The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 9 min zpět

Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu

16 Červenec, 2019 - 22:05
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web
Kategorie: Hacking & Security

Engage Your Management with the Definitive 'Security for Management' Presentation Template

16 Červenec, 2019 - 14:25
In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are
Kategorie: Hacking & Security

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

16 Červenec, 2019 - 11:31
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts.
Kategorie: Hacking & Security

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

15 Červenec, 2019 - 19:44
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing
Kategorie: Hacking & Security

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

15 Červenec, 2019 - 11:25
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user
Kategorie: Hacking & Security

Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw

13 Červenec, 2019 - 13:20
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control
Kategorie: Hacking & Security

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

13 Červenec, 2019 - 09:27
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook
Kategorie: Hacking & Security

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

12 Červenec, 2019 - 10:09
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That's definitely a 'NO,' which is why there's a reactive approach in place to
Kategorie: Hacking & Security

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

11 Červenec, 2019 - 15:04
Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers
Kategorie: Hacking & Security

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

11 Červenec, 2019 - 09:34
Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals who inject
Kategorie: Hacking & Security

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

10 Červenec, 2019 - 20:01
A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and
Kategorie: Hacking & Security

Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

10 Červenec, 2019 - 14:29
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target various mobile platforms including iOS and Android, we well as desktop operating systems. Gamma
Kategorie: Hacking & Security

Hackers' Operating System Kali Linux Released for Raspberry Pi 4

10 Červenec, 2019 - 09:41
We've got some really exciting news for you... Offensive Security has released an official version of Kali Linux for Raspberry Pi 4—the most powerful version of the compact computer board yet that was released just two weeks ago with the full 4GB of RAM at low cost and easy accessibility. Based on Debian, Kali Linux has always been the number one operating system for ethical hackers and
Kategorie: Hacking & Security

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

9 Červenec, 2019 - 22:33
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure
Kategorie: Hacking & Security

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

9 Červenec, 2019 - 21:54
After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach. This is the second major penalty notice in the last two days that hit companies for failing to protect its customers' personal and
Kategorie: Hacking & Security

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

9 Červenec, 2019 - 18:08
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects,
Kategorie: Hacking & Security

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

9 Červenec, 2019 - 16:09
If you use Zoom video conferencing software on your Mac computer—then beware—any website you're visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attacker can still activate your webcam. Zoom is one of the most popular cloud-based meeting platforms
Kategorie: Hacking & Security

Dashboards to Use on Palo Alto Networks for Effective Management

9 Červenec, 2019 - 16:02
Enterprises should expect to see more cyber attacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used by hackers to extort them. Enterprises are now aggressively shifting their workloads to the cloud
Kategorie: Hacking & Security

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

9 Červenec, 2019 - 13:35
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide
Kategorie: Hacking & Security

Cynet Launches Free Offering For Incident Response Service Providers

9 Červenec, 2019 - 11:50
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team to enterprises with a fully equipped SOC. The hands of the incident response service
Kategorie: Hacking & Security