The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America.…
Tag: The Hacker News
Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The…
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with…
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an…
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum…
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of…
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. “Identified exploitations or compromises associated with these threat…
Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets. The attack has been…
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post…
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. “Front companies, often…