News aggregator

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

THN - Fri, 18/10/2019 - 16:14
Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

THN - Thu, 17/10/2019 - 14:48
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

THN - Thu, 17/10/2019 - 07:28
The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal officials have arrested the administrator of the child sexual abuse site, 23-year-old Jong Woo Son of

A Comprehensive Guide On How to Protect Your Websites From Hackers

THN - Thu, 17/10/2019 - 05:30
Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

THN - Wed, 16/10/2019 - 10:23
A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that

Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps

THN - Wed, 16/10/2019 - 07:38
Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched "Data Abuse Bounty" program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users'

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

THN - Tue, 15/10/2019 - 13:01
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

THN - Tue, 15/10/2019 - 07:40
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

THN - Tue, 15/10/2019 - 05:32
Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

THN - Mon, 14/10/2019 - 16:11
Attention Linux Users! A vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted

Apple Under Fire Over Sending Some Users Browsing Data to China's Tencent

THN - Mon, 14/10/2019 - 07:43
Do you know Apple is sending iOS web browsing data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently integrated

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

THN - Sat, 12/10/2019 - 07:02
Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

THN - Fri, 11/10/2019 - 07:20
A 39-year-old login password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting "/etc/passwd" file in a publicly available source tree of historian BSD version

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

THN - Thu, 10/10/2019 - 14:11
Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection. The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

THN - Thu, 10/10/2019 - 08:34
Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

THN - Wed, 09/10/2019 - 15:38
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy

THN - Wed, 09/10/2019 - 14:17
There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and financial information of virtually all citizens of Ecuador – around 20 million people. These are

You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads

THN - Wed, 09/10/2019 - 05:58
After exposing private tweets, plaintext passwords, and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today. Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes—though the company

Microsoft Releases October 2019 Patch Tuesday Updates

THN - Tue, 08/10/2019 - 15:12
Microsoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. What’s good about this month’s patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this

vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities

THN - Tue, 08/10/2019 - 08:54
After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take


Subscribe to Shiga Tecnologia aggregator