You are here

THN

Subscribe to THN feed THN
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
Updated: 14 min 28 sec ago

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

Thu, 04/06/2020 - 05:31
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

Wed, 03/06/2020 - 12:53
If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers. No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news,

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

Wed, 03/06/2020 - 10:10
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards

New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs

Wed, 03/06/2020 - 08:16
Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process. A common practice is for each organization to put together a dedicated set of questions for each role. Today, Cynet launches the Cybersecurity Skill Tests

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

Tue, 02/06/2020 - 02:37
Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to

How to Create a Culture of Kick-Ass DevSecOps Engineers

Mon, 01/06/2020 - 09:06
Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure. With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities

Joomla Resources Directory (JRD) Portal Suffers Data Breach

Mon, 01/06/2020 - 08:34
Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org. The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords. The

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

Sat, 30/05/2020 - 12:43
Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple'

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Sat, 30/05/2020 - 07:32
Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache Attacks" published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

Sat, 30/05/2020 - 04:56
Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a

A New Free Monitoring Tool to Measure Your Dark Web Exposure

Thu, 28/05/2020 - 07:35
Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

Thu, 28/05/2020 - 06:52
It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

Wed, 27/05/2020 - 07:31
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Tue, 26/05/2020 - 11:40
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Tue, 26/05/2020 - 06:48
Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

Mon, 25/05/2020 - 05:02
The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version. Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said "every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

Thu, 21/05/2020 - 08:34
The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work. There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity. Tools for Collaboration There has been a

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Thu, 21/05/2020 - 05:11
Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal

[Guide] Finding Best Security Outsourcing Alternative for Your Organization

Wed, 20/05/2020 - 10:11
As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourcing Guide (download here), providing IT Security executives with clear and actionable guidance on

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Wed, 20/05/2020 - 08:16
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice,

Pages