Category: The Hacker News

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users’ accounts. According to Twitter, the vulnerability resided in one of the APIs that has…

Read more →

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo…

Read more →

Remember the recent payment card breach at Wawa convenience stores? If you’re among those millions of customers who shopped at any of 850 Wawa stores last year but haven’t yet hotlisted your cards, it’s high time to take immediate action.…

Read more →

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure…

Read more →

Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol…

Read more →

Facebook is one of the world’s biggest advertising platforms, and that’s because it knows a lot about you, me, and everyone. Facebook uses many tools to track people across the Internet, whether they have an account with the social networking…

Read more →

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t…

Read more →

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data…

Read more →

If you use Zoom to host your remote online meetings, you need to read this piece carefully. The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings,…

Read more →

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation…

Read more →

Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website…

Read more →

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and…

Read more →

The smartphone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed…

Read more →

What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand…

Read more →

Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines. Actually, you don’t have to. This actually happened. Pence’s email was hacked when he was still the…

Read more →

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent…

Read more →

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And…

Read more →

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in…

Read more →

Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization’s IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also…

Read more →

Great news for iOS users! You can now your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android…

Read more →

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of new vulnerabilities in its various products. What’s so special about the latest Patch Tuesday is…

Read more →

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It’s the first Patch Tuesday for the year 2020 and one of the…

Read more →

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise,…

Read more →

It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code…

Read more →

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla’s website. Why the…

Read more →

TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users’ privacy, censoring politically controversial content and on national-security grounds—but it’s not over yet, as the security of billions of TikTok users would be now under question. The…

Read more →

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are…

Read more →

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in…

Read more →

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one…

Read more →

Landry’s, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers’ payment card information. Landry’s owns and operates more than 600 bars, restaurants, hotels,…

Read more →