News aggregator

Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years

THN - Wed, 10/04/2019 - 05:20
Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years—but remained undetected until recently. Dubbed TajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malware toolkit that not only supports a vast number of malicious plugins for distinct espionage

Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

THN - Tue, 09/04/2019 - 15:15
Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory, Adobe Acrobat and Reader

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

THN - Tue, 09/04/2019 - 15:01
Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

THN - Tue, 09/04/2019 - 10:17
A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it. Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

THN - Tue, 09/04/2019 - 04:19
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus, as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year.

Microsoft Releases First Preview Builds of Chromium-based Edge Browser

THN - Mon, 08/04/2019 - 15:39
Microsoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser. However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds

Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs

THN - Fri, 05/04/2019 - 08:04
EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

THN - Thu, 04/04/2019 - 16:07
What could be worse than this, if the software that's meant to protect your devices leave backdoors open for hackers or turn into malware? Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, was suffering from multiple issues that could have allowed remote

540 Million Facebook User Records Found On Unprotected Amazon Servers

THN - Wed, 03/04/2019 - 16:41
It's been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… ...the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers. <!-- adsense --> The exposed datasets

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

THN - Wed, 03/04/2019 - 11:54
If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites. WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

THN - Wed, 03/04/2019 - 09:22
The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside entity gained "unauthorized access" to its web application and accessed the University’s central

Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations

THN - Wed, 03/04/2019 - 07:51
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

THN - Wed, 03/04/2019 - 07:18
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their

Facebook Caught Asking Some Users Passwords for Their Email Accounts

THN - Wed, 03/04/2019 - 04:08
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration. However, Facebook has been found asking some newly-registered users to provide the social

New Apache Web Server Bug Threatens Security of Shared Web Hosts

THN - Tue, 02/04/2019 - 14:38
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

THN - Mon, 01/04/2019 - 12:22
In today’s world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal’s dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More than half of the known cases of massive data breaches over the past year originated from unsecured

How Endpoint Management Can Keep Workplace IT Secure

THN - Mon, 01/04/2019 - 12:07
Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure. Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hackers constantly probe networks for vulnerable endpoints to breach. For example, systems and

Hackers Steal $19 Million From Bithumb Cryptocurrency Exchange

THN - Sat, 30/03/2019 - 07:09
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today. According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

THN - Sat, 30/03/2019 - 04:30
A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of which affects the latest version of Microsoft Internet Explorer and another affects the latest Edge Browser—allow

Commando VM — New Windows-based Distribution for Hackers and Pentesters

THN - Fri, 29/03/2019 - 09:43
FireEye today released Commando VM, a first of its kind Windows-based security distribution for penetration testing and red teaming. When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers. However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone's cup of tea

Pages

Subscribe to Shiga Tecnologia aggregator