Lucene search
K
ThnMost viewed

20809 matches found

The Hacker News
The Hacker News
added 2020/02/05 11:16 a.m.110 views

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, ever...

7.9CVSS8.4AI score0.02114EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/11/29 12:15 p.m.110 views

Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targete...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/08 8:22 a.m.110 views

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Britain's Information Commissioner's Office ICO today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach. British Airways, who describes itself as "The World's Favorite...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/03 9:15 a.m.110 views

SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video

I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the...

5.5CVSS2.8AI score0.13318EPSS
Exploits7
The Hacker News
The Hacker News
added 2019/03/11 3:33 p.m.110 views

BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on t...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/15 7:0 p.m.110 views

Widespread Instagram Hack Locking Users Out of Their Accounts

Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/29 4:59 p.m.110 views

RAMpage Attack Explained—Exploiting RowHammer On Android Again!

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique CVE-2018-9442 could re-enable an unprivileged...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/01/03 7:34 p.m.110 views

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. Disclosed today by Googl...

4.7CVSS7AI score0.93838EPSS
Exploits12
The Hacker News
The Hacker News
added 2023/02/09 2:9 p.m.109 views

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things IIoT devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology OT environments. "Threat actors can exploit...

10CVSS1.1AI score0.1228EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/12/22 1:13 p.m.109 views

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...

9CVSS1AI score0.99965EPSS
Exploits39
The Hacker News
The Hacker News
added 2021/10/30 6:28 p.m.109 views

Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide

12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests...

Exploits0
The Hacker News
The Hacker News
added 2021/08/05 9:33 a.m.109 views

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers PLCs that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cau...

9.1CVSS0.2AI score0.0237EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/09 10:43 a.m.109 views

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/30 11:21 a.m.109 views

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without much preparation. As these businesses move...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/24 1:0 p.m.109 views

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples

Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/11 1:9 p.m.109 views

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. Dubbed NetCAT, short for Network Cach...

4.8CVSS1.1AI score0.00753EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/07/30 4:23 p.m.109 views

Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers t...

9.8CVSS1.1AI score0.01355EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/06/06 9:54 a.m.109 views

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...

3.4AI score
Exploits0
The Hacker News
The Hacker News
added 2017/09/05 7:40 a.m.109 views

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller MVC framework for...

6.8CVSS9.1AI score0.99461EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/04/04 11:15 a.m.108 views

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service DoS attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center CERT/CC ...

8.2CVSS6.6AI score0.94615EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/01/09 9:52 a.m.108 views

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

A security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to...

9.8CVSS8.6AI score0.18903EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/08/21 1:44 p.m.108 views

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 CVSS score: 7.8, the vulnerability has been described as a case of improper validation while...

7.5AI score0.1308EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/08/03 4:6 a.m.108 views

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile EPMM, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 CVSS score: 10.0 and discover...

9.4AI score0.99999EPSS
Exploits14
The Hacker News
The Hacker News
added 2022/11/04 10:1 a.m.108 views

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published three Industrial Control Systems ICS advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's...

2.9AI score0.02283EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/07/29 10:49 a.m.108 views

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ONVIF standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 CVSS score: 7.4, the "vulnerability could be abused by attackers to...

9.8CVSS0.3AI score0.0161EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/03/24 3:38 a.m.108 views

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

9.1CVSS3.5AI score0.21926EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/03/17 12:59 p.m.108 views

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege...

10CVSS0.6AI score0.99964EPSS
Exploits108
The Hacker News
The Hacker News
added 2021/08/09 1:28 p.m.108 views

Users Can Be Just As Dangerous As Hackers

Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be ...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/29 9:39 a.m.108 views

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/03 6:49 a.m.108 views

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphon...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/26 5:7 a.m.108 views

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution RCE. Chief among...

10CVSS8.2AI score0.36426EPSS
Exploits2
The Hacker News
The Hacker News
added 2020/09/10 11:9 a.m.108 views

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a...

5.9CVSS1.1AI score0.01206EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/04/21 9:55 a.m.108 views

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/20 8:46 a.m.108 views

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei

Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will n...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/20 1:0 p.m.108 views

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code ...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/12 2:8 p.m.108 views

Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks

Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. If you are an electric scooter rider, you should be concerned about yourself. In a...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/21 6:45 p.m.108 views

Google fined $57 million by France for lack of transparency and consent

The French data protection watchdog CNIL has issued its first fine of €50 million around $57 million under the European Union's new General Data Protection Regulation GDPR law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate informati...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/03 9:16 a.m.108 views

Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/05/14 5:32 a.m.108 views

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But...

7.7CVSS7.2AI score0.15275EPSS
Exploits1
The Hacker News
The Hacker News
added 2013/06/04 5:39 a.m.108 views

Surveillance malware targets 350 high profile victims in 40 countries

A global cyber espionage campaign affecting over 350 high profile victims in 40 countries, appears to be the work of Chinese hackers using a Surveillance malware called "NetTraveler". Kaspersky Lab’s team of experts published a new research report about NetTraveler, which is a family of malicious...

9.3CVSS1.9AI score0.99966EPSS
Exploits12
The Hacker News
The Hacker News
added 2024/04/23 4:23 a.m.107 views

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly ...

9.8CVSS9.8AI score0.97798EPSS
Exploits67
The Hacker News
The Hacker News
added 2023/11/16 12:3 p.m.107 views

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

10CVSS9.2AI score0.99512EPSS
Exploits75
The Hacker News
The Hacker News
added 2022/03/09 5:44 a.m.107 views

Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity...

8.8CVSS1.2AI score0.40789EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/01/05 5:12 a.m.107 views

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during...

10CVSS9.5AI score0.99999EPSS
Exploits356
The Hacker News
The Hacker News
added 2021/12/02 5:10 a.m.107 views

Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software

Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services NSS cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw...

9.8CVSS1AI score0.17563EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/07/29 3:18 p.m.107 views

Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan RAT capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an...

8.8CVSS0.7AI score0.81103EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/04/10 6:50 a.m.107 views

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/15 11:41 a.m.107 views

Apple will proxy Safe Browsing requests to hide iOS users' IP from Google

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, "Fraudulent...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/08 4:56 p.m.107 views

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...

4.2CVSS0.5AI score0.00196EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/12/20 10:5 a.m.107 views

Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident...

0.2AI score
Exploits0
Total number of security vulnerabilities5000