46 am
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
- CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Nowby [email protected] (The Hacker News) on 17 May 2024 at 6:43 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an