ALERT: New Flaws in TPM 2.0 Library Could Be Putting Your Business and IoT Devices in Danger!

The Hacker News Daily Updates
Newsletter
cover

Why EDR isn't Enough to Stop Cyberattacks

How CyberArk Endpoint Privilege Manager™ Tackles EDR Gaps

Download Now Sponsored
LATEST NEWS Mar 3, 2023

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting ...

Read More
Twitter Facebook LinkedIn

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report. Attack ...

Read More
Twitter Facebook LinkedIn

U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said. The ...

Read More
Twitter Facebook LinkedIn

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials," Sysdig said in a new report. The advanced cloud attack also entailed ...

Read More
Twitter Facebook LinkedIn

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. "Underpinning this campaign was the use of transfer[.]sh," Cado Security said in a report shared with The Hacker News. "It's possible that it's an attempt at evading detections based on other common ...

Read More
Twitter Facebook LinkedIn

2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots

As a primary working interface, the browser plays a significant role in today's corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in ...

Read More
Twitter Facebook LinkedIn

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to ...

Read More
Twitter Facebook LinkedIn

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend ...

Read More
Twitter Facebook LinkedIn
cover

Why EDR isn't Enough to Stop Cyberattacks

How CyberArk Endpoint Privilege Manager™ Tackles EDR Gaps

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Older messages

Linux Users Beware - SysUpdate Malware Strikes Again with Sneaky Evasion Tactics!

Thursday, March 2, 2023

The Hacker News Daily Updates Newsletter cover The Hacker News Webinar: A MythBusting Special -- 9 Myths about File-based Threats Say goodbye to the myths and hello to the facts - Register for our

BlackLotus UEFI Bootkit Malware Successfully Bypasses Windows 11 Secure Boot

Wednesday, March 1, 2023

The Hacker News Daily Updates Newsletter cover The Hacker News Webinar: A MythBusting Special -- 9 Myths about File-based Threats Say goodbye to the myths and hello to the facts - Register for our

BREAKING: LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

Tuesday, February 28, 2023

The Hacker News eBook Update Newsletter Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Download For Free Don't let your SaaS apps become the next target - Join our

BREAKING: LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

Tuesday, February 28, 2023

The Hacker News Daily Updates Newsletter cover Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

Monday, February 27, 2023

The Hacker News Daily Updates Newsletter cover Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led

You Might Also Like

💻 Installing Linux on an Old Laptop Instead of a Raspberry Pi — Flagship Phones Need More Storage

Monday, November 18, 2024

Also: I Built the Perfect Programming Platform In Less Than 10 Minutes, and More! How-To Geek Logo November 18, 2024 Did You Know The Sixth Sense was the highest-grossing horror film of all time in

Daily Coding Problem: Problem #1612 [Hard]

Monday, November 18, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Etsy. Given a sorted array, convert it into a height-balanced binary search tree.

10,000 ways to fail & The European Search Perspective

Monday, November 18, 2024

Reflecting on over five years of Creativerly, Signal introduces Call Links, the science of mental models, and a lot more in this week's issue of Creativerly. Creativerly 10000 ways to fail &

Charted | Global GHG Emissions, by Sector 🌎

Monday, November 18, 2024

In this graphic, we show greenhouse gas emissions by sector in 2023. View Online | Subscribe | Download Our App Presented by: New 3-Part Series: Bitcoin Demystified >> Learn more about one of the

Spyglass Dispatch: Samsung/Google Smart Glasses • Star Wars Mess • Netflix Knocked Out • Conan's Oscars • MicroStrategy's Comeback • Vision Pro In Focus • Saving 'Inside the NBA' • Apple Television Lives!

Monday, November 18, 2024

Samsung/Google Smart Glasses • Star Wars Mess • Netflix Knocked Out • Conan's Oscars • MicroStrategy's Comeback • Vision Pro In Focus • Saving 'Inside the NBA' • Apple Television Lives!

GCP Newsletter #424

Monday, November 18, 2024

Welcome to issue #425 November 18th, 2024 News Google Kubernetes Engine Official Blog 65000 nodes and counting: Google Kubernetes Engine is ready for trillion-parameter AI models - Google Kubernetes

Design and code beautiful products. Together.

Monday, November 18, 2024

Pablo Ruiz-Múzquiz and the team at ​Penpot​ have recently announced a new plugin feature that allows users to build new tools and functionalities on the platform. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Can Bitcoin Put an End to Forever War?

Monday, November 18, 2024

Top Tech Content sent at Noon! How the world collects web data Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, November 18, 2024? The HackerNoon

25 tips for programming with AI

Monday, November 18, 2024

Meta Quest dominates Steam VR; Stop squirting hot glue into devices -- ZDNET ZDNET Tech Today - US November 18, 2024 digitalspeed-gettyimages-1322205545 25 AI tips to boost your programming

Ordering, Grouping and Consistency in Messaging systems

Monday, November 18, 2024

We went quite far from our Queue Broker series in recent editions, but today, we're back to it! By powers combined, I joined our Queue Broker implementation to solve the generic idempotency check