Lucene search
+L
ThnMost viewed

20919 matches found

The Hacker News
The Hacker News
added 2019/03/12 9:7 a.m.80 views

Windows 10 Now Automatically Uninstalls Updates That Cause Problems

Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/06 9:28 a.m.80 views

Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency

The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash ZEC. Yes, infinite… like a never-ending source of money. Launched i...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2018/09/25 3:9 p.m.80 views

SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information PII of almost 6.5 million customers. Based in North Brunswick and founded in 2008, SHEIN has become one of the largest online...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/09/06 5:12 p.m.80 views

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/10 5:24 p.m.80 views

Adobe Releases Security Patch Updates For 112 Vulnerabilities

Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited. The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader. None...

8.8CVSS1.7AI score0.53755EPSS
Exploits1
The Hacker News
The Hacker News
added 2018/06/19 8:2 p.m.80 views

Email Phishers Using A Simple Way to Bypass MS Office 365 Protection

Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners. Dubbed ZeroFont, the technique involves...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/11 10:15 a.m.80 views

Hackers Stole Over $20 Million in Ethereum from Insecurely Configured Clients

Security researchers have been warning about cybercriminals who have made over 20 million dollars in just past few months by hijacking insecurely configured Ethereum nodes exposed on the Internet. Qihoo 360 Netlab in March tweeted about a group of cybercriminals who were scanning the Internet for...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/03/29 2:36 p.m.80 views

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws...

7.8CVSS7.6AI score0.08915EPSS
Exploits2
The Hacker News
The Hacker News
added 2018/02/14 9:56 a.m.80 views

Microsoft Won't Patch a Severe Skype Vulnerability Anytime Soon

A serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user. The worst part is that...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2017/05/31 9:28 p.m.80 views

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "getprocessttyname" function f...

6.9CVSS7.2AI score0.08018EPSS
Exploits8
The Hacker News
The Hacker News
added 2016/03/24 3:55 a.m.80 views

What is SMTP STS? How It improves Email Security for StartTLS?

Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol SMTP, is...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2013/11/15 5:35 a.m.80 views

Japanese word processor 'Ichitaro' zero-day attack discovered in the wild

None...

9.3CVSS2.1AI score0.8593EPSS
Exploits18
The Hacker News
The Hacker News
added 2013/11/13 5:22 a.m.80 views

Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

None...

10CVSS1.9AI score0.93797EPSS
Exploits13
The Hacker News
The Hacker News
added 2024/10/28 3:44 p.m.79 views

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head...

9.9CVSS7.9AI score0.94761EPSS
Exploits11
The Hacker News
The Hacker News
added 2024/04/02 1:18 p.m.79 views

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 CVSS score: 10.0, came...

10CVSS10AI score0.85974EPSS
Exploits40
The Hacker News
The Hacker News
added 2024/01/25 10:8 a.m.79 views

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle AitM attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat APT...

9CVSS5.9AI score0.99876EPSS
Exploits26
The Hacker News
The Hacker News
added 2024/01/12 6:35 a.m.79 views

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 CVSS score: 9.8, is a...

9.8CVSS9.3AI score0.99649EPSS
Exploits11
The Hacker News
The Hacker News
added 2023/11/07 8:59 a.m.79 views

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE describe...

7.8CVSS7.5AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2023/10/25 1:20 p.m.79 views

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security...

6.1CVSS5.8AI score0.75873EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/08/24 8:21 a.m.79 views

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...

8.6CVSS8.2AI score0.99999EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/05/31 3:44 p.m.79 views

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...

10CVSS6.9AI score0.99997EPSS
Exploits43
The Hacker News
The Hacker News
added 2023/05/10 2:23 p.m.79 views

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 CVSS score: 6.5, has been described as a security feature bypass. It w...

9.8CVSS8.5AI score0.97408EPSS
Exploits18
The Hacker News
The Hacker News
added 2023/04/19 9:30 a.m.79 views

U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targete...

9CVSS9.4AI score0.21424EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/02/28 6:42 a.m.79 views

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

7.5CVSS1.3AI score0.95335EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/10/31 12:0 p.m.79 views

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web MotW protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/28 10:43 a.m.79 views

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth ...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/01/22 4:4 a.m.79 views

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...

1.2AI score0.70947EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/08/23 1:48 p.m.79 views

Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group

ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/17 12:9 p.m.79 views

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network CDN that serves about 4,041 JavaScript and CSS libraries, making...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/24 10:24 a.m.79 views

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the...

7.5CVSS1.1AI score0.00626EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/06/14 6:59 a.m.79 views

Chinese Hackers Believed to be Behind Second Cyberattack on Air India

Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/01 8:41 a.m.79 views

Report: Danish Secret Service Helped NSA Spy On European Politicians

The U.S. National Security Agency NSA used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of t...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/17 9:13 a.m.79 views

What are the different roles within cybersecurity?

People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles,...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/22 11:15 a.m.79 views

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

7.8CVSS0.1AI score0.11022EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/05/19 11:20 a.m.79 views

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne EPFL disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIA...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/14 11:16 a.m.79 views

Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity

As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the nuts and bolts of connectivity. CISOs and their team members are facing new challenges each and every day, many of...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/01 11:57 a.m.79 views

Webinar — Autonomous Breach Protection: The New Security Paradigm Shift

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and security teams...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/11 3:8 p.m.79 views

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II the virus, which causes COVID-19 the disease, is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/22 3:6 p.m.79 views

Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals

If you're like most consumers, you're probably looking forward to the upcoming Black Friday and Cyber Monday sale events. Who wouldn't want to get all sorts of products and services at massive discounts? But while most consumers are typically eyeing personal gadgets and entertainment appliances,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/02 8:53 a.m.79 views

How SMBs Can Mitigate the Growing Risk of File-based Attacks

Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/16 7:49 a.m.79 views

Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps

In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/13 8:54 a.m.79 views

Let Experts Do Their Job – Managed WAF by Indusface

WAF Web Application Firewall has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF ...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/29 8:48 a.m.79 views

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magent...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/15 7:49 a.m.79 views

12 Russian Intelligence Agents Indicted For Hacking DNC Emails

The US Justice Department has announced criminal indictments against 12 Russian intelligence officers tied to the hack of the Democratic National Committee DNC during the 2016 US presidential election campaign. The charges were drawn up as part of the investigation of Russian interference in the...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/03 12:33 p.m.79 views

SUSE Linux Has Been Sold For $2.5 Billion

SUSE, the open source software company owned by British firm Micro Focus International, has been sold to a Swedish private equity firm. Yes, SUSE Linux and its associated software business has finally been acquired by EQT Partners for $2.535 billion, lifting its shares 6 percent. SUSE is one of t...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/17 9:54 a.m.79 views

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/25 12:31 p.m.79 views

Google Redesigns Gmail – Here's a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2013/11/21 4:13 a.m.79 views

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

Cyber security of many organizations being attacked at an extremely high rate this month, well another alarming cyber crime report become public today. A widely unpatched and two years old critical vulnerability in JBoss Application Server AS that enable an attacker to remotely get a shell on a...

10CVSS0.6AI score0.79003EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/12/21 7:22 a.m.78 views

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the...

9.3CVSS8.3AI score0.99945EPSS
Exploits41
The Hacker News
The Hacker News
added 2023/10/11 12:26 p.m.78 views

CISA Warns of Actively Exploited Adobe Acrobat Reader Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 CVSS score: 7.8, the vulnerability has been described ...

7.8CVSS8AI score0.61475EPSS
Exploits2
Total number of security vulnerabilities5000