20740 matches found
Critical Flaws Discovered in Cisco Small Business RV Series Routers
Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept PoC exploit code targeting some of these bugs. Three ...
Google Makes 2 Years of Android Security Updates Mandatory for Device Makers
When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...
Google Developer Discovers a Critical Bug in Modern Web Browsers
Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...
Reddit Hacked – Emails, Passwords, Private Messages Stolen
Another day, another significant data breach. This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators. Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data,...
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...
Facebook Fined £500,000 for Cambridge Analytica Data Scandal
Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK's Information Commissioner's Office ICO and was calculated using the UK's old...
Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine guest OS and execute code on the operating...
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce...
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions...
LibSSH Flaw Allows Hackers to Take Over Servers Without Password
A four-year-old severe vulnerability has been discovered in the Secure Shell SSH implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security...
Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed
Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the...
New Android API Lets Developers Push Updates Within their Apps
You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along...
IBM Buys "Red Hat" Open-Source Software Company for $34 Billion
It's been quite a year for the open source platforms. Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion, and now IBM has just announced the biggest open-source business deal ever. IBM today confirmed that it would be acquiring open source Linux...
New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1
It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News a...
FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON...
Critical Flaws Found in Amazon FreeRTOS IoT Operating System
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS Amazon, WHIS OpenRTOS...
CredSSP Flaw in Remote Desktop Protocol Affects All Versions of Windows
A critical vulnerability has been discovered in Credential Security Support Provider protocol CredSSP that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code. CredSSP protocol has been designed to be used by RDP...
Here's How Hackers Could Have Spied On Your DJI Drone Account
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos tak...
Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and...
3 New Code Execution Flaws Discovered in Atlantis Word Processor
This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to...
63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49...
New iPhone Bug Gives Anyone Access to Your Private Photos
A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in...
Accused CIA Leaker Faces New Charges of Leaking Information From Prison
Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federa...
NSA to release its GHIDRA reverse engineering tool for free
The United States' National Security Agency NSA is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco. The existence of the framework, dubbed GHIDRA, was first publicly revealed by...
Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service DoS attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department DoJ press release, Austin Thompson, a.k.a. "DerpTroll,"...
Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...
Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs
Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update,...
New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe. Dubbed "Ripple20," the set of 19...
Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update version 1809 that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent. With Windows 10, Microsoft introduced a common...
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate...
Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another...
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
Cyber operatives affiliated with the Russian Foreign Intelligence Service SVR have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operato...
Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities
Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems. "Multiple, distinct threat actors view this...
Signal Secure Messaging App Now Encrypts Sender's Identity As Well
Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are full...
Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuse...
New High-Severity Vulnerability Reported in Pulse Connect Secure VPN
Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote...
Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details ...
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in...
Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability
Microsoft finally released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in...
LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence
A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan RAT called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney's Office, Colton Grubbs, who used...
The Fappening 4 — Private Pictures of Celebrities Leaked Online
The leaks of celebrity photos continue, revealing their first male victim in the fourth wave. As a result of the Fappening 4, Nick Hogan, the son of Hulk Hogan, became the first celebrity male to fall victim to the leaked private photos. The first three 'celebs photos leaks' usually include image...
New Incident Report Reveals How Hive Ransomware Targets Organizations
A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the...
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
Pulse Secure has shipped a fix for a critical post-authentication remote code execution RCE vulnerability in its Connect Secure virtual private network VPN appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure...
Tumblr Patches A Flaw That Could Have Exposed Users' Account Info
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected hashed and salted...
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python...
Another Facebook Bug Could Have Exposed Your Private Information
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk. Discovered by cybersecurity researchers...
Top 5 Factors That Increase Cyber Security Salary The Most
Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make. Here's...
Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely
Earlier this week Intel announced a critical escalation of privilege bug that affects its remote management features shipping with Intel Server chipsets for past 7 years, which, if exploited, would allow a remote attacker to take control of vulnerable PCs, laptops, or servers. The vulnerability,...
WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws
The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as...