News aggregator

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

THN - Tue, 09/07/2019 - 13:08
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects,

Dashboards to Use on Palo Alto Networks for Effective Management

THN - Tue, 09/07/2019 - 11:02
Enterprises should expect to see more cyber attacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used by hackers to extort them. Enterprises are now aggressively shifting their workloads to the cloud

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

THN - Tue, 09/07/2019 - 08:35
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide

Cynet Launches Free Offering For Incident Response Service Providers

THN - Tue, 09/07/2019 - 06:50
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team to enterprises with a fully equipped SOC. The hands of the incident response service

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

THN - Tue, 09/07/2019 - 05:17
Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at least 2017 and designed to steal users' sensitive information like their credentials, keystrokes,

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

THN - Tue, 09/07/2019 - 03:37
If you use Zoom video conferencing software on your Mac computer—then beware—any website you're visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attacker can still activate your webcam. Zoom is one of the most popular cloud-based meeting platforms

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

THN - Mon, 08/07/2019 - 05:22
Britain's Information Commissioner's Office (ICO) today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach. British Airways, who describes itself as "The World's Favorite Airline," disclosed a breach last year that exposed personal details and credit-card numbers of

Ubuntu-Maker Canonical’s GitHub Account Gets Hacked

THN - Sun, 07/07/2019 - 12:58
An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories. It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent" sophisticated supply-chain attack that could have been abused to distribute modified malicious versions

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

THN - Thu, 04/07/2019 - 08:30
A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson, a.k.a. "DerpTroll," pledged guilty back in November 2018 after he admitted to being a part of DerpTrolling, a hacker group that was behind DDoS attacks

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From the Device

THN - Wed, 03/07/2019 - 12:39
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully

D-Link Agrees to 10 Years of Security Audits to Settle FTC Charges

THN - Wed, 03/07/2019 - 08:29
Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers. Your wireless router is the first line of defense against potential threats on the Internet. However, sadly, most

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

THN - Wed, 03/07/2019 - 05:09
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang (XUAR) is an autonomous territory and home to many Muslim ethnic minority groups where China is known to be conducting massive surveillance operations, especially on

AppTrana — Website Security Solution That Actually Works

THN - Tue, 02/07/2019 - 09:06
Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines. In January 2019 alone, 1.76 billion records were leaked, and according to IBM's Data Breach study, the average cost of each lost or stolen record has reached about $148. Most of these data leaks are because of malicious attacks, where exploitation of web application

Android July 2019 Security Update Patches 33 New Vulnerabilities

THN - Tue, 02/07/2019 - 06:07
Google has started rolling out this month's security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity. The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components,

Firefox to Automatically Trust OS-Installed CA Certificates to Prevent TLS Errors

THN - Tue, 02/07/2019 - 04:55
Mozilla has finally introduced a mechanism to let Firefox browser automatically fix certain TLS errors, often triggered when antivirus software installed on a system tries to intercept secure HTTPS connections. Most Antivirus software offers web security feature that intercepts encrypted HTTPS connections to monitor the content for malicious web pages before it reaches the web browser. To

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets

THN - Thu, 27/06/2019 - 08:03
The German police yesterday raided the house of the developer of OmniRAT and seized his laptop, computer and mobile phones probably as part of an investigation into a recent cyber attack, a source told The Hacker News. OmniRAT made headlines in November 2015 when its developer launched it as a legitimate remote administration tool for IT experts and companies to manage their devices with

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month

THN - Wed, 26/06/2019 - 16:34
In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City. Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin (equivalent to $573,300 at the current value) to unlock phone and email systems following a

Account Takeover Vulnerability Found in Popular EA Games Origin Platform

THN - Wed, 26/06/2019 - 14:59
A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data. The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)—the world's second-largest gaming company with over

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

THN - Wed, 26/06/2019 - 08:45
Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle eastern countries with a powerful surveillance malware designed to steal almost all accessible

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

THN - Wed, 26/06/2019 - 06:17
Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault, the new OneDrive folder can only be accessed with an additional step of identity verification, such as your fingerprint, face, PIN, or a


Subscribe to Shiga Tecnologia aggregator