News aggregator

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

THN - Tue, 29/10/2019 - 05:24
As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and

UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

THN - Mon, 28/10/2019 - 15:15
UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers. Officially founded in 1870, UniCredit is Italy's biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

THN - Sat, 26/10/2019 - 17:53
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could

Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

THN - Sat, 26/10/2019 - 06:10
The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service. With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative software for

Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020

THN - Fri, 25/10/2019 - 09:35
Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come. All major United States mobile phone carriers, including AT&T, Verizon, T-Mobile, and Sprint, have joined forces to launch a

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

THN - Thu, 24/10/2019 - 11:13
First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately. Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their

How to Avoid the Top Three Causes of Data Breaches in 2019

THN - Thu, 24/10/2019 - 07:18
What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021. Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner. Misconfigured Cloud Storage It's hard to find a day without a security incident involving unprotected AWS S3

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

THN - Wed, 23/10/2019 - 06:25
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs)

Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure

THN - Tue, 22/10/2019 - 10:06
Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks. Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

THN - Tue, 22/10/2019 - 09:50
Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version

NordVPN Breach FAQ – What Happened and What's At Stake?

THN - Tue, 22/10/2019 - 05:45
NordVPN, one of the most popular and widely used VPN services out there, yesterday disclosed details of a security incident that apparently compromised one of its thousands of servers based in Finland. Earlier this week, a security researcher on Twitter disclosed that "NordVPN was compromised at some point," alleging that unknown attackers stole private encryption keys used to protect VPN

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

THN - Fri, 18/10/2019 - 16:14
Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

THN - Thu, 17/10/2019 - 14:48
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

THN - Thu, 17/10/2019 - 07:28
The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal officials have arrested the administrator of the child sexual abuse site, 23-year-old Jong Woo Son of

A Comprehensive Guide On How to Protect Your Websites From Hackers

THN - Thu, 17/10/2019 - 05:30
Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

THN - Wed, 16/10/2019 - 10:23
A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that

Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps

THN - Wed, 16/10/2019 - 07:38
Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched "Data Abuse Bounty" program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users'

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

THN - Tue, 15/10/2019 - 13:01
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

THN - Tue, 15/10/2019 - 07:40
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

THN - Tue, 15/10/2019 - 05:32
Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more

Pages

Subscribe to Shiga Tecnologia aggregator