Read the original article: An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that…
Category: The Hacker News
7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years
Read the original article: 7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past…
DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
Read the original article: DigitalOcean Data Leak Incident Exposed Some of Its Customers Data DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown…
This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years
Read the original article: This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam,…
Facebook Launches ‘Discover,’ A Secure Proxy to Browse the Internet for Free
Read the original article: Facebook Launches ‘Discover,’ A Secure Proxy to Browse the Internet for Free More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back…
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
Read the original article: Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities…
Download: ‘Coronavirus Cyber Security for Management’ Template for CISOs
Read the original article: Download: ‘Coronavirus Cyber Security for Management’ Template for CISOs The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations’ management. As a result, CIOs and CISOs face a double challenge on…
Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
Read the original article: Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should…
New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers
Read the original article: New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers A researcher from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive…
Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
Read the original article: Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach…
Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on…
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
Read the original article: Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany,…
New Android Malware Steals Banking Passwords, Private Data and Keystrokes
Read the original article: New Android Malware Steals Banking Passwords, Private Data and Keystrokes A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and…
Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites
Read the original article: Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use…
Cato SDP: Cloud-Scale and Global Remote Access Solution Review
Read the original article: Cato SDP: Cloud-Scale and Global Remote Access Solution Review The Scouts acknowledged the necessity to “Be Prepared” over 100 years (!) ago; the industry should have, as well. Yet COVID-19 took businesses – more like the…
Critical Security Patches Released for Magento, Adobe Illustrator and Bridge
Read the original article: Critical Security Patches Released for Magento, Adobe Illustrator and Bridge It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical…
Researchers Uncover Novel Way to De-anonymize Device IDs to Users’ Biometrics
Read the original article: Researchers Uncover Novel Way to De-anonymize Device IDs to Users’ Biometrics Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The…
How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts
Read the original article: How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire…
Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet
Read the original article: Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly…
Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million
Read the original article: Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to…
Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails
Read the original article: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails Watch out Apple users! The default mail app pre-installed on millions of iPhone and iPad has been found vulnerable to two critical flaws that could…
Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims
Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…
Chinese Hackers Using New iPhone Hack to Spy On Uyghurs Muslims
Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghurs Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…
The Incident Response Challenge 2020 — Win $5,000 Prize!
Read the original article: The Incident Response Challenge 2020 — Win $5,000 Prize! Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges…
Researcher Discloses 4 Zero-Day Bugs in IBM’s Enterprise Security Software
Read the original article: Researcher Discloses 4 Zero-Day Bugs in IBM’s Enterprise Security Software A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company…
Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers
Read the original article: Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the…
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
Read the original article: COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive…
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
Read the original article: CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as…
Why SaaS opens the door to so many cyber threats (and how to make it safer)
Read the original article: Why SaaS opens the door to so many cyber threats (and how to make it safer) Cloud services have become increasingly important to many companies’ daily operations, and the rapid adoption of web apps has allowed…
Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository
Read the original article: Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to…
U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers
Read the original article: U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers The United States agencies today released a joint advisory warning the world about the ‘significant cyber threat’ posed by North Korean state-sponsored hackers…
How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize
Read the original article: How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize Revolutionary ideas in science, technology, engineering, and mathematics don’t occur every day. But when those “eureka” moments happen, we need to provide…
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat…
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It’s April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of…
Microsoft Issues Patches for 2 Bugs Exploited as Zero-Day in the Wild
It’s April 2020 Patch Tuesday, and during these challenging times of a coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch…
Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks
Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS. Dubbed ‘SafeBIOS Events & Indicators of Attack’ (IoA), the…
Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic
As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo…
Webinar: How MSSPs Can Overcome Coronavirus Quarantine Challenges
The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses. In a webinar for security service…
Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected…
7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic
In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of…
Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild
Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing…
Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset
Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then,…
Secure Remote Working During COVID-19 — Checklist for CISOs
Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden…
Zoom Caught in Cybersecurity Debate — Here’s Everything You Need To Know
Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home…
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
If you use Apple iPhone or MacBook, here we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari…
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The…
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt,…
Unpatched Zoom App Bug Lets Hackers Steal Your Windows Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution,…
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named “Vollgar” after the…
Webinar — Autonomous Breach Protection: The New Security Paradigm Shift
Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and…
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. “At the end of February 2020, we identified that an unexpected amount…
AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak
These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short…
COVID-19: Hackers Begin Exploiting Zoom’s Overnight Success to Spread Malware
As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake “Zoom” domains and malicious “Zoom”…
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360’s NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two…
Hackers Used Local News Sites to Install Spyware On iPhones
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the “Operation Poisoned News”…
Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak
Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist,…
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called…
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the…
How to Provide Remote Incident Response During the Coronavirus Times
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the…
Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge…
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
Warning — Two New Unpatched Critical RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
Warning — Two New Unpatched Critical RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption
For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar’s accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming…
Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems
Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm…
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called “Mukashi,” the new variant of the malware employs brute-force…
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion
Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion
Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…
TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach
Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information. TrueFire is one of the popular guitar tutoring websites…
Researchers Uncover a Nigerian Hacker’s Pursuit of his Million Dollar Dream
Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in…
Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million
Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people’s phone numbers via SIM swapping attacks. The law enforcement agencies arrested 12…
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users’ authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed “Cookiethief” by Kaspersky…
Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796,…
Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber…
Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets
Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned…
Warning — Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. It…
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company’s history. Of the 115…
L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior
Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such…
Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability…
Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide
Microsoft today announced that it has successfully disrupted the botnet network of Necurs malware, which has infected more than 9 million computers globally, and also hijacks the majority of its infrastructure. The latest botnet takedown was the result of a…
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new…
LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new…
Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial
A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency’s classified hacking and tools and leaking it to WikiLeaks…
9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks
AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as “Take A Way,” the new potential attack vectors leverage the…
This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.…
Virgin Media Data Leak Exposes Details of 900,000 Customers
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What…
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other…
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of…
You Can Now Run Android on an iPhone With ‘Project Sandcastle’
Not happy with your expensive iPhone and wondered if it’s possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can…
Let’s Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The…
Top 10 Most Innovative Cybersecurity Companies After RSA 2020
The RSA Conference, the world’s leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss…
Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China
Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include…
Download Guide — Advanced Threat Protection Beyond the AV
At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to…
2 Chinese Charged with Laundering $100 Million for North Korean Hackers
Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court…