OOh yeah oooh ooh oooh
The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
- North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scamsby info@thehackernews.com (The Hacker News) on September 7, 2024 at 7:28 am
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation.These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.“After an initial chat conversation, the attacker sent a ZIP file that contained
- FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationalsby info@thehackernews.com (The Hacker News) on September 7, 2024 at 7:10 am
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitationby info@thehackernews.com (The Hacker News) on September 6, 2024 at 3:55 pm
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. “An improper access control vulnerability has been identified in the SonicWall SonicOS management
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malwareby info@thehackernews.com (The Hacker News) on September 6, 2024 at 3:14 pm
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In
- GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Codeby info@thehackernews.com (The Hacker News) on September 6, 2024 at 3:03 pm
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).Adversaries targeting open-source repositories across