Lucene search
K

20777 matches found

The Hacker News
The Hacker News
added 2021/10/21 5:52 p.m.40 views

Before and After a Pen Test: Steps to Get Through It

An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test pen test. The penetration test helps to discover vulnerabilities and weaknesses in...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/21 1:16 p.m.114 views

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer

A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked a...

7.8CVSS1.6AI score0.00328EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/21 1:7 p.m.15 views

Product Overview: Cynet SaaS Security Posture Management (SSPM)

Software-as-a-service SaaS applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical ne...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/21 11:0 a.m.23 views

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. Th...

Exploits0
The Hacker News
The Hacker News
added 2021/10/21 7:43 a.m.50 views

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security NS and anti-terrorism AT reasons. The mandate, which is set to go into effect in 90 days,...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/21 7:3 a.m.43 views

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/21 3:42 a.m.43 views

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 1:27 p.m.100 views

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability CVE-2021-0186, CVSS score: 8.2 was discovered by a group of academics from...

8.2CVSS0.2AI score0.00787EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 8:16 a.m.81 views

OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 8:1 a.m.74 views

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata. "The nature of the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 7:20 a.m.70 views

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 CV...

6.1CVSS2.1AI score0.00733EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/19 3:7 p.m.39 views

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine...

9.5AI score0.02134EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/10/19 12:3 p.m.20 views

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/19 6:11 a.m.22 views

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/18 4:0 p.m.83 views

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patchin...

10CVSS8.8AI score0.6773EPSS
Exploits17
The Hacker News
The Hacker News
added 2021/10/18 8:21 a.m.29 views

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/18 6:49 a.m.14 views

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. The development, first spotted by Recorded Future's...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/18 6:30 a.m.16 views

Is Your Data Safe? Check Out Some Cybersecurity Master Classes

Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series. According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/18 5:53 a.m.23 views

Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021

Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/15 2:40 p.m.15 views

Attackers Behind Trickbot Expanding Malware Distribution Channels

The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, ha...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/15 2:23 p.m.22 views

Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages

A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva. The findings come following the discovery of rogue...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/15 2:10 p.m.17 views

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

The U.S. Cybersecurity Infrastructure and Security Agency CISA on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities WWS, highlighting five incidents that occurred between March 2019 and August 2021. "This activity—which includes attempts to...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/14 4:30 p.m.26 views

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

Google's Threat Analysis Group TAG on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33%...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/14 4:20 p.m.38 views

The Ultimate SaaS Security Posture Management (SSPM) Checklist

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management SSPM category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/14 4:16 p.m.68 views

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The...

7.5CVSS0.2AI score0.01294EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/14 2:48 p.m.27 views

VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples

As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/14 2:27 p.m.31 views

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication an...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/13 1:6 p.m.23 views

Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets

A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token NFT marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/13 12:52 p.m.17 views

[eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams

The Software-as-a-service SaaS industry has gone from novelty to an integral part of today's business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to beco...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/13 5:49 a.m.149 views

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack

Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control ov...

9.6CVSS1.4AI score0.73381EPSS
Exploits11
The Hacker News
The Hacker News
added 2021/10/12 9:2 a.m.62 views

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the...

7.5CVSS2.1AI score0.01454EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/12 7:57 a.m.41 views

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...

9.1CVSS0.1AI score0.02993EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/10/12 7:16 a.m.28 views

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service DDoS attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/12 6:9 a.m.25 views

Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms

An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting U.S., E.U., and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/12 3:2 a.m.25 views

Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices

Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service DDoS and spam attacks on behalf of paid customer...

2.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/12 2:41 a.m.73 views

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year. The weakness, assigned the identifier CVE-2021-30883...

9.8CVSS1.1AI score0.75994EPSS
Exploits8
The Hacker News
The Hacker News
added 2021/10/11 2:20 p.m.34 views

Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack

Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. Social engineering is "the art of manipulating people so they give up...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/08 1:41 p.m.65 views

Ransomware Group FIN12 Aggressively Going After Healthcare Targets

An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/08 7:25 a.m.48 views

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family,...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/08 4:47 a.m.105 views

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new...

9.8CVSS9.4AI score0.99992EPSS
Exploits173
The Hacker News
The Hacker News
added 2021/10/07 11:50 a.m.49 views

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 CVSS score: 7.8, involves manipulating the schema file...

9.3CVSS1AI score0.0249EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/07 10:41 a.m.31 views

Penetration Testing Your AWS Environment - A CTO's Guide

So, you've been thinking about getting a Penetration Test done on your Amazon Web Services AWS environment. Great! What should that involve exactly? There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, th...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/07 9:40 a.m.22 views

New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity

The U.S. government on Wednesday announced the formation of a new Civil Cyber-Fraud Initiative that aims to hold contractors accountable for failing to meet required cybersecurity requirements in order to safeguard public sector information and infrastructure. "For too long, companies have chosen...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/07 8:24 a.m.39 views

Apple now requires all apps to make it easy for users to delete their accounts

All third-party iOS, iPadOS, and macOS apps that allow users to create an account should also provide a method for terminating their accounts from within the apps beginning next year, Apple said on Wednesday. "This requirement applies to all app submissions starting January 31, 2022," the iPhone...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/07 6:52 a.m.27 views

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration

Interactive livestreaming platform Twitch acknowledged a "breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. Th...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/06 12:31 p.m.36 views

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dar...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/06 8:40 a.m.19 views

Google to turn on 2-factor authentication by default for 150 million users

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to requi...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/06 7:17 a.m.157 views

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code...

1.5AI score0.00875EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/10/05 4:58 p.m.69 views

Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012

Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI Unified Extensible Firmware Interface bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/05 2:53 p.m.103 views

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could...

7.5CVSS8.3AI score0.99992EPSS
Exploits148
Total number of security vulnerabilities20777