20782 matches found
Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Importan...
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 CVSS score: 10.0 - Disclosure of...
Run 'Kali Linux' Natively On Windows 10 — Just Like That!
Great news for hackers. Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application. I know it sounds crazy, but it's true! Kali Linux, a very popular, free, and open-source Linux-based operating system widely used for hacking an...
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon...
Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices
A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network ...
Watch Out! This New Web Exploit Can Crash and Restart Your iPhone
It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept PoC web page containing an exploit that uses only a few lines of...
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
A vulnerability in Siemens Simatic programmable logic controller PLC can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the relate...
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021,...
Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks
An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper S...
Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices
A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service DDoS attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and...
Learn Python Programming – 7 Courses Video Training Bundle
It's no secret that learning how to code is one of the most important things you can do when it comes to the beginning or furthering practically any career in programming and technology. The only problem a beginner often faces is that there are seemingly countless programming languages to choose...
Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing...
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack, now its time to update your Adobe Flash Player. Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security...
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...
New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba...
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...
Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails
Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers...
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity...
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
Cloud security and application delivery network ADN provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is...
New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...
Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier...
This Cryptomining Malware Launches Linux VMs On Windows and macOS
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed "LoudMiner" and also "Bird Miner," the attack leverages...
Apache Tomcat Patches Important Remote Code Execution Flaw
The Apache Software Foundation ASF has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web...
Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit
2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity...
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Androi...
Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild
Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as naosec uncovered a Word document...
Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...
Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs
Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug CVE-2019-6223...
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for bett...
Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day...
Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit,...
DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
The U.S. Department of Homeland Security DHS has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake ...
Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker
Remember "The Shadow Brokers" and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S...
New 4G LTE Network Attacks Let Hackers Spy, Track, Spoof and Spam
Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline. A new research paper PDF recently publish...
Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks formerly vRealize Network Insight has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the produ...
Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted...
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web she...
APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor
Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...
Everything You Need to Know About Evolving Threat of Ransomware
The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause...
Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System
Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose majo...
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month...
A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf UKD caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a...
HeartBleed Bug Explained - 10 Most Frequently Asked Questions
Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other,...
New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomwar...
Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as...
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation
After months of negotiations, the United States Federal Trade Commission FTC has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and...
Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader
I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two...