Lucene search
K

20793 matches found

The Hacker News
The Hacker News
added 2021/01/05 10:40 a.m.5 views

Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/05 10:40 a.m.207 views

Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/04 12:37 p.m.42 views

British Court Rejects U.S. Request to Extradite WikiLeaks' Julian Assange

A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/04 12:37 p.m.4 views

British Court Rejects U.S. Request to Extradite WikiLeaks' Julian Assange

A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/02 2:28 p.m.7 views

Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company

Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/02 2:28 p.m.58 views

Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company

Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...

Exploits0
The Hacker News
The Hacker News
added 2021/01/01 1:49 p.m.95 views

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...

10CVSS0.7AI score0.90049EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/01/01 1:49 p.m.4 views

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...

10CVSS7.5AI score0.90049EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/01/01 4:50 a.m.8 views

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/01 4:50 a.m.80 views

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/29 11:21 a.m.5 views

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/29 11:21 a.m.134 views

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/29 8:38 a.m.52 views

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/29 8:38 a.m.3 views

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/27 6:24 a.m.129 views

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...

9.8CVSS0.3AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/12/27 6:24 a.m.3 views

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...

9.8CVSS7.8AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/12/26 5:34 a.m.320 views

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/26 5:34 a.m.6 views

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/25 10:26 a.m.71 views

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/25 10:26 a.m.7 views

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/25 6:22 a.m.4 views

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/25 6:22 a.m.87 views

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/24 9:1 a.m.280 views

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...

7.8CVSS8.3AI score0.15932EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/12/24 9:1 a.m.5 views

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...

6.5AI score
Exploits1
The Hacker News
The Hacker News
added 2020/12/24 7:24 a.m.51 views

North Korean Hackers Trying to Steal COVID-19 Vaccine Research

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/24 7:24 a.m.2 views

North Korean Hackers Trying to Steal COVID-19 Vaccine Research

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 8:41 a.m.4 views

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 8:41 a.m.43 views

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 7:49 a.m.4 views

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 7:49 a.m.46 views

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 6:51 a.m.84 views

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency CISA has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service DoS attacks. The four flaws affect...

10CVSS0.8AI score0.03348EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/23 6:51 a.m.6 views

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency CISA has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service DoS attacks. The four flaws affect...

10CVSS7.2AI score0.03348EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/22 4:21 p.m.36 views

Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre EC3, announced today the coordinated takedown of Safe-Inet, a popular virtual private network VPN service that was used to facilitate criminal activity. The three domai...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/22 4:21 p.m.6 views

Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre EC3, announced today the coordinated takedown of Safe-Inet, a popular virtual private network VPN service that was used to facilitate criminal activity. The three domai...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/22 9:14 a.m.46 views

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/22 9:14 a.m.6 views

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 4:57 p.m.89 views

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...

10CVSS0.4AI score0.01848EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 4:57 p.m.6 views

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...

10CVSS7.8AI score0.01848EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 10:33 a.m.110 views

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 10:33 a.m.7 views

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 6:56 a.m.32 views

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/21 6:56 a.m.6 views

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/18 4:40 a.m.55 views

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/18 4:40 a.m.5 views

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/17 10:36 a.m.3 views

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limite...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/17 10:36 a.m.30 views

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limite...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/17 10:28 a.m.5 views

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority VGCA that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, t...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/17 10:28 a.m.83 views

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority VGCA that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, t...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/16 5:11 p.m.34 views

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/16 5:11 p.m.4 views

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...

6.2AI score
Exploits0
Total number of security vulnerabilities20793