Tag: The Hacker News

Read the original article: New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking The Department of Homeland Security and CISA ICS-CERT will today issue a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting…

Read more →

Read the original article: New Critical Flaws Put Billions of Internet-Connected Devices at Risk of Hacking The Department of Homeland Security and CISA ICS-CERT will today issue a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting…

Read more →

Read the original article: Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations If your business operations and security of sensitive data rely on Oracle’s E-Business Suite (EBS), make sure you recently updated and are running the latest available version…

Read more →

Read the original article: WebAuthn Passwordless Authentication Now Available for Atlassian Products Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git…

Read more →

Read the original article: New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and…

Read more →

Read the original article: Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room You might not believe it, but it’s possible to spy on secret conversations happening in a room from a nearby remote location…

Read more →

Read the original article: A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered…

Read more →

Read the original article: Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE).…

Read more →

Read the original article: MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider…

Read more →

Read the original article: Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.…

Read more →

Read the original article: SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined…

Read more →

Read the original article: Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems…

Read more →

Read the original article: Security Drift – The Silent Killer Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual…

Read more →

Read the original article: Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and…

Read more →

Read the original article: Any Indian DigiLocker Account Could’ve Been Accessed Without Password The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass…

Read more →

Read the original article: New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research…

Read more →

Read the original article: Two Critical Flaws in Zoom Could’ve Let Attackers Hack Systems via Chat If you’re using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version…

Read more →

Read the original article: Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the…

Read more →

Read the original article: New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task…

Read more →

Read the original article: Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers Cybersecurity researchers today disclosed details for a new vulnerability in VMware’s Cloud Director platform that could potentially allow an attacker to gain access to sensitive…

Read more →

Read the original article: How to Create a Culture of Kick-Ass DevSecOps Engineers Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more…

Read more →

Read the original article: Joomla Resources Directory (JRD) Portal Suffers Data Breach Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources…

Read more →

Read the original article: Critical ‘Sign in with Apple’ Bug Could Have Let Attackers Hijack Anyone’s Account Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in…

Read more →

Read the original article: New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly…

Read more →

Read the original article: Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds Mitron (means “friends” in Hindi), you have been fooled again! Mitron is not really a ‘Made in India’ product, and the viral app…

Read more →

Read the original article: A New Free Monitoring Tool to Measure Your Dark Web Exposure Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization’s exposure on the Dark Web. To improve the decision-making…

Read more →

Read the original article: Researchers Uncover Brazilian Hacktivist’s Identity Who Defaced Over 4800 Sites It’s one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It’s, however, an entirely different thing…

Read more →

Read the original article: Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The…

Read more →

Read the original article: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to…

Read more →

Read the original article: New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages…

Read more →

Read the original article: New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug The hacking team behind the “unc0ver” jailbreaking tool has released a new version of the software that can unlock every single iPhone, including…

Read more →

Read the original article: How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19 The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other,…

Read more →

Read the original article: Iranian APT Group Targets Governments in Kuwait and Saudi Arabia Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were…

Read more →

Read the original article: [Guide] Finding Best Security Outsourcing Alternative for Your Organization As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar…

Read more →

Read the original article: New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown…

Read more →

Read the original article: Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email…

Read more →

Read the original article: Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users Brazil’s biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers’ personal and payment-related information publicly accessible online that could have been accessed…

Read more →

Read the original article: British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers’ Data British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled “highly sophisticated,” exposing email addresses and travel…

Read more →

Read the original article: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing…

Read more →

Read the original article: HTTP Status Codes Command This Malware How to Control Hacked Systems A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted…

Read more →

Read the original article: Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the…

Read more →

Read the original article: Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s…

Read more →

Read the original article: Researcher Spots New Malware Claimed to be ‘Tailored for Air‑Gapped Networks’ A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware…

Read more →

Read the original article: U.S Defence Warns of 3 New Malware Used by North Korean Hackers Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about…

Read more →

Read the original article: Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase Databases More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords,…

Read more →

Read the original article: Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no…

Read more →

Read the original article: An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that…

Read more →

Read the original article: 7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past…

Read more →

Read the original article: DigitalOcean Data Leak Incident Exposed Some of Its Customers Data DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown…

Read more →

Read the original article: This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam,…

Read more →

Read the original article: Facebook Launches ‘Discover,’ A Secure Proxy to Browse the Internet for Free More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back…

Read more →

Read the original article: Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities…

Read more →

Read the original article: Download: ‘Coronavirus Cyber Security for Management’ Template for CISOs The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations’ management. As a result, CIOs and CISOs face a double challenge on…

Read more →

Read the original article: Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should…

Read more →

Read the original article: New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers A researcher from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive…

Read more →

Read the original article: Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach…

Read more →

Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on…

Read more →

Read the original article: Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany,…

Read more →

Read the original article: New Android Malware Steals Banking Passwords, Private Data and Keystrokes A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and…

Read more →

Read the original article: Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use…

Read more →

Read the original article: Cato SDP: Cloud-Scale and Global Remote Access Solution Review The Scouts acknowledged the necessity to “Be Prepared” over 100 years (!) ago; the industry should have, as well. Yet COVID-19 took businesses – more like the…

Read more →

Read the original article: Critical Security Patches Released for Magento, Adobe Illustrator and Bridge It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical…

Read more →

Read the original article: Researchers Uncover Novel Way to De-anonymize Device IDs to Users’ Biometrics Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The…

Read more →

Read the original article: How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire…

Read more →

Read the original article: Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly…

Read more →

Read the original article: Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to…

Read more →

Read the original article: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails Watch out Apple users! The default mail app pre-installed on millions of iPhone and iPad has been found vulnerable to two critical flaws that could…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: Chinese Hackers Using New iPhone Hack to Spy On Uyghurs Muslims A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority…

Read more →

Read the original article: The Incident Response Challenge 2020 — Win $5,000 Prize! Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges…

Read more →

Read the original article: Researcher Discloses 4 Zero-Day Bugs in IBM’s Enterprise Security Software A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company…

Read more →

Read the original article: Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the…

Read more →

Read the original article: COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive…

Read more →

Read the original article: CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as…

Read more →

Read the original article: Why SaaS opens the door to so many cyber threats (and how to make it safer) Cloud services have become increasingly important to many companies’ daily operations, and the rapid adoption of web apps has allowed…

Read more →

Read the original article: Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to…

Read more →

Read the original article: U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers The United States agencies today released a joint advisory warning the world about the ‘significant cyber threat’ posed by North Korean state-sponsored hackers…

Read more →

Read the original article: How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize Revolutionary ideas in science, technology, engineering, and mathematics don’t occur every day. But when those “eureka” moments happen, we need to provide…

Read more →

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of…

Read more →

It’s April 2020 Patch Tuesday, and during these challenging times of a coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch…

Read more →

Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS. Dubbed ‘SafeBIOS Events & Indicators of Attack’ (IoA), the…

Read more →

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo…

Read more →

The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses. In a webinar for security service…

Read more →

Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected…

Read more →

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of…

Read more →

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing…

Read more →

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then,…

Read more →

Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden…

Read more →

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home…

Read more →

If you use Apple iPhone or MacBook, here we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari…

Read more →

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The…

Read more →

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt,…

Read more →

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution,…

Read more →

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named “Vollgar” after the…

Read more →

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and…

Read more →

International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. “At the end of February 2020, we identified that an unexpected amount…

Read more →

These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short…

Read more →

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake “Zoom” domains and malicious “Zoom”…

Read more →

Cybersecurity researchers with Qihoo 360’s NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two…

Read more →