News aggregator

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

THN - Tue, 24/09/2019 - 15:58
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication. Written in

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

THN - Tue, 24/09/2019 - 11:43
A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp,

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples

THN - Tue, 24/09/2019 - 10:03
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage. Over the past

Cynet 360: The Next Generation of EDR

THN - Tue, 24/09/2019 - 07:41
Many organizations regard Endpoint Detection and Response (EDR) as their main protection against breaches. EDR, as a category, emerged in 2012 and was rapidly acknowledged as the best answer to the numerous threats that legacy AV unsuccessfully struggled to overcome – exploits, zero-day malware and fileless attacks are prominent examples. While there is no dispute on EDR's efficiency against a

Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw

THN - Tue, 24/09/2019 - 04:48
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the

Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme

THN - Fri, 20/09/2019 - 07:51
Two widely used Adblocker Google Chrome extensions mimicking as — AdBlock and uBlock Origin — have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time,

Update Google Chrome Browser to Patch New Critical Security Flaws

THN - Thu, 19/09/2019 - 13:48
Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most severe of which could allow

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History

THN - Wed, 18/09/2019 - 11:11
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured

Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

THN - Wed, 18/09/2019 - 10:05
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

THN - Wed, 18/09/2019 - 08:08
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other

The Definitive RFP Templates for EDR/EPP and APT Protection

THN - Wed, 18/09/2019 - 07:29
Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage. The vast majority of security decision-makers acknowledge they need to address the

BREAKING — U.S Sues Edward Snowden and You'd be Surprised to Know Why

THN - Tue, 17/09/2019 - 15:24
The United States government today filed a lawsuit against Edward Snowden, a former contractor for the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country and leaked top-secret information about NSA's global and domestic surveillance activities. And you would be more surprised to know the reason for this lawsuit—No, Snowden has not been sued for

Exclusive: Thousands of Google Calendars Leaking Private Information Online

THN - Tue, 17/09/2019 - 09:26
"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you're exposing all your events

125 New Flaws Found in Routers and NAS Devices from Popular Brands

THN - Tue, 17/09/2019 - 06:58
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc.

How Cloud-Based Automation Can Keep Business Operations Secure

THN - Mon, 16/09/2019 - 08:57
The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data. "You have to compare [the cloud]

WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users

THN - Mon, 16/09/2019 - 08:24
Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature

US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks

THN - Sat, 14/09/2019 - 07:16
The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean

Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

THN - Fri, 13/09/2019 - 15:06
Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information. Jose Rodriguez, a Spanish security researcher, contacted The Hacker

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

THN - Thu, 12/09/2019 - 10:22
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the [email protected] Browser (a dynamic SIM toolkit), embedded on most SIM cards

WebARX — A Defensive Core For Your Website

THN - Thu, 12/09/2019 - 08:44
Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform, has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or


Subscribe to Shiga Tecnologia aggregator