Lucene search
K

20793 matches found

The Hacker News
The Hacker News
added 2021/01/27 10:18 a.m.2 views

Using the Manager Attribute in Active Directory (AD) for Password Resets

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 10:18 a.m.35 views

Using the Manager Attribute in Active Directory (AD) for Password Resets

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 5:50 a.m.4 views

Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three zero-day flaws — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed...

9.8CVSS7.7AI score0.07921EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/01/27 5:50 a.m.115 views

Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three zero-day flaws — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed...

9.8CVSS0.8AI score0.07921EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/01/27 4:28 a.m.135 views

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble th...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 4:28 a.m.4 views

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble th...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:22 a.m.4 views

Targeted Phishing Attacks Strike High-Ranking Company Executives

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:22 a.m.49 views

Targeted Phishing Attacks Strike High-Ranking Company Executives

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.42 views

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.5 views

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.5 views

vCISO Shares Most Common Risks Faced by Companies With Small Security Teams

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs vCISOs to provide security expertise and guidance. vCISOs are...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.43 views

vCISO Shares Most Common Risks Faced by Companies With Small Security Teams

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs vCISOs to provide security expertise and guidance. vCISOs are...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 5:10 a.m.74 views

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group TAG said the adversary created a...

7.8CVSS0.6AI score0.39653EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 5:10 a.m.4 views

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group TAG said the adversary created a...

7.8CVSS7.7AI score0.39653EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 1:46 p.m.4 views

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 1:46 p.m.56 views

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.60 views

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.6 views

Beware — A New Wormable Android Malware Spreading Through WhatsApp

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a li...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.69 views

Beware — A New Wormable Android Malware Spreading Through WhatsApp

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a li...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.3 views

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/23 11:0 a.m.7 views

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager NTLM that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 CVSS score 4.3, was described as a "remotely exploitable" bug...

8.8CVSS8.1AI score0.0938EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/01/23 11:0 a.m.143 views

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager NTLM that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 CVSS score 4.3, was described as a "remotely exploitable" bug...

8.8CVSS9.3AI score0.0938EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/01/23 8:43 a.m.201 views

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

10CVSS1AI score0.98376EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/01/23 8:43 a.m.6 views

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

10CVSS7.6AI score0.98376EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/01/23 5:50 a.m.112 views

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products suc...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/23 5:50 a.m.7 views

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products suc...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/22 10:40 a.m.5 views

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip ," the exploit chain takes advantage of a feature called "Send to Kindle" to send a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/22 10:40 a.m.53 views

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/22 10:18 a.m.3 views

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/22 10:18 a.m.53 views

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 2:24 p.m.5 views

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 2:24 p.m.92 views

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:59 a.m.47 views

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures TTPs adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:59 a.m.4 views

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures TTPs adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:9 a.m.43 views

Importance of Application Security and Customer Data Protection to a Startup

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent probably even more! to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:9 a.m.5 views

Importance of Application Security and Customer Data Protection to a Startup

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent probably even more! to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:4 a.m.56 views

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection ATP and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 11:4 a.m.4 views

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection ATP and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 11:16 a.m.7 views

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 11:16 a.m.41 views

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 4:59 a.m.65 views

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 4:59 a.m.10 views

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/19 3:4 p.m.37 views

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/19 3:4 p.m.4 views

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/19 12:1 p.m.6 views

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System DNS responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws,...

4.3CVSS7.7AI score0.04873EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/01/19 12:1 p.m.88 views

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System DNS responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws,...

4.3CVSS7.4AI score0.04873EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/01/19 11:5 a.m.4 views

New Educational Video Series for CISOs with Small Security Teams

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises SMEs have smaller teams with less expertise, smaller budgets for technology and outside...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/19 11:5 a.m.41 views

New Educational Video Series for CISOs with Small Security Teams

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises SMEs have smaller teams with less expertise, smaller budgets for technology and outside...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/19 10:59 a.m.88 views

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

10CVSS0.99783EPSS
Exploits16
The Hacker News
The Hacker News
added 2021/01/19 10:59 a.m.4 views

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

10CVSS7.5AI score0.99783EPSS
Exploits16
Total number of security vulnerabilities20793