Lucene search
K

20793 matches found

The Hacker News
The Hacker News
added 2021/02/16 1:2 p.m.42 views

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 1:2 p.m.3 views

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 12:33 p.m.3 views

Managed Service Provider? Watch This Video to Learn about Autonomous XDR

As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately. In the meanwhile, your clients are constantly demanding more...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 12:33 p.m.20 views

Managed Service Provider? Watch This Video to Learn about Autonomous XDR

As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately. In the meanwhile, your clients are constantly demanding more...

Exploits0
The Hacker News
The Hacker News
added 2021/02/16 6:0 a.m.152 views

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and...

Exploits0
The Hacker News
The Hacker News
added 2021/02/16 6:0 a.m.5 views

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 4:19 a.m.8 views

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the ap...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/16 4:19 a.m.117 views

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the ap...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/15 11:41 a.m.3 views

Apple will proxy Safe Browsing requests to hide iOS users' IP from Google

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, "Fraudulent...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/15 11:41 a.m.106 views

Apple will proxy Safe Browsing requests to hide iOS users' IP from Google

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, "Fraudulent...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/13 4:39 a.m.5 views

Yandex Employee Caught Selling Access to Users' Email Inboxes

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/13 4:39 a.m.94 views

Yandex Employee Caught Selling Access to Users' Email Inboxes

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/12 10:18 a.m.88 views

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, w...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/12 10:18 a.m.9 views

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, w...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 4:23 p.m.3 views

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 4:23 p.m.41 views

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 10:48 a.m.6 views

The Weakest Link in Your Security Posture: Misconfigured SaaS Settings

In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management SSPM that is critical to today's company security. Recently Malwarebytes released a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 10:48 a.m.47 views

The Weakest Link in Your Security Posture: Misconfigured SaaS Settings

In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management SSPM that is critical to today's company security. Recently Malwarebytes released a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 10:22 a.m.47 views

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 10:22 a.m.10 views

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 9:2 a.m.52 views

Poor Password Security Led to Recent Water Treatment Facility Hack

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an unsuccessful attempt on the part of an adversary to...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 9:2 a.m.7 views

Poor Password Security Led to Recent Water Treatment Facility Hack

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an unsuccessful attempt on the part of an adversary to...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.53 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.9 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/10 12:57 p.m.98 views

Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/10 12:57 p.m.7 views

Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/10 12:18 p.m.4 views

LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...

9.3CVSS7.4AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2021/02/10 12:18 p.m.306 views

LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...

9.3CVSS0.7AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2021/02/10 10:23 a.m.4 views

Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug

Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. "A local attacker may be able to elevate their privileges," Apple said in a security advisory. "This issue...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
The Hacker News
The Hacker News
added 2021/02/10 10:23 a.m.103 views

Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug

Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. "A local attacker may be able to elevate their privileges," Apple said in a security advisory. "This issue...

9.3CVSS0.6AI score0.99295EPSS
Exploits81
The Hacker News
The Hacker News
added 2021/02/10 4:44 a.m.216 views

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities...

10CVSS0.9AI score0.99512EPSS
Exploits105
The Hacker News
The Hacker News
added 2021/02/10 4:44 a.m.6 views

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities...

9.8CVSS8.1AI score0.8621EPSS
Exploits26
The Hacker News
The Hacker News
added 2021/02/09 8:26 a.m.37 views

Ukrainian Police Arrest Author of World's Largest Phishing Service U-Admin

Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorn...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/09 8:26 a.m.6 views

Ukrainian Police Arrest Author of World's Largest Phishing Service U-Admin

Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorn...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/09 6:49 a.m.4 views

Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide NaOH in the water. During a press conference held yesterday, Pinellas County Sheriff Bob...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/09 6:49 a.m.30 views

Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide NaOH in the water. During a press conference held yesterday, Pinellas County Sheriff Bob...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 11:23 a.m.50 views

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 11:23 a.m.4 views

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 10:10 a.m.52 views

Top 5 Bug Bounty Platforms to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 10:10 a.m.3 views

Top 5 Bug Bounty Platforms to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 10:30 a.m.115 views

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google,...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 10:30 a.m.2 views

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 7:28 a.m.69 views

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

2.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 7:28 a.m.6 views

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/05 8:2 a.m.160 views

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-128...

10CVSS1.6AI score0.05421EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/05 8:2 a.m.4 views

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-128...

10CVSS8.1AI score0.05421EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/05 7:40 a.m.4 views

New Chrome Browser 0-day Under Active Attack—Update Immediately!

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw CVE-2021-21148 in its V8 JavaScript rendering engine...

8.8CVSS7.7AI score0.19815EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/05 7:40 a.m.135 views

New Chrome Browser 0-day Under Active Attack—Update Immediately!

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw CVE-2021-21148 in its V8 JavaScript rendering engine...

9.6CVSS9.6AI score0.19815EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 11:28 a.m.166 views

How to Audit Password Changes in Active Directory

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user ...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 11:28 a.m.5 views

How to Audit Password Changes in Active Directory

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user ...

6AI score
Exploits0
Total number of security vulnerabilities20793