Lucene search
K

20789 matches found

The Hacker News
The Hacker News
added 2021/03/18 6:59 a.m.124 views

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/18 6:59 a.m.5 views

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 11:20 a.m.51 views

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...

2.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 11:20 a.m.13 views

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 11:9 a.m.56 views

[Webinar] Oy Vey, We Hired a Large, Hairy Hacker…

It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover. After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 11:9 a.m.4 views

[Webinar] Oy Vey, We Hired a Large, Hairy Hacker…

It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover. After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 9:8 a.m.6 views

18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 9:8 a.m.55 views

18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 8:1 a.m.3 views

Apple May Start Delivering Security Patches Separately From Other OS Updates

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/17 8:1 a.m.114 views

Apple May Start Delivering Security Patches Separately From Other OS Updates

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/16 10:32 a.m.6 views

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

10CVSS7.8AI score0.99968EPSS
Exploits12
The Hacker News
The Hacker News
added 2021/03/16 10:32 a.m.600 views

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

10CVSS0.5AI score0.99975EPSS
Exploits18
The Hacker News
The Hacker News
added 2021/03/16 6:6 a.m.2 views

Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks. Called Exchange On-premises Mitigation Tool EOMT, the PowerShell-based script serve...

9.8CVSS7.4AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/16 6:6 a.m.700 views

Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks. Called Exchange On-premises Mitigation Tool EOMT, the PowerShell-based script serve...

9.8CVSS0.2AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/15 10:3 a.m.90 views

Rising Demand for DDoS Protection Software Market By 2020-2028

Distributed Denial of Service DDoS attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds ...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/15 10:3 a.m.6 views

Rising Demand for DDoS Protection Software Market By 2020-2028

Distributed Denial of Service DDoS attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds ...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/15 9:39 a.m.64 views

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

The U.S. Department of Justice DoJ on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap also known as...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/15 9:39 a.m.5 views

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

The U.S. Department of Justice DoJ on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap also known as...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/13 8:17 a.m.167 views

CompTIA Security Certification Prep — Lifetime Access for just $30

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/13 8:17 a.m.5 views

CompTIA Security Certification Prep — Lifetime Access for just $30

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/13 3:16 a.m.3 views

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all...

8.8CVSS7.9AI score0.0987EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/03/13 3:16 a.m.288 views

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all...

8.8CVSS2.5AI score0.26525EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/03/12 9:53 a.m.5 views

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 9:53 a.m.71 views

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 8:36 a.m.60 views

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 8:36 a.m.4 views

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 6:35 a.m.72 views

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 6:35 a.m.4 views

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/11 3:4 p.m.611 views

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI...

9.8CVSS10AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/11 3:4 p.m.4 views

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI...

9.8CVSS8AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/11 2:28 p.m.57 views

Fixing the Weakest Link — The Passwords — in Cybersecurity Today

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/11 2:28 p.m.3 views

Fixing the Weakest Link — The Passwords — in Cybersecurity Today

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/11 5:56 a.m.3 views

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service DoS attack and even unauthenticated remote code execution on target networks. The patches concern a total of...

10CVSS8.2AI score0.99898EPSS
Exploits20
The Hacker News
The Hacker News
added 2021/03/11 5:56 a.m.641 views

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service DoS attack and even unauthenticated remote code execution on target networks. The patches concern a total of...

10CVSS0.5AI score0.99999EPSS
Exploits79
The Hacker News
The Hacker News
added 2021/03/10 4:31 p.m.63 views

Researchers Unveil New Linux Malware Linked to Chinese Hackers

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malwa...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/10 4:31 p.m.6 views

Researchers Unveil New Linux Malware Linked to Chinese Hackers

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malwa...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/10 9:24 a.m.68 views

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8, a financially motivated threat...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/10 9:24 a.m.6 views

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8, a financially motivated threat...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/10 5:37 a.m.4161 views

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, an...

10CVSS0.8AI score0.99999EPSS
Exploits67
The Hacker News
The Hacker News
added 2021/03/10 5:37 a.m.6 views

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, an...

10CVSS8.2AI score0.99999EPSS
Exploits67
The Hacker News
The Hacker News
added 2021/03/09 11:13 a.m.4 views

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 11:13 a.m.117 views

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 10:42 a.m.144 views

Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture

The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020. As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 10:42 a.m.4 views

Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture

The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020. As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 9:58 a.m.90 views

SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the...

9.8CVSS1.1AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/03/09 9:58 a.m.5 views

SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the...

9.8CVSS7.6AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/03/09 8:5 a.m.80 views

Microsoft Exchange Hackers Also Breached European Banking Authority

The European Banking Authority EBA on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal da...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 8:5 a.m.7 views

Microsoft Exchange Hackers Also Breached European Banking Authority

The European Banking Authority EBA on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal da...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 6:51 a.m.3 views

Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844 , the vulnerability was discovered and reported to the company by Cléme...

8.8CVSS7.8AI score0.02368EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 6:51 a.m.131 views

Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clémen...

9.8CVSS1.5AI score0.07921EPSS
Exploits1
Total number of security vulnerabilities20789