Lucene search
K
ThnMost viewed

20782 matches found

The Hacker News
The Hacker News
added 2021/01/05 10:40 a.m.206 views

Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/09 4:57 a.m.206 views

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Importan...

10CVSS1AI score0.8979EPSS
Exploits4
The Hacker News
The Hacker News
added 2023/11/25 4:0 a.m.205 views

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 CVSS score: 10.0 - Disclosure of...

10CVSS10AI score0.81801EPSS
Exploits12
The Hacker News
The Hacker News
added 2018/03/06 1:12 p.m.205 views

Run 'Kali Linux' Natively On Windows 10 — Just Like That!

Great news for hackers. Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application. I know it sounds crazy, but it's true! Kali Linux, a very popular, free, and open-source Linux-based operating system widely used for hacking an...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/11 12:22 p.m.204 views

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/15 11:18 a.m.204 views

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...

10CVSS0.7AI score0.99999EPSS
Exploits81
The Hacker News
The Hacker News
added 2019/07/15 8:50 a.m.204 views

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network ...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/09/17 9:29 a.m.204 views

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept PoC web page containing an exploit that uses only a few lines of...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/12 10:41 a.m.203 views

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller PLC can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the relate...

10CVSS1.2AI score0.25455EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/03/16 1:29 p.m.203 views

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021,...

9CVSS3AI score0.99759EPSS
Exploits41
The Hacker News
The Hacker News
added 2021/04/30 1:1 p.m.203 views

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper S...

9.8CVSS1AI score0.40038EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 10:48 a.m.203 views

Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service DDoS attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and...

Exploits0
The Hacker News
The Hacker News
added 2019/01/24 12:28 p.m.203 views

Learn Python Programming – 7 Courses Video Training Bundle

It's no secret that learning how to code is one of the most important things you can do when it comes to the beginning or furthering practically any career in programming and technology. The only problem a beginner often faces is that there are seemingly countless programming languages to choose...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/12 8:2 p.m.202 views

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing...

7.7AI score0.01046EPSS
Exploits0
The Hacker News
The Hacker News
added 2015/03/12 9:28 p.m.202 views

Adobe Flash Player Update Patches 11 Critical Vulnerabilities

After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack, now its time to update your Adobe Flash Player. Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security...

10CVSS10.3AI score0.71536EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.201 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits71
The Hacker News
The Hacker News
added 2022/02/01 4:16 a.m.201 views

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba...

9CVSS2.9AI score0.74042EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/01/23 8:43 a.m.201 views

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

10CVSS1AI score0.98376EPSS
Exploits7
The Hacker News
The Hacker News
added 2020/04/22 12:49 p.m.201 views

Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails

Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/15 5:46 a.m.200 views

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity...

9.8CVSS9.5AI score0.88196EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/05/05 2:38 a.m.200 views

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

Cloud security and application delivery network ADN provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is...

9.8CVSS0.6AI score0.99999EPSS
Exploits196
The Hacker News
The Hacker News
added 2020/10/06 8:33 a.m.200 views

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...

9.3CVSS0.1AI score0.95121EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/05/01 1:4 p.m.200 views

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier...

9.8CVSS0.8AI score0.96405EPSS
Exploits25
The Hacker News
The Hacker News
added 2019/06/21 2:52 p.m.200 views

This Cryptomining Malware Launches Linux VMs On Windows and macOS

Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed "LoudMiner" and also "Bird Miner," the attack leverages...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/15 7:56 a.m.200 views

Apache Tomcat Patches Important Remote Code Execution Flaw

The Apache Software Foundation ASF has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web...

9.3CVSS1.6AI score0.99652EPSS
Exploits9
The Hacker News
The Hacker News
added 2018/01/31 11:5 p.m.200 views

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity...

9.3CVSS8.1AI score0.9923EPSS
Exploits56
The Hacker News
The Hacker News
added 2017/12/08 10:30 p.m.200 views

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Androi...

7.2CVSS7.4AI score0.20089EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/05/30 9:40 a.m.199 views

Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as naosec uncovered a Word document...

8.8CVSS0.8AI score0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2019/09/06 12:48 p.m.199 views

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...

10CVSS1AI score0.99961EPSS
Exploits28
The Hacker News
The Hacker News
added 2019/02/08 7:50 a.m.199 views

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug CVE-2019-6223...

9.8CVSS8.5AI score0.15705EPSS
Exploits2
The Hacker News
The Hacker News
added 2019/08/14 8:19 a.m.198 views

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for bett...

8.8CVSS0.2AI score0.87806EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/06/07 10:46 a.m.198 views

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day...

7.8CVSS7.1AI score0.41667EPSS
Exploits19
The Hacker News
The Hacker News
added 2019/03/26 8:44 a.m.198 views

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit,...

9.4CVSS1.1AI score0.03242EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/01/23 7:31 a.m.198 views

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

The U.S. Department of Homeland Security DHS has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake ...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/10 7:4 a.m.198 views

Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

Remember "The Shadow Brokers" and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2018/03/05 7:5 p.m.198 views

New 4G LTE Network Attacks Let Hackers Spy, Track, Spoof and Spam

Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline. A new research paper PDF recently publish...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/21 5:0 a.m.197 views

Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks

VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks formerly vRealize Network Insight has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the produ...

9.8CVSS8.5AI score0.98243EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/01/06 9:1 a.m.197 views

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted...

9.8CVSS1.2AI score0.99964EPSS
Exploits16
The Hacker News
The Hacker News
added 2022/10/01 6:36 a.m.197 views

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web she...

8.8CVSS0.4AI score0.99964EPSS
Exploits16
The Hacker News
The Hacker News
added 2022/06/28 11:30 a.m.197 views

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

9.8CVSS2.2AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/02/24 12:32 p.m.197 views

Everything You Need to Know About Evolving Threat of Ransomware

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2016/11/01 11:21 p.m.197 views

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose majo...

7.5CVSS10.4AI score0.45703EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/06/12 4:26 a.m.196 views

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month...

9.8CVSS8.7AI score0.99995EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/09/21 10:20 a.m.196 views

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf UKD caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a...

9.8CVSS0.4AI score0.99999EPSS
Exploits48
The Hacker News
The Hacker News
added 2014/04/14 8:40 p.m.196 views

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...

5CVSS7.7AI score0.99999EPSS
Exploits87
The Hacker News
The Hacker News
added 2023/03/03 10:18 a.m.195 views

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other,...

1.2AI score0.05552EPSS
Exploits0
The Hacker News
The Hacker News
added 2018/12/04 7:16 p.m.195 views

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomwar...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/11 5:29 a.m.194 views

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as...

10CVSS1.2AI score0.91811EPSS
Exploits18
The Hacker News
The Hacker News
added 2019/07/13 7:28 a.m.194 views

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

After months of negotiations, the United States Federal Trade Commission FTC has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/04 8:13 a.m.194 views

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two...

10CVSS10AI score0.08414EPSS
Exploits0
Total number of security vulnerabilities5000