You are here

THN

Subscribe to THN feed THN
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
Updated: 25 min 50 sec ago

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

Wed, 23/10/2019 - 06:25
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs)

Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure

Tue, 22/10/2019 - 10:06
Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks. Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Tue, 22/10/2019 - 09:50
Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version

NordVPN Breach FAQ – What Happened and What's At Stake?

Tue, 22/10/2019 - 05:45
NordVPN, one of the most popular and widely used VPN services out there, yesterday disclosed details of a security incident that apparently compromised one of its thousands of servers based in Finland. Earlier this week, a security researcher on Twitter disclosed that "NordVPN was compromised at some point," alleging that unknown attackers stole private encryption keys used to protect VPN

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fri, 18/10/2019 - 16:14
Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

Thu, 17/10/2019 - 14:48
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

Thu, 17/10/2019 - 07:28
The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal officials have arrested the administrator of the child sexual abuse site, 23-year-old Jong Woo Son of

A Comprehensive Guide On How to Protect Your Websites From Hackers

Thu, 17/10/2019 - 05:30
Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

Wed, 16/10/2019 - 10:23
A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that

Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps

Wed, 16/10/2019 - 07:38
Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched "Data Abuse Bounty" program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users'

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

Tue, 15/10/2019 - 13:01
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

Tue, 15/10/2019 - 07:40
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

Tue, 15/10/2019 - 05:32
Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Mon, 14/10/2019 - 16:11
Attention Linux Users! A vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted

Apple Under Fire Over Sending Some Users Browsing Data to China's Tencent

Mon, 14/10/2019 - 07:43
Do you know Apple is sending iOS web browsing data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently integrated

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

Sat, 12/10/2019 - 07:02
Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

Fri, 11/10/2019 - 07:20
A 39-year-old login password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting "/etc/passwd" file in a publicly available source tree of historian BSD version

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

Thu, 10/10/2019 - 14:11
Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection. The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

Thu, 10/10/2019 - 08:34
Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

Wed, 09/10/2019 - 15:38
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity

Pages