Hacking
Hacking | News, how-tos, features, reviews, and videos
Russian hacktivist group targets India’s health ministry
The Phoenix group claims to have access to all hospital systems in India and information on hospital employees and chief physicians.
Lazarus group infiltrated South Korean finance firm twice last year
North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.
GoDaddy connects a slew of past attacks to a multiyear hacking campaign
GoDaddy has identified a December 2022 malware incident on its hosting servers as part of a series of attacks on the company infrastructure since 2020.
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
A Dragos report shows threat actors new and old have the potential to cause major disruptions of critical infrastructure.
Threat group targets over 1,000 companies with screenshotting and infostealing malware
Tactics and malware suggest financial motivation, but espionage might also be the goal.
Recent legal developments bode well for security researchers, but challenges remain
Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.
Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says
India, the US, Indonesia, and China accounted for 40% of the total reported cyberattacks in the government sector.
What is Ransom Cartel? A ransomware gang focused on reputational damage
The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news...
Here is why you should have Cobalt Strike detection in place
Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams. Cobalt Strike is among the attack frameworks used by red teams and cyber specialists should be on...
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back
The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.
Know thy enemy: thinking like a hacker can boost cybersecurity strategy
Putting on a red hat and trying to understand the motivations, expectations, behaviors, and goals of bad actors can be a key part of a solid cybersecurity plan.
Iran’s nuclear energy agency confirms email server hacked
Iranian hacking group Black Reward has claimed responsibility for a breach at the email server of the country's Bushehr nuclear power plant, in support of nationwide protests over the death of a young woman in police custody.
Election security, misinformation threats loom large ahead of the US midterms
The FBI and CISA say election infrastructure is secure, but threat actors have other ways to undermine confidence in the US midterm elections.
Most hackers need 5 hours or less to break into enterprise environments
A new survey of 300 ethical hackers provides insight into not only the most common means of initial access but how a complete end-to-end attack happens.
Social media's role in spreading U.S. election disinformation in the spotlight
Before Twitter's former CISO sounded the alarm bell, the U.S. government defined steps to counter misinformation and disinformation at the state, local and federal levels.
Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says
Russian cybercollective Killnet dropped evidence of possible collaboration with ransomware gang Conti in its hacking campaign against Lithuania on a Telegram channel, security company Flashpoint reports.
9 ways hackers will use machine learning to launch attacks
Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.
DOJ: Good faith security research won’t be charged under Computer Fraud and Abuse Act
The U.S. Department of Justice revises its policy regarding charging violations of the CFAA. Good faith security research will no longer be charged.