Lucene search
K
ThnMost viewed

20778 matches found

The Hacker News
The Hacker News
added 2019/07/10 7:41 a.m.174 views

Hackers' Operating System Kali Linux Released for Raspberry Pi 4

We've got some really exciting news for you... Offensive Security has released an official version of Kali Linux for Raspberry Pi 4—the most powerful version of the compact computer board yet that was released just two weeks ago with the full 4GB of RAM at low cost and easy accessibility. Based o...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/25 4:15 p.m.174 views

Warning: ASUS Software Update Server Hacked to Distribute Malware

Remember the CCleaner hack? CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017. Security researchers today revealed another massive supply chain attack that compromised over 1 million...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/05 9:17 a.m.174 views

Facebook admits public data of its 2.2 billion users has been compromised

Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information. On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" too...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/14 7:17 a.m.173 views

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server AS Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS sco...

10CVSS9.9AI score0.94719EPSS
Exploits6
The Hacker News
The Hacker News
added 2019/01/21 3:37 p.m.173 views

New malware found using Google Drive as its command-and-control server

Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campai...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/12/12 8:48 a.m.173 views

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant th...

7.8CVSS9.5AI score0.0583EPSS
Exploits0
The Hacker News
The Hacker News
added 2014/01/02 8:25 p.m.173 views

Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack

In 2013, we have seen a significant increase in the use of a specific distributed denial of service DDoS methodology known as Distributed Reflection Denial of Service attacks DrDoS. Open and misconfigured DNS Domain Name System can be used by anyone to resolve domain names to IP addresses are...

5CVSS6.4AI score0.97549EPSS
Exploits23
The Hacker News
The Hacker News
added 2022/01/05 11:0 a.m.172 views

New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification

An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been trackin...

8.8CVSS0.5AI score0.44647EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/06/08 10:31 a.m.172 views

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to...

7.8CVSS1.4AI score0.16012EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:30 p.m.172 views

Learn How to Manage and Secure Active Directory Service Accounts

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/10/03 7:27 a.m.172 views

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/02 6:47 a.m.171 views

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional...

10CVSS0.4AI score0.9967EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/10/11 11:28 a.m.171 views

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host...

10CVSS1.5AI score0.47868EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/03/15 3:44 a.m.171 views

'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices

Network-attached storage NAS appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been...

7.8CVSS1.5AI score0.88106EPSS
Exploits100
The Hacker News
The Hacker News
added 2020/02/05 8:46 p.m.171 views

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issue...

8.8CVSS1.6AI score0.11685EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/08/30 7:33 a.m.171 views

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...

9.3CVSS0.1AI score0.15705EPSS
Exploits2
The Hacker News
The Hacker News
added 2019/08/27 6:6 a.m.171 views

Apple Releases iOS 12.4.1 Emergency Update to Patch 'Jailbreak' Flaw

Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 b...

9.3CVSS1.8AI score0.17438EPSS
Exploits6
The Hacker News
The Hacker News
added 2019/07/03 8:8 a.m.171 views

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang XUAR is an autonomous territory and home to many Muslim ethnic...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/12/14 4:11 p.m.171 views

New Shamoon Malware Variant Targets Italian Oil and Gas Company

Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia's largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/22 8:27 a.m.171 views

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

7.8CVSS0.1AI score0.96968EPSS
Exploits7
The Hacker News
The Hacker News
added 2018/07/06 1:26 p.m.171 views

Looking For Secure VPN Services? Get a Lifetime Subscription

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/12 7:40 p.m.171 views

Google Blocks Chrome Extension Installations From 3rd-Party Sites

You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/30 9:1 a.m.170 views

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery SSRF vulnerability, while th...

3.9AI score0.99964EPSS
Exploits16
The Hacker News
The Hacker News
added 2022/04/13 3:22 a.m.170 views

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated...

10CVSS0.5AI score0.91811EPSS
Exploits22
The Hacker News
The Hacker News
added 2022/03/08 7:43 a.m.170 views

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" CVE-2022-0847,...

7.8CVSS0.1AI score0.88106EPSS
Exploits171
The Hacker News
The Hacker News
added 2021/09/15 6:36 p.m.170 views

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by...

9.8CVSS0.5AI score0.99723EPSS
Exploits20
The Hacker News
The Hacker News
added 2021/08/02 12:3 p.m.170 views

PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S.

Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as "PwnedPiper" that left a widely-used pneumatic tube system PTS vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis...

10CVSS0.08227EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/10/28 10:40 a.m.169 views

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek...

9.6CVSS0.8AI score0.70461EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/07/18 3:12 p.m.169 views

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system a...

9.8CVSS2.3AI score0.4214EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/05/12 5:41 a.m.169 views

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager, Adobe...

9.6CVSS2.7AI score0.52005EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/23 5:33 a.m.169 views

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 CVSS score 8.4, the flaw concerns an "improper input validation" issue in Qualcomm's Graphics compone...

7.8CVSS7.8AI score0.01772EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/11/16 10:14 a.m.169 views

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could ha...

7.8CVSS1AI score0.01321EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/02/01 2:40 p.m.169 views

Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison

Many of you might have this question in your mind: "Is it illegal to test a website for vulnerability without permission from the owner?" Or… "Is it illegal to disclose a vulnerability publicly?" Well, the answer is YES, it's illegal most of the times and doing so could backfire even when you hav...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/11 5:32 p.m.169 views

Does WhatsApp Have A Privacy Bug That Could Expose Your Messages?

In-short conclusion—Whatsapp service or its 45-days deletion policy doesn't seem to have a bug. For detailed logical explanation, please read below. An Amazon employee earlier today tweeted details about an incident that many suggest could be a sign of a huge privacy bug in the most popular...

Exploits0
The Hacker News
The Hacker News
added 2018/12/18 9:54 a.m.169 views

New Malware Takes Commands From Memes Posted On Twitter

Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter accoun...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/12/11 2:58 p.m.169 views

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!

Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The...

8.8CVSS0.9AI score0.03254EPSS
Exploits0
The Hacker News
The Hacker News
added 2018/06/05 8:6 a.m.169 views

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released almost two months ago. Security researcher Troy...

9.8CVSS1.4AI score0.99993EPSS
Exploits46
The Hacker News
The Hacker News
added 2022/09/22 6:17 a.m.168 views

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple an...

9.8CVSS0.4AI score0.99999EPSS
Exploits225
The Hacker News
The Hacker News
added 2020/11/09 7:59 a.m.168 views

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have bee...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2014/07/30 1:31 a.m.168 views

Instasheep — Instagram Account Hacking Tool Released

Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles, that allows an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/10 8:54 a.m.167 views

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

UPDATE: CVE-2022-23529 Retracted Following Review Auth0 and Unit 42 said they are formally retracting CVE-2022-23529 CVSS score: 7.6 based on the fact that several prerequisites are essential for exploitation. The cybersecurity company said "important security checks" have been added to fix the...

Exploits0
The Hacker News
The Hacker News
added 2022/05/27 7:28 a.m.167 views

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting XSS...

10CVSS3AI score0.99938EPSS
Exploits29
The Hacker News
The Hacker News
added 2022/01/12 6:42 a.m.167 views

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated...

10CVSS0.6AI score0.9279EPSS
Exploits24
The Hacker News
The Hacker News
added 2021/03/13 8:17 a.m.167 views

CompTIA Security Certification Prep — Lifetime Access for just $30

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/12 8:59 a.m.167 views

RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability,...

9.3CVSS0.2AI score0.9857EPSS
Exploits33
The Hacker News
The Hacker News
added 2019/02/06 2:14 p.m.167 views

Android Phones Can Get Hacked Just by Looking at a PNG Image

Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three...

9.3CVSS2.3AI score0.0191EPSS
Exploits0
The Hacker News
The Hacker News
added 2018/08/31 7:11 a.m.167 views

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication 2FA for online accounts with the highest...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/10 6:25 a.m.166 views

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software...

9.8CVSS7.5AI score0.6491EPSS
Exploits14
The Hacker News
The Hacker News
added 2021/08/18 8:33 a.m.166 views

NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise SWC targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the watering hole attacks to a...

8.8CVSS1.1AI score0.81103EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 11:28 a.m.166 views

How to Audit Password Changes in Active Directory

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user ...

7.3AI score
Exploits0
Total number of security vulnerabilities5000