20809 matches found
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, ever...
Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests
In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targete...
British Airways Fined £183 Million Under GDPR Over 2018 Data Breach
Britain's Information Commissioner's Office ICO today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach. British Airways, who describes itself as "The World's Favorite...
SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video
I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the...
BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To
A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on t...
Widespread Instagram Hack Locking Users Out of Their Accounts
Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a...
RAMpage Attack Explained—Exploiting RowHammer On Android Again!
A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique CVE-2018-9442 could re-enable an unprivileged...
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. Disclosed today by Googl...
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things IIoT devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology OT environments. "Threat actors can exploit...
FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape
An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...
Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests...
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks
Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers PLCs that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cau...
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...
AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak
These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without much preparation. As these businesses move...
Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...
NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. Dubbed NetCAT, short for Network Cach...
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers t...
Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...
Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller MVC framework for...
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service DoS attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center CERT/CC ...
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager
A security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to...
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 CVSS score: 7.8, the vulnerability has been described as a case of improper validation while...
Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile EPMM, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 CVSS score: 10.0 and discover...
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
The U.S. Cybersecurity and Infrastructure Security Agency CISA has published three Industrial Control Systems ICS advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's...
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ONVIF standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 CVSS score: 7.4, the "vulnerability could be abused by attackers to...
VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege...
Users Can Be Just As Dangerous As Hackers
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be ...
Google now requires app developers to verify their address and use 2FA
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...
How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection
Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphon...
Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution RCE. Chief among...
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a...
Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers
A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...
US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will n...
New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code ...
Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks
Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. If you are an electric scooter rider, you should be concerned about yourself. In a...
Google fined $57 million by France for lack of transparency and consent
The French data protection watchdog CNIL has issued its first fine of €50 million around $57 million under the European Union's new General Data Protection Regulation GDPR law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate informati...
Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware
Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from...
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But...
Surveillance malware targets 350 high profile victims in 40 countries
A global cyber espionage campaign affecting over 350 high profile victims in 40 countries, appears to be the work of Chinese hackers using a Surveillance malware called "NetTraveler". Kaspersky Lab’s team of experts published a new research report about NetTraveler, which is a family of malicious...
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly ...
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity...
Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during...
Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software
Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services NSS cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw...
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan RAT capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an...
Hackers Tampered With APKPure Store to Distribute Malware Apps
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the...
Apple will proxy Safe Browsing requests to hide iOS users' IP from Google
Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, "Fraudulent...
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...
Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores
Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident...