News aggregator

Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days

THN - Wed, 04/09/2019 - 05:37
Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells 'full chain, zero-click, with persistence' Android zero-days. <!--

XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked

THN - Tue, 03/09/2019 - 12:31
XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users. The security breach occurred two months ago, according to security researcher Troy Hunt who alerted the company of the incident, with unknown hackers stealing around 562,000

Learn Ethical Hacking Online – A to Z Training Bundle 2019

THN - Tue, 03/09/2019 - 08:34
Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

THN - Tue, 03/09/2019 - 07:05
Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick

Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral

THN - Tue, 03/09/2019 - 05:22
What could be more exciting than seeing yourself starring alongside your favorite actor in a movie, music video, or TV program? Yes, that's possible—well, kind of, by using a new AI-based deepfake app that has gone viral in China over this weekend, climbing to the top of the free apps list in the Chinese iOS App Store in just three days. Dubbed ZAO, the app is yet another deepfake app for

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

THN - Fri, 30/08/2019 - 15:02
If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of

Ransomware Hits Dental Data Backup Service Offering Ransomware Protection

THN - Fri, 30/08/2019 - 06:37
THIS WEEK IN THE IRONIC NEWS: DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware. Provided by two Wisconsin-based companies, Digital Dental Record and PerCSoft, the backend system of affected

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

THN - Fri, 30/08/2019 - 04:33
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

THN - Thu, 29/08/2019 - 15:38
In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform. The expansion in Google's vulnerability reward program majorly includes two main announcements. First, a new program, dubbed 'Developer Data

Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking

THN - Thu, 29/08/2019 - 12:34
Former Amazon employee Paige Thompson, who was arrested last month in relation to the Capital One data breach, has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies. An indictment unsealed on Wednesday revealed that Thompson not just stole data from misconfigured servers hosted with a cloud-computing company, but also used the computing power

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns

THN - Thu, 29/08/2019 - 05:24
Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The Guardian reported that third-party contractors were regularly listening to private conversations

Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards

THN - Wed, 28/08/2019 - 12:37
Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers. Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of these compromised websites are reputable brands in the motorsports industry and high fashion,

French Police Remotely Removed RETADUP Malware from 850,000 Infected PCs

THN - Wed, 28/08/2019 - 07:17
The French law enforcement agency, National Gendarmerie, today announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers. Earlier this year, security researchers at Avast antivirus firm, who were actively monitoring the activities of RETADUP botnet, discovered a

WARNING — Malware Found in CamScanner Android App With 100+ Million Users

THN - Tue, 27/08/2019 - 15:46
Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store. So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store. Unfortunately,

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys

THN - Tue, 27/08/2019 - 15:36
Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today. The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula, a

Apple Releases iOS 12.4.1 Emergency Update to Patch 'Jailbreak' Flaw

THN - Tue, 27/08/2019 - 03:06
Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update. For those unaware,

Hostinger Suffers Data Breach – Resets Password For 14 Million Users

THN - Mon, 26/08/2019 - 08:41
Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers and gained access to "hashed passwords and other non-financial data" associated with its millions of

Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

THN - Mon, 26/08/2019 - 08:01
As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a "Potential KYC leak" earlier this month, with an unknown hacker distributing

Pages

Subscribe to Shiga Tecnologia aggregator