Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one ...

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws...

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy

There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and...

Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if ...

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices

Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet, this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks. Although the original...

Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password

QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million nearly USD 145 million worth of cryptocurrency after the exchange lost access to its cold offline storage wallets. Reason? Unfortunately, the only person with access to the company's offline wallet, found...

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed...

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

Logged out from your Facebook account automatically? Well you're not alone… Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts. UPDATE...

Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You

With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users. If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron...

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

As part of June's Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month's patch release also includes emergency patches for unsupported version...

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEOLURKER. "The malicious...

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable...

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that m...

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

A threat group that pursues crypto mining and distributed denial-of-service DDoS attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things IoT devices since last month. "This botnet is mainly derived from Gafgyt's source code but h...

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal...

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 CVSS score: 5.4, the weakness...

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of...

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was...

D-Link Agrees to 10 Years of Security Audits to Settle FTC Charges

Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission FTC lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers. Your wireless router is the...

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault, the new OneDrive folder can only be accessed...

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison

A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison. Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims...

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper...

Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files

You have always been warned not to share remote access to your computer with untrusted people for any reason—it's a basic cybersecurity advice, and common sense, right? But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers. A critical...

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation tha...

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it...

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input i...

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging...

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromis...

WhatsApp-based wormable Android malware spotted on the Google Play Store

Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes...

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956, the code injection...

Get 10 Popular Books To Learn Advanced Hacking [2018 Bundle]

It should come as no surprise that cybersecurity is one of the most important and lucrative fields in the world right now, and it's becoming more important every day—thanks to a growing number of cyber attacks that are targeting everything from individuals and startups to Fortune 500 companies an...

Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been...

Android malware loaded with Linux kernel privilege escalation exploit

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. A recently discovered Linux kernel Local privilege escalation exploit, which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone...

Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. The newest of the thr...

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild

A now-patched critical remote code execution RCE vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue...

Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware

Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The list of two flaws is as follows - CVE-2021-30858 WebKit - A use after...

Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel

A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019, with the hackers masquerading themselves as Iranian actors to mislead forensic analysis. FireEye's...

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million...

Over 100 New Chrome Browser Extensions Caught Spying On Users

Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. Awake Security, which disclosed the findings late last...

Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild

It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of software security updates for al...

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted a...

125 New Flaws Found in Routers and NAS Devices from Popular Brands

The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the...

EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very...

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and...

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram, has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an...

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of 'unpatched' Microsoft Office's built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on...

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell Bash, dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over...

Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier toda...

How to Protect yourself from the 'Heartbleed' Bug

Millions of websites, users' passwords, credit card numbers and other personal information may be at risk as a result of the Heartbleed security flaw, a vulnerability in widely used cryptographic library 'OpenSSL'. READ DETAILS HERE Netcraft survey says that about half a million widely trusted...