Skip Navigation

News and Threat Intel

Latest Stories from The Hacker News

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.

The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.

Type confusion…

Read More

Hackers Sign Android Malware Apps with Compromised Platform Certificates

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps.

The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday.

"A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the…

Read More

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.

"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server…

Read More

The Value of Old Systems

Old technology solutions – every organization has a few of them tucked away somewhere. 

It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. 

This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went…

Read More

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code.

The privilege escalation flaw (CVSS score: 8.8), dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a…

Read More

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network.

The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.…

Read More

What the CISA Reporting Rule Means for Your IT Security Protocol

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and…

Read More

Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely

Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse.

The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website.…

Read More

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022.

In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a "sharp increase in both the number of compromised…

Read More

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.

"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to…

Read More

Bitdefender Cyberthreat Real-Time Map