Tag: The Hacker News

A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency’s classified hacking and tools and leaking it to WikiLeaks…

Read more →

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as “Take A Way,” the new potential attack vectors leverage the…

Read more →

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.…

Read more →

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What…

Read more →

The US-CERT today issued advisory warning users of a new dangerous remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other…

Read more →

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of…

Read more →

Not happy with your expensive iPhone and wondered if it’s possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can…

Read more →

The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The…

Read more →

The RSA Conference, the world’s leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss…

Read more →

Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include…

Read more →

At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to…

Read more →

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court…

Read more →

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims’ knowledge. Called “SurfingAttack,” the attack leverages the unique…

Read more →

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that’s possible because all versions (9.x/8.x/7.x/6.x) of the Apache…

Read more →

Let’s Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it’s issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015,…

Read more →

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up…

Read more →

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed ‘Kr00k’ and tracked as CVE-2019-15126, the…

Read more →

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for…

Read more →

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users’ devices, especially when they use unprotected external storage that’s prone to hijacking. Moreover, considering that there are not many reference…

Read more →

If you use the Firefox web browser, here’s an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their…

Read more →

You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But…

Read more →

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three…

Read more →

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of…

Read more →

Phishing attacks have become one of the business world’s top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which…

Read more →

Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian…

Read more →

Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential…

Read more →

Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary…

Read more →

Smart doorbells and cameras bring a great sense of security to your home, especially when you’re away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several…

Read more →

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response…

Read more →

A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed “Fox Kitten,” the cyber-espionage campaign is said to…

Read more →

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game…

Read more →

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is…

Read more →

Here’s excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell…

Read more →

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ‘SweynTooth,’ affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven’t yet been patched. All SweynTooth flaws…

Read more →

The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that…

Read more →

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign…

Read more →

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory…

Read more →

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary…

Read more →

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the…

Read more →

Here comes the second ‘Patch Tuesday’ of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The…

Read more →

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a…

Read more →

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held…

Read more →

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be…

Read more →

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code…

Read more →

It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated…

Read more →

Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates. If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle…

Read more →

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices. Whether it’s about exploiting operating system and software vulnerabilities or…

Read more →

A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported…

Read more →

Google might have mistakenly shared your private videos saved on the company’s servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the…

Read more →

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users’ accounts. According to Twitter, the vulnerability resided in one of the APIs that has…

Read more →

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo…

Read more →

Remember the recent payment card breach at Wawa convenience stores? If you’re among those millions of customers who shopped at any of 850 Wawa stores last year but haven’t yet hotlisted your cards, it’s high time to take immediate action.…

Read more →

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure…

Read more →

Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol…

Read more →

Facebook is one of the world’s biggest advertising platforms, and that’s because it knows a lot about you, me, and everyone. Facebook uses many tools to track people across the Internet, whether they have an account with the social networking…

Read more →

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t…

Read more →

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data…

Read more →

If you use Zoom to host your remote online meetings, you need to read this piece carefully. The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings,…

Read more →

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation…

Read more →

Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website…

Read more →

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and…

Read more →

The smartphone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed…

Read more →

What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand…

Read more →

Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines. Actually, you don’t have to. This actually happened. Pence’s email was hacked when he was still the…

Read more →

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent…

Read more →

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And…

Read more →

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in…

Read more →

Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization’s IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also…

Read more →

Great news for iOS users! You can now your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android…

Read more →

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of new vulnerabilities in its various products. What’s so special about the latest Patch Tuesday is…

Read more →

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It’s the first Patch Tuesday for the year 2020 and one of the…

Read more →

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise,…

Read more →

It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code…

Read more →

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla’s website. Why the…

Read more →

TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users’ privacy, censoring politically controversial content and on national-security grounds—but it’s not over yet, as the security of billions of TikTok users would be now under question. The…

Read more →

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are…

Read more →

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in…

Read more →

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one…

Read more →

Landry’s, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers’ payment card information. Landry’s owns and operates more than 600 bars, restaurants, hotels,…

Read more →