Lazarus hackers abuse Dell driver bug using new FudModule rootkit
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. [...]
Stay informed on the latest hacking trends, threats, and prevention strategies in cyber security with insightful articles and updates.
Search across headline titles and summaries.
Background for this topic.
Hacking is the use of technical methods to access, alter, disrupt, or examine computer systems and data, either with authorization or without it. In security reporting, the term usually covers unauthorized exploitation of software flaws, exposed services, weak credentials, misconfigurations, and sometimes human trust through phishing or other social engineering.
Its security significance depends on the attacker’s access and objective: a compromised internet-facing system may enable data theft, unauthorized changes, or movement into other systems, while a benign penetration test can reveal the same weaknesses before they are abused. Defenders reduce exposure through timely vulnerability management, secure configuration, strong authentication, network and endpoint monitoring, and tested incident-response procedures. Useful reporting distinguishes confirmed compromise from attempted or suspected activity and identifies the exploited entry point, affected assets, and whether access was contained.
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. [...]
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo. [...]
The Brute Ratel post-exploitation toolkit has been cracked and is now being shared for free across Russian-speaking and English-speaking hacking communities. [...]
The company's website remains offline after hackers used its compromised CMS to send out racist messages.
Someone going by 'Thrax' claims responsibility for 'incredibly easy' breach Apple News shut down Fast Company's news channel after "an incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening.…
The breach seems related to the hack of Fast Company's website on Sunday afternoon
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices
The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. [...]
The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. [...]
The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus
For white hats who play by the rules, here are several ethical tenets to consider.
Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests
A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. [...]