What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-04-05 03:44:03 | Unpatched Flaw in Xiaomi\'s Built-in Browser App Lets Hackers Spoof URLs (lien direct) | EXCLUSIVE - Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.
That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a |
Vulnerability | ||
|
2019-04-04 11:34:01 | Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware (lien direct) | What could be worse than this, if the software that's meant to protect your devices leave backdoors open for hackers or turn into malware?
Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, was suffering from multiple issues that could have allowed remote |
Malware | ||
|
2019-04-03 12:41:01 | 540 Million Facebook User Records Found On Unprotected Amazon Servers (lien direct) | It's been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…
...the bad week gets worse with a new privacy breach.
More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets |
|||
|
2019-04-03 07:54:01 | WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites (lien direct) | If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.
WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using |
Vulnerability | ||
|
2019-04-03 05:22:03 | Georgia Tech Data Breach Exposes 1.3 Million Users\' Personal Data (lien direct) | The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants.
In a brief note published Tuesday, Georgia Tech says an unknown outside entity gained "unauthorized access" to its web application and accessed the University's central |
Data Breach | ★★★★ | |
|
2019-04-03 03:51:05 | Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations (lien direct) | Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making.
However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive.
Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark |
Threat | ★★ | |
|
2019-04-03 02:07:00 | New Apache Web Server Bug Threatens Security of Shared Web Hosts (lien direct) | Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software.
The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet.
The vulnerability, identified as |
|||
|
2019-04-03 00:08:03 | Facebook Caught Asking Some Users Passwords for Their Email Accounts (lien direct) | Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk.
Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration.
However, Facebook has been found asking some newly-registered users to provide the social |
★★★★★ | ||
|
2019-04-02 05:45:01 | Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly (lien direct) | Exclusive - A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure.
Both unpatched vulnerabilities-one of which affects the latest version of Microsoft Internet Explorer and another affects the latest Edge |
|||
|
2019-04-01 08:22:05 | Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases (lien direct) | In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true.
Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately.
More than half of the known cases of massive data breaches over the past year originated from unsecured |
|||
|
2019-04-01 08:07:00 | How Endpoint Management Can Keep Workplace IT Secure (lien direct) | Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure.
Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hackers constantly probe networks for vulnerable endpoints to breach.
For example, systems and |
|||
|
2019-03-30 03:09:05 | Hackers Steal $19 Million From Bithumb Cryptocurrency Exchange (lien direct) | Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today.
According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~ |
Bithumb | ||
|
2019-03-29 05:43:04 | Commando VM - New Windows-based Distribution for Hackers and Pentesters (lien direct) | FireEye today released Commando VM, a first of its kind Windows-based security distribution for penetration testing and red teaming.
When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers.
However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone's cup of tea |
|||
|
2019-03-29 03:58:00 | Here\'s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack (lien direct) | EXCLUSIVE - While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.
Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search |
Malware Hack Tool | ||
|
2019-03-29 01:48:00 | Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites (lien direct) | If your online e-commerce business is running over the Magento platform, you must pay attention to this information.
Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.
Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of |
Vulnerability | ||
|
2019-03-28 23:59:02 | Ex-NSA Contractor Pleads Guilty to 20-Year-Long Theft of Classified Data (lien direct) | A former National Security Agency contractor-who stole an enormous amount of sensitive information from the agency and then stored it at his home and car for over two decades-today changed his plea to guilty.
The theft was labeled as the largest heist of classified government material in America's history.
Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, abused his |
|||
|
2019-03-28 09:00:03 | Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV (lien direct) | Doing business in today's connected world means dealing with a continually evolving threat landscape.
With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent.
This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to |
Threat | ||
|
2019-03-28 01:18:01 | Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms (lien direct) | An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.
Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide |
APT33 APT 33 | ||
|
2019-03-26 07:14:00 | New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps (lien direct) | Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications.
Since almost all Facebook-owned apps by default use security mechanisms such as Certificate Pinning to ensure integrity and confidentiality of the traffic, it makes it harder for white hat |
|||
|
2019-03-26 04:53:02 | Insecure UC Browser \'Feature\' Lets Hackers Hijack Android Phones Remotely (lien direct) | Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.
Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically |
|||
|
2019-03-26 01:44:05 | Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities (lien direct) | Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system.
According to |
|||
|
2019-03-25 09:39:05 | Warning: ASUS Software Update Server Hacked to Distribute Malware (lien direct) | Remember the CCleaner hack?
CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017.
Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS.
A group of state-sponsored |
Malware Hack | CCleaner | |
|
2019-03-22 04:57:03 | Get 4 Essential CyberSecurity Software For Less Than $10 Per Month (lien direct) | Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses.
Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data stored on them. Unfortunately, to cover these bases, one |
|||
|
2019-03-22 04:54:04 | Medtronic\'s Implantable Defibrillators Vulnerable to Life-Threatening Hacks (lien direct) | The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk.
Cardioverter Defibrillator is a small surgically implanted device (in patients' chests) that gives a patient's heart an electric |
|||
|
2019-03-22 00:55:05 | Microsoft Announces Windows Defender ATP Antivirus for Mac (lien direct) | Brace yourself guys.
Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers.
Sounds crazy, right? But it's true.
Microsoft Thursday announced that the company is bringing its anti-malware software to Apple's macOS operating system as well-and to more platforms soon, like Linux.
As a result, the technology giant renamed its Windows Defender Advanced |
|||
|
2019-03-21 11:49:04 | Facebook Mistakenly Stored Millions of Users\' Passwords in Plaintext (lien direct) | Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext.
What's more? Not just Facebook, Instagram users are also affected by the latest security incident.
So, if you are one of the affected users, your Facebook or Instagram password was readable to some of |
|||
|
2019-03-20 06:31:05 | New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep (lien direct) | Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep.
Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently. |
Malware | ||
|
2019-03-20 02:41:03 | PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws (lien direct) | The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities.
PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols.
Almost 20 months after releasing the last version of |
|||
|
2019-03-20 01:50:05 | Google Will Prompt European Android Users to Select Preferred Default Browser (lien direct) | Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones.
The European Commission accused Google of forcing Android phone manufacturers to "illegally" tie its proprietary apps and services-specifically, |
|||
|
2019-03-19 11:19:02 | Android Q - Google Adds New Mobile Security and Privacy Features (lien direct) | Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements.
Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face |
|||
|
2019-03-19 10:05:01 | Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide (lien direct) | Photo by Terje Pedersen / NTB scanpix
One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable.
According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and |
Ransomware | ||
|
2019-03-19 03:27:02 | Libssh Releases Update to Patch 9 New Security Vulnerabilities (lien direct) | Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities.
The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library |
|||
|
2019-03-19 00:55:05 | Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices (lien direct) | Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet, this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks.
Although the original creators of Mirai botnet have already been arrested and jailed, variants of the infamous IoT malware |
|||
|
2019-03-17 23:17:00 | (Déjà vu) Round 4 - Hacker Puts 26 Million New Accounts Up For Sale On Dark Web (lien direct) | A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web.
The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of |
|||
|
2019-03-15 01:17:00 | Patched WinRAR Bug Still Under Active Attack-Thanks to No Auto-Updates (lien direct) | Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide.
Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks.
The critical |
|||
|
2019-03-14 03:50:02 | Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage (lien direct) | WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms.
While the outage was quite troubling both for the social media giant and its millions of users, guess who benefits the most out of |
|||
|
2019-03-14 02:41:02 | New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites (lien direct) | If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once |
Hack Vulnerability | ||
|
2019-03-14 00:10:00 | Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers\' PCs (lien direct) | If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers.
A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by |
Hack | ||
|
2019-03-13 01:40:04 | Firefox Send - Free Encrypted File Transfer Service Now Available For All (lien direct) | Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket.
Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like |
|||
|
2019-03-12 11:39:04 | (Déjà vu) Microsoft Releases Patches for 64 Flaws - Two Under Active Attack (lien direct) | It's time for another batch of "Patch Tuesday" updates from Microsoft.
Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity.
The update addresses flaws in Windows, Internet Explorer, Edge, MS |
|||
|
2019-03-12 09:22:01 | Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition (lien direct) | Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update.
The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities-one in Adobe Photoshop CC and another in Adobe Digital Editions.
Upon successful exploitation, both critical vulnerabilities could |
Vulnerability | ||
|
2019-03-12 06:12:05 | Cynet is offering unhappy competitors\' customers a refund for the time remaining on existing contracts (lien direct) | Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts.
Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop.
Today, Cynet announced that any organization currently deploying an |
Threat | ||
|
2019-03-12 02:07:01 | Windows 10 Now Automatically Uninstalls Updates That Cause Problems (lien direct) | Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays?
Don't worry.
Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to |
|||
|
2019-03-12 00:17:04 | F5 Networks Acquires NGINX For $670 Million (lien direct) | One of the most important software companies NGINX, which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks, in a deal valued at about $670 million.
While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log |
|||
|
2019-03-11 08:46:02 | BEWARE – New \'Creative\' Phishing Attack You Really Should Pay Attention To (lien direct) | A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.
Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the |
|||
|
2019-03-11 04:13:02 | AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF (lien direct) | With countless web apps and online services launching every day, there is an increasing demand for cloud developers.
This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit.
If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services).
With the AWS Certified Architect Developer Bundle 2019, |
|||
|
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability | ||
|
2019-03-11 00:52:01 | Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data (lien direct) | Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals."
Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," |
Data Breach | ||
|
2019-03-06 01:52:05 | New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild (lien direct) | You must update your Google Chrome immediately to the latest version of the web browsing application.
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
The vulnerability, assigned as |
Vulnerability Threat | ||
|
2019-03-06 00:38:00 | NSA Releases GHIDRA 9.0 - Free, Powerful Reverse Engineering Tool (lien direct) | The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.
GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) |
Tool |
To see everything:
Our RSS (filtrered)
