20764 matches found
Google Will Prompt European Android Users to Select Preferred Default Browser
Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcin...
Activist Leaks 11,000 Private Messages from WikiLeaks' Twitter Chats
An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposi...
BTC-e Operator, Accused of Laundering $4 Billion, to be Extradited to France
...
GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature
A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a...
Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System
Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as...
Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault
A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager EPV solutions help organizations...
ExtraTorrent Joins Kickass Torrents in Permanent Shutdown
After the closures of Kickass Torrents and Torrentz.eu, the torrent community now bids farewell to ExtraTorrent, once the second most popular torrent site worldwide. ExtraTorrent has officially shut down. Users should stop searching for 'extratorrents unblock' and 'extratorrents proxy' websites. ...
Inj3ct0r , Milw0rm moved to new domain 1337day.com !
Inj3ct0r , Milw0rm moved to new domain 1337day.com ! Milw0rm also called milwOrm is a group of "hacktivists" , now back with new domain 1337day.com . Its Inj3ct0r 1337 Team exploits and 0day exploits database site. Mirror : .There are more than 15 thousands of Exploits are available on Milw0rm /...
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors t...
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats
The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an...
iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great...
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 CVSS score: 9.1, it relates to a third-party...
Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update version 2.1.1 plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions...
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing...
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...
Secret Backdoors Found in German-made Auerswald VoIP System
Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol VoIP appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices. "Two backdoor...
Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019
As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a report published by Google's Threat Analysis Group TAG, more than 90...
Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme
Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web...
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...
macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks
A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature ...
New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct...
VPNFilter Router Malware Adds 7 New Network Exploitation Modules
Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as...
Real Ghost Caught on Camera! New Facebook Scams Lure Users to Download Malware
If your Facebook wall offers you any horror videos that claim to be of a real ghost spotted, don’t dare to click on them, as it may be hoaxes, malwares or scams contained within which are the real horror for the online users. We have seen a lot of Facebook scams spreading through the Facebook...
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for...
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape b...
Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager EPM solution that, if successfully exploited, could result in remote code execution RCE on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS...
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat APT. Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light i...
Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot CVE-2023-3269, CVSS score: 7.8, the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been...
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439...
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported...
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 CVSS score: 9.9, the issue has been characterized as a command injection vulnerability in...
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...
Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as,...
New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps
A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not...
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...
Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked...
Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software
Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic...
Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The...
Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers
Watch out Windows users! There's a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it. Why? That's because, first, it's an advanced fileless malware and second, it...
Google Proposes 'Privacy Sandbox' to Develop Privacy-Focused Ads
Google today announced a new initiative—called Privacy Sandbox—in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today,...
How Activity Logs Help WordPress Admins Better Manage Website Security
Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or you...
Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library tha...
How to Delete Accidentally Sent Messages, Photos on Facebook Messenger
Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat? Of course, you have. We have all been through drunk texts and embarrassing...
Ex-NSA Developer Gets 5.5 Years in Prison for Taking Top Secret Documents Home
A former NSA employee has been sentenced to five and a half years in prison for illegally taking a copy of highly classified documents and hacking tools to his home computer between 2010 and 2015, which were later stolen by Russian hackers. Nghia Hoang Pho, 68, of Ellicott City, Maryland—who work...
Cyber Security Training Courses – CISA, CISM, CISSP Certifications
Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...
Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC
Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software. A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in...