Read the original article: Google Removes 21 Malicious Android Apps from Play Store Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive…
Tag: The Hacker News
Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps
Read the original article: Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP…
New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Read the original article: New Framework Released to Protect Machine Learning Systems From Adversarial Attacks Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial…
New Chrome 0-day Under Active Attacks – Update Your Browser Now
Read the original article: New Chrome 0-day Under Active Attacks – Update Your Browser Now Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately…
Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
Read the original article: Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the…
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
Read the original article: Windows GravityRAT Malware Now Also Targets macOS and Android Devices A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span…
Download Ultimate ‘Security for Management’ Presentation Template
Read the original article: Download Ultimate ‘Security for Management’ Presentation Template There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build,…
U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks
Read the original article: U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and…
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
Read the original article: Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to…
India Witnessed Spike in Cyber Attacks Amidst Covid-19 – Here’s Why?
Read the original article: India Witnessed Spike in Cyber Attacks Amidst Covid-19 – Here’s Why? The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new…
Police Raided German Spyware Company FinFisher Offices
Read the original article: Police Raided German Spyware Company FinFisher Offices German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to…
FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
Read the original article: FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye’s Mandiant threat intelligence team,…
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
Read the original article: Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws…
Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions
Read the original article: Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different…
Microsoft and Other Tech Companies Take Down TrickBot Botnet
Read the original article: Microsoft and Other Tech Companies Take Down TrickBot Botnet Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to…
A Self-Service Password Reset Project Can Be A Quick Win For IT
Read the original article: A Self-Service Password Reset Project Can Be A Quick Win For IT Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic…
A Self-Service Password Reset Project Can Be Quick Win For IT
Read the original article: A Self-Service Password Reset Project Can Be Quick Win For IT Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and…
Watch Out — Microsoft Warns Android Users About A New Ransomware
Read the original article: Watch Out — Microsoft Warns Android Users About A New Ransomware Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android’s Home button to lock the device…
55 New Security Flaws Reported in Apple Software and Services
Read the original article: 55 New Security Flaws Reported in Apple Software and Services A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical…
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
Read the original article: Researchers Find Vulnerabilities in Microsoft Azure Cloud Service As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft’s Azure…
A Handy Guide for Choosing a Managed Detection & Response (MDR) Service
Read the original article: A Handy Guide for Choosing a Managed Detection & Response (MDR) Service Every company needs help with cybersecurity. No CISO ever said, “I have everything I need and am fully confident that our organization is fully…
ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Read the original article: ALERT! Hackers targeting IoT devices with a new P2P botnet malware Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and…
New ‘MosaicRegressor’ UEFI Bootkit Malware Found Active in the Wild
Read the original article: New ‘MosaicRegressor’ UEFI Bootkit Malware Found Active in the Wild Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine’s booting process to drop persistent malware. The campaign involved the use…
New Flaws in Top Antivirus Software Could Make Computers More Vulnerable
Read the original article: New Flaws in Top Antivirus Software Could Make Computers More Vulnerable Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain…
Secure Your SaaS Apps With Security Posture Management Platform
Read the original article: Secure Your SaaS Apps With Security Posture Management Platform Image credit: Adaptive Shield As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one.…
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Read the original article: Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked…
Chinese APT Group Targets Media, Finance, and Electronics Sectors
Read the original article: Chinese APT Group Targets Media, Finance, and Electronics Sectors Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks…
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection
Read the original article: LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks.…
Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
Read the original article: Researchers Uncover Cyber Espionage Operation Aimed At Indian Army Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal…
Red Team — Automation or Simulation?
Read the original article: Red Team — Automation or Simulation? What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does…
Microsoft Windows XP Source Code Reportedly Leaked Online
Read the original article: Microsoft Windows XP Source Code Reportedly Leaked Online Microsoft’s long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server…
FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations
Read the original article: FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target…
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
Read the original article: Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in…
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
Read the original article: Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about…
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
Read the original article: Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability If you’re administrating Windows Server, make sure it’s up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability…
A New Hacking Group Hitting Russian Companies With Ransomware
Read the original article: A New Hacking Group Hitting Russian Companies With Ransomware As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks…
Unsecured Microsoft Bing Server Exposed Users’ Search Queries and Location
Read the original article: Unsecured Microsoft Bing Server Exposed Users’ Search Queries and Location A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among…
Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data
Read the original article: Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates,…
British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies
Read the original article: British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on…
A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
Read the original article: A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a…
A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Read the original article: A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the…
Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
Read the original article: Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and…
U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence
Read the original article: U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting…
Android 11 — 5 New Security and Privacy Features You Need to Know
Read the original article: Android 11 — 5 New Security and Privacy Features You Need to Know After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile…
Zenscrape: A Simple Web Scraping Solution for Penetration Testers
Read the original article: Zenscrape: A Simple Web Scraping Solution for Penetration Testers Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To…
U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers
Read the original article: U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and…
FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List
Read the original article: FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible…
2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
Read the original article: 2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the…
New Report Explains COVID-19’s Impact on Cyber Security
Read the original article: New Report Explains COVID-19’s Impact on Cyber Security Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating…
Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web
Read the original article: Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web In a new report into the global cybersecurity industry’s exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97%…
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
Read the original article: CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US…
New Linux Malware Steals Call Details from VoIP Softswitch Systems
Read the original article: New Linux Malware Steals Call Details from VoIP Softswitch Systems Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone…
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
Read the original article: New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects…
Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange
Read the original article: Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole…
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
Read the original article: New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and…
A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption
Read the original article: A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption IT help desks everywhere are having to adjust to the ‘new normal’ of supporting mainly remote workers. This is a major shift away from visiting desks…
Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine
Read the original article: Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine We have all heard of the “cybersecurity skills gap” — firms’ inability to hire and retain high-level cybersecurity talent. I see this gap…
Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor
Read the original article: Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious…
Microsoft Releases September 2020 Security Patches For 129 Flaws
Read the original article: Microsoft Releases September 2020 Security Patches For 129 Flaws As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting…
Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks
Read the original article: Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan,…
SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern
Read the original article: SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from…
New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Read the original article: New PIN Verification Bypass Flaw Affects Visa Contactless Payments Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered a new flaw in the company’s EMV enabled…
Evilnum hackers targeting financial firms with a new Python-based RAT
Read the original article: Evilnum hackers targeting financial firms with a new Python-based RAT An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT)…
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Read the original article: Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if…
(Live) Webinar – XDR and Beyond with Autonomous Breach Protection
Read the original article: (Live) Webinar – XDR and Beyond with Autonomous Breach Protection Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. XDR is a new technology approach that combines…
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Read the original article: New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging…
Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
Read the original article: Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of…
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Read the original article: Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild Cisco has warned of an active zero-day vulnerability in its router software that’s being exploited in the wild and could allow a remote,…
Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
Read the original article: Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp…
QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money
Read the original article: QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve…
Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware
Read the original article: Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware Hackers always find a way in, even if there’s no software vulnerability to exploit. The FBI has arrested a Russian national who recently…
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
Read the original article: Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said…
APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
Read the original article: APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used…
APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage
Read the original article: APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used…
Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud
Read the original article: Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to…
Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59
Read the original article: Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59 “In today’s knowledge economy, continual learning is an imperative.” — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone…
Google Researcher Reported 3 Flaws in Apache Web Server Software
Read the original article: Google Researcher Reported 3 Flaws in Apache Web Server Software If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over…
A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware
Read the original article: A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling…
Hackers Target Defense Contractors’ Employees By Posing as Recruiters
Read the original article: Hackers Target Defense Contractors’ Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly…
Former Uber Security Chief Charged Over Covering Up 2016 Data Breach
Read the original article: Former Uber Security Chief Charged Over Covering Up 2016 Data Breach The federal prosecutors in the United States have charged Uber’s former chief security officer, Joe Sullivan, for covering up a massive data breach that the…
Hackers Target Defence Contractors’ Employees By Posing as Recruiters
Read the original article: Hackers Target Defence Contractors’ Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly…
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified
Read the original article: Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified The South African arm of one of the world’s largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions…
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Read the original article: Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2 Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new…
Experts Reported Security Bug in IBM’s Db2 Data Management Software
Read the original article: Experts Reported Security Bug in IBM’s Db2 Data Management Software Cybersecurity researchers today disclosed details of a memory vulnerability in IBM’s Db2 family of data management products that could potentially allow a local attacker to access…
XDR: The Next Level of Prevention, Detection and Response [New Guide]
Read the original article: XDR: The Next Level of Prevention, Detection and Response [New Guide] One new security technology we keep hearing about is Extended Detection and Response (XDR). This new technology merges multiple prevention and detection technologies on a…
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Read the original article: A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.…
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Read the original article: Critical Jenkins Server Vulnerability Could Leak Sensitive Information Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential…
Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
Read the original article: Researchers Exploited A Bug in Emotet to Stop the Spread of Malware Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch…
How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
Read the original article: How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations’ cybersecurity strategies. WAFs…
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls
Read the original article: New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today…
Amazon Alexa Bugs Allowed Hackers to Install Malicious Skills Remotely
Read the original article: Amazon Alexa Bugs Allowed Hackers to Install Malicious Skills Remotely Attention! If you use Amazon’s voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and…
Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Read the original article: Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month’s…
Flaws in Samsung Phones Exposed Android Users to Remote Attacks
Read the original article: Flaws in Samsung Phones Exposed Android Users to Remote Attacks New research disclosed a string of severe security vulnerabilities in the ‘Find My Mobile’—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed…
Contrast Community Edition Empowers Developers to Write Secure Code Faster
Read the original article: Contrast Community Edition Empowers Developers to Write Secure Code Faster As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential…
Critical Flaws Affect Citrix Endpoint Management (XenMobile Servers)
Read the original article: Critical Flaws Affect Citrix Endpoint Management (XenMobile Servers) Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage…
Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers
Read the original article: Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to…
A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly
Read the original article: A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet…
TeamViewer Flaw Could Let Hackers Steal System Password Remotely
Read the original article: TeamViewer Flaw Could Let Hackers Steal System Password Remotely If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently…
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Read the original article: Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a…
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Read the original article: Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain…