TheHackerNews

April 7, 2022 The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world’s largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an “international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal Article …

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace Read More »

April 7, 2022 Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance …

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee Read More »

April 6, 2022 Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world’s largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. “Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the …

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin Read More »

April 6, 2022 Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there’s rarely been a more dangerous cybersecurity environment. It’s a danger that affects every organization – automated attack campaigns don’t discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens …

Battling Cybersecurity Risk: How to Start Somewhere, Right Now Read More »

April 6, 2022 The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. “Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been …

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks Read More »

April 6, 2022 Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.  The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication …

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams Read More »

April 6, 2022 With the growth in digital transformation, the API management market is set to grow by more than 30%  by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate …

Is API Security on Your Radar? Read More »

April 6, 2022 A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a “widening” of the threat actor’s targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently …

Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers Read More »

April 6, 2022 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on “evidence of active exploitation.” The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed “Spring4Shell”, impacts Spring Article posted by: https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html ——————————————————————————————————————– …

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability Read More »

April 5, 2022 An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the …

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Read More »