Lucene search
K

20789 matches found

The Hacker News
The Hacker News
added 2021/03/29 11:27 a.m.176 views

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysi...

6CVSS0.7AI score0.00577EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/29 11:27 a.m.7 views

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysi...

6CVSS7.2AI score0.00577EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/29 11:10 a.m.35 views

How to Effectively Prevent Email Spoofing Attacks in 2021?

Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/29 11:10 a.m.5 views

How to Effectively Prevent Email Spoofing Attacks in 2021?

Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/29 12:30 a.m.3 views

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/29 12:30 a.m.49 views

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/27 9:14 a.m.82 views

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/27 9:14 a.m.6 views

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/27 6:7 a.m.5 views

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879 , the vulnerabilit...

6.1CVSS7.2AI score0.07082EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/27 6:7 a.m.211 views

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability...

9.8CVSS8.4AI score0.07921EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/03/26 2:56 p.m.9 views

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service DoS attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450 , both the vulnerabilities have been resolved in a...

7.4CVSS7.2AI score0.62906EPSS
Exploits4
The Hacker News
The Hacker News
added 2021/03/26 2:56 p.m.135 views

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service DoS attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an...

7.4CVSS1.4AI score0.62906EPSS
Exploits4
The Hacker News
The Hacker News
added 2021/03/26 8:57 a.m.217 views

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its finding...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/26 8:57 a.m.4 views

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its finding...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/26 5:7 a.m.108 views

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution RCE. Chief among...

10CVSS8.2AI score0.36426EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/03/26 5:7 a.m.4 views

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution RCE. Chief among...

4.9CVSS6.9AI score0.0076EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 12:5 p.m.4 views

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43%...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 12:5 p.m.100 views

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43%...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 11:43 a.m.54 views

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment ROI. If you have purchased or are thinking about purchasing a self-service password reset SSPR tool, on...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 11:43 a.m.4 views

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment ROI. If you have purchased or are thinking about purchasing a self-service password reset SSPR tool, on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 9:50 a.m.5 views

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with...

9.9CVSS7.5AI score0.01382EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 9:50 a.m.157 views

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with...

9.9CVSS1.4AI score0.01382EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 8:41 a.m.54 views

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/25 8:41 a.m.4 views

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/24 6:36 a.m.50 views

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/24 6:36 a.m.9 views

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox , a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/23 11:24 a.m.4 views

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...

9.8CVSS6.7AI score0.01163EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/23 11:24 a.m.223 views

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...

9.8CVSS1.7AI score0.01163EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/23 5:33 a.m.3 views

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 CVSS score 8.4, the flaw concerns an "improper input validation" issue in Qualcomm's Graphics compone...

7.8CVSS7.2AI score0.01772EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/23 5:33 a.m.169 views

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 CVSS score 8.4, the flaw concerns an "improper input validation" issue in Qualcomm's Graphics compone...

7.8CVSS7.8AI score0.01772EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/22 2:52 p.m.54 views

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...

9.8CVSS1.9AI score0.0148EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/22 2:52 p.m.4 views

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...

9.8CVSS8.1AI score0.0148EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/22 8:34 a.m.5 views

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning ERP system. Tracked as CVE-2021-26295, the flaw affects all versions of t...

9.8CVSS8.1AI score0.97969EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/03/22 8:34 a.m.99 views

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning ERP system. Tracked as CVE-2021-26295, the flaw affects all versions of t...

9.8CVSS3.1AI score0.97969EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/03/20 3:54 p.m.6 views

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of i...

10CVSS8.4AI score0.99898EPSS
Exploits20
The Hacker News
The Hacker News
added 2021/03/20 3:54 p.m.282 views

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of i...

10CVSS1.3AI score0.99999EPSS
Exploits79
The Hacker News
The Hacker News
added 2021/03/19 11:14 a.m.4 views

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/19 11:14 a.m.51 views

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/19 7:46 a.m.4 views

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/19 7:46 a.m.52 views

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/19 6:48 a.m.95 views

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not...

4.3CVSS4.6AI score0.16289EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/03/19 6:48 a.m.3 views

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not...

4.3CVSS6AI score0.16289EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/03/18 4:8 p.m.5 views

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution RCE without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell...

8.8CVSS7.8AI score0.1059EPSS
Exploits13
The Hacker News
The Hacker News
added 2021/03/18 4:8 p.m.190 views

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution RCE without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell...

8.8CVSS0.7AI score0.1059EPSS
Exploits13
The Hacker News
The Hacker News
added 2021/03/18 1:3 p.m.65 views

How to Successfully Pursue a Career in Malware Analysis

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferati...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 1:3 p.m.3 views

How to Successfully Pursue a Career in Malware Analysis

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferati...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 10:19 a.m.178 views

Why Cached Credentials Can Cause Account Lockouts and How to Stop it

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 10:19 a.m.4 views

Why Cached Credentials Can Cause Account Lockouts and How to Stop it

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 9:5 a.m.144 views

Google Reveals What Personal Data Chrome and Its Apps Collect On You

Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 9:5 a.m.5 views

Google Reveals What Personal Data Chrome and Its Apps Collect On You

Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much...

5.8AI score
Exploits0
Total number of security vulnerabilities20789