Lucene search
K
ThnMost viewed

20820 matches found

The Hacker News
The Hacker News
added 2021/02/04 11:28 a.m.166 views

How to Audit Password Changes in Active Directory

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user ...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/13 6:22 p.m.166 views

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to th...

10CVSS9.7AI score0.75194EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/07/19 9:31 a.m.166 views

Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully

If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers ISPs asking them to make it mandatory for all their customers to install...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/13 10:42 a.m.166 views

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2017/09/28 5:33 a.m.166 views

Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have...

10CVSS8.9AI score0.99823EPSS
Exploits39
The Hacker News
The Hacker News
added 2022/09/03 3:56 a.m.165 views

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of...

9.6CVSS1.1AI score0.70461EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/04/21 3:15 p.m.165 views

The Incident Response Challenge 2020 — Win $5,000 Prize!

Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://incident-response-challenge.com/ a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/21 9:11 a.m.165 views

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security...

7.8CVSS1.4AI score0.02088EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/04/03 10:8 a.m.165 views

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/21 3:41 a.m.164 views

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that...

9.6CVSS9.6AI score0.99694EPSS
Exploits19
The Hacker News
The Hacker News
added 2023/05/02 5:35 a.m.164 views

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...

10CVSS10.1AI score0.99999EPSS
Exploits370
The Hacker News
The Hacker News
added 2021/09/24 7:26 a.m.164 views

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service DoS...

10CVSS3.3AI score0.0287EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/10/04 8:6 p.m.164 views

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger—promoted as...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/27 1:29 p.m.164 views

Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X

An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a "permanent unpatchable bootrom exploit," in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s A5 chip to iPhone 8 and iPhone X A11 chip. Dubbed Checkm8, the exploit leverag...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2018/01/26 8:8 a.m.164 views

Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets nearly $420 million in NEM tokens and $112 in Ripples. In 2014, Mt Gox, one of the largest bitcoin exchange at that time,...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2016/02/16 9:27 p.m.164 views

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

A highly critical vulnerability has been uncovered in the GNU C Library glibc, a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or...

10CVSS8.5AI score0.94859EPSS
Exploits42
The Hacker News
The Hacker News
added 2023/03/16 4:47 a.m.163 views

CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...

3.6AI score0.97339EPSS
Exploits13
The Hacker News
The Hacker News
added 2022/02/23 8:39 a.m.163 views

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/25 6:52 a.m.163 views

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...

9.8CVSS1.9AI score0.90039EPSS
Exploits4
The Hacker News
The Hacker News
added 2019/02/25 11:27 a.m.163 views

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channe...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/21 10:18 a.m.163 views

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal securi...

8.1CVSS1AI score0.91919EPSS
Exploits22
The Hacker News
The Hacker News
added 2018/09/25 1:15 p.m.163 views

ZDResearch Advanced Web Hacking Training 2018 – Learn Online

Are you looking to master web hacking? Interested in a bug-hunting career? Do you want to land a job in cybersecurity? Are you already working as a security engineer, but want to further advance or refine your skills? If yes, read on. ZDResearch Advanced Web Hacking AWH course, including optional...

Exploits0
The Hacker News
The Hacker News
added 2022/11/29 4:20 a.m.162 views

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 a...

9.8CVSS1AI score0.96284EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/07/13 2:22 p.m.162 views

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue ...

6.5CVSS0.9AI score0.74041EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/03/09 5:23 a.m.161 views

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally...

9.8CVSS2.5AI score0.99815EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/03/04 11:18 a.m.161 views

New FiXS ATM Malware Targeting Mexican Banks

A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/27 3:33 p.m.161 views

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

10CVSS9AI score0.95683EPSS
Exploits99
The Hacker News
The Hacker News
added 2020/02/03 3:35 p.m.161 views

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative 'root' privileges on Linux or macOS systems. Sudo is one of the mos...

7.8CVSS1.2AI score0.19426EPSS
Exploits13
The Hacker News
The Hacker News
added 2019/01/30 10:18 a.m.161 views

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data

If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken. It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/08 12:0 p.m.161 views

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

Exploits0
The Hacker News
The Hacker News
added 2018/08/14 8:45 a.m.161 views

New Man-in-the-Disk attack leaves millions of Android phones vulnerable

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. Dubbed Man-in-the-Disk, the attack...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2012/01/22 11:51 a.m.161 views

Saudi Arabia's King Saud University Database Hacked

Saudi Arabia's King Saud University Database Hacked The Official Website of King Saud University KSU Got hacked by some unknown Hacker.is a public university located in Riyadh, Saudi Arabia. Database of 812 Users hacked from and dumped on Internet by Hacker on a file sharing site including Mail...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/29 4:1 a.m.160 views

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 CVSS score: 7.8, came to light in January 2022 and...

10CVSS1.2AI score0.94921EPSS
Exploits159
The Hacker News
The Hacker News
added 2021/02/05 8:2 a.m.160 views

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-128...

10CVSS1.6AI score0.05421EPSS
Exploits0
The Hacker News
The Hacker News
added 2017/03/09 1:3 a.m.160 views

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild. Apache Struts is a free, open-source, Model-View-Controller MVC framework for creating elegant, modern Java web applications, which...

10CVSS10AI score0.99999EPSS
Exploits44
The Hacker News
The Hacker News
added 2023/08/18 10:57 a.m.159 views

New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware aka ALPHV and Noberus that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that cou...

10CVSS8.9AI score0.99512EPSS
Exploits79
The Hacker News
The Hacker News
added 2016/01/14 10:16 p.m.159 views

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell SSH Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys,...

4.6CVSS7.7AI score0.63468EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/07/05 7:6 a.m.158 views

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin such as Sweden,...

9CVSS8.9AI score0.99759EPSS
Exploits41
The Hacker News
The Hacker News
added 2021/03/25 9:50 a.m.158 views

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with...

9.9CVSS1.4AI score0.01382EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/08/12 6:14 a.m.157 views

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve...

9.8CVSS2.4AI score0.98163EPSS
Exploits16
The Hacker News
The Hacker News
added 2021/10/06 7:17 a.m.157 views

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code...

1.5AI score0.00875EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/09/03 8:36 a.m.157 views

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncover...

9.9CVSS0.6AI score0.61862EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/08/26 9:33 a.m.157 views

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/17 5:15 p.m.157 views

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakista...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/16 10:58 a.m.156 views

Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/09 6:40 a.m.156 views

Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated...

8.8CVSS0.5AI score0.55711EPSS
Exploits12
The Hacker News
The Hacker News
added 2021/12/18 10:9 a.m.156 views

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

The issues with Log4j continued to stack up as the Apache Software Foundation ASF on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service DoS attack. Tracked as CVE-2021-45105 CVSS score...

10CVSS0.3AI score0.99999EPSS
Exploits355
The Hacker News
The Hacker News
added 2021/12/16 6:24 a.m.156 views

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...

10CVSS1AI score0.99999EPSS
Exploits353
The Hacker News
The Hacker News
added 2021/09/14 4:8 a.m.156 views

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine a...

9.6CVSS0.8AI score0.70435EPSS
Exploits12
The Hacker News
The Hacker News
added 2021/05/29 8:34 a.m.156 views

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the...

8.1CVSS7.1AI score0.10648EPSS
Exploits0
Total number of security vulnerabilities5000