A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the…
Tag: The Hacker News
How to Provide Remote Incident Response During the Coronavirus Times
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the…
Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge…
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
Warning — Two New Unpatched Critical RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
Warning — Two New Unpatched Critical RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in…
User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption
For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar’s accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming…
Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems
Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm…
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called “Mukashi,” the new variant of the malware employs brute-force…
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion
Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis…
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to…
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion
Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of…
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The…
TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach
Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information. TrueFire is one of the popular guitar tutoring websites…
Researchers Uncover a Nigerian Hacker’s Pursuit of his Million Dollar Dream
Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in…
Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million
Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people’s phone numbers via SIM swapping attacks. The law enforcement agencies arrested 12…
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users’ authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed “Cookiethief” by Kaspersky…
Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796,…
Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber…
Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets
Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned…
Warning — Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. It…
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company’s history. Of the 115…
L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior
Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such…
Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability…
Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide
Microsoft today announced that it has successfully disrupted the botnet network of Necurs malware, which has infected more than 9 million computers globally, and also hijacks the majority of its infrastructure. The latest botnet takedown was the result of a…
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new…
LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new…
Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial
A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency’s classified hacking and tools and leaking it to WikiLeaks…
9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks
AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as “Take A Way,” the new potential attack vectors leverage the…
This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.…
Virgin Media Data Leak Exposes Details of 900,000 Customers
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What…
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other…
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of…
You Can Now Run Android on an iPhone With ‘Project Sandcastle’
Not happy with your expensive iPhone and wondered if it’s possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can…
Let’s Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The…
Top 10 Most Innovative Cybersecurity Companies After RSA 2020
The RSA Conference, the world’s leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss…
Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China
Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include…
Download Guide — Advanced Threat Protection Beyond the AV
At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to…
2 Chinese Charged with Laundering $100 Million for North Korean Hackers
Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court…
Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims’ knowledge. Called “SurfingAttack,” the attack leverages the unique…
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that’s possible because all versions (9.x/8.x/7.x/6.x) of the Apache…
Let’s Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
Let’s Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it’s issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015,…
Why Businesses Should Consider Managed Cloud-Based WAF Protection
The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up…
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed ‘Kr00k’ and tracked as CVE-2019-15126, the…
New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for…
Google Advises Android Developers to Encrypt App Data On Device
Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users’ devices, especially when they use unprotected external storage that’s prone to hijacking. Moreover, considering that there are not many reference…
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
If you use the Firefox web browser, here’s an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their…
Free Download: The Ultimate Security Pros’ Checklist
You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But…
Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three…
New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of…
Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing
Phishing attacks have become one of the business world’s top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which…
Scam Alert: You’ve Been Selected for ‘Like of the Year 2020’ Cash Prizes
Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian…
Deal: Cloud And Networking Certification Training ~ Get 97% OFF
Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential…
Adobe Patches Critical Bugs Affecting Media Encoder and After Effects
Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary…
Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
Smart doorbells and cameras bring a great sense of security to your home, especially when you’re away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several…
US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response…
Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed “Fox Kitten,” the cyber-espionage campaign is said to…
Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game…
Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is…
OpenSSH now supports FIDO U2F security keys for 2-factor authentication
Here’s excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell…
A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ‘SweynTooth,’ affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven’t yet been patched. All SweynTooth flaws…
U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies
The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that…
500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign…
Download: Definitive ‘IR Management and Reporting’ Presentation Template
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory…
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary…
Update Microsoft Windows Systems to Patch 99 New Security Flaws
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the…
Adobe Releases Patches for Dozens of Critical Flaws in 5 Software
Here comes the second ‘Patch Tuesday’ of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The…
App Used by Israel’s Ruling Party Leaked Personal Data of All 6.5 Million Voters
An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a…
U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach
The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held…
The Rise of the Open Bug Bounty Project
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be…
5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code…
Exfiltrating Data from Air-Gapped Computers Using Screen Brightness
It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated…
Prepare for Cisco, CompTIA, and More IT Certifications with this Bundle
Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates. If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle…
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices. Whether it’s about exploiting operating system and software vulnerabilities or…
This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported…
Google Accidentally Shared Private Videos of Some Users With Others
Google might have mistakenly shared your private videos saved on the company’s servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the…
Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users’ accounts. According to Twitter, the vulnerability resided in one of the APIs that has…
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo…
Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale
Remember the recent payment card breach at Wawa convenience stores? If you’re among those millions of customers who shopped at any of 850 Wawa stores last year but haven’t yet hotlisted your cards, it’s high time to take immediate action.…
Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure…
Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol…
How to Clear Data Facebook Collects About You from Other Sites and Apps
Facebook is one of the world’s biggest advertising platforms, and that’s because it knows a lot about you, me, and everyone. Facebook uses many tools to track people across the Internet, whether they have an account with the social networking…
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t…
New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data…
Zoom Bug Could Have Let Uninvited People Join Private Meetings
If you use Zoom to host your remote online meetings, you need to read this piece carefully. The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings,…
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation…
Russian Pleads Guilty to Running ‘CardPlanet’ to Sell Stolen Credit Cards
Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website…
250 Million Microsoft Customer Support Records Exposed Online
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and…
Saudi Prince Allegedly Hacked World’s Richest Man Jeff Bezos Using WhatsApp
The smartphone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed…
Download: The State of Security Breach Protection 2020 Survey Results
What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand…
BitDam Study Exposes High Miss Rates of Leading Email Security Systems
Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines. Actually, you don’t have to. This actually happened. Pence’s email was hacked when he was still the…
Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent…
Evaluating Your Security Controls? Be Sure to Ask the Right Questions
Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And…
Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks
Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in…
Broadening the Scope: A Comprehensive View of Pen Testing
Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization’s IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also…
Use iPhone as Physical Security Key to Protect Your Google Accounts
Great news for iOS users! You can now your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android…