You are here

THN

Subscribe to THN feed THN
The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
Updated: 2 hours 36 min ago

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Tue, 25/06/2019 - 10:02
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

Sat, 22/06/2019 - 13:46
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at least one thing in common? That's OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

Sat, 22/06/2019 - 05:28
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Fri, 21/06/2019 - 16:33
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and

This Cryptomining Malware Launches Linux VMs On Windows and macOS

Fri, 21/06/2019 - 11:52
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed "LoudMiner" and also "Bird Miner," the attack leverages command-line based virtualization software on targeted systems to silently boot an image of Tiny Core

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

Fri, 21/06/2019 - 06:11
Okay, folks, it's time to update your Firefox web browser once again—yes, for the second time this week. After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild. The newly patched issue (CVE-2019-11708) is a "sandbox

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Fri, 21/06/2019 - 06:11
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a

Important Flaw in Outlook App for Android Affects Over 100 Millions Users

Thu, 20/06/2019 - 16:39
Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users. According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

Thu, 20/06/2019 - 12:12
At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced Field Level Encryption (FLE), which will be available in the upcoming MongoDB 4.2 release, is an

Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability

Thu, 20/06/2019 - 06:57
Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle. Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely take full

Gain the Trust of Your Business Customers With SOC 2 Compliance

Wed, 19/06/2019 - 18:00
In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which organisation A provides services to organization B, it’s imperative for the latter to be absolutely

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Wed, 19/06/2019 - 16:12
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

Tue, 18/06/2019 - 23:59
If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild. Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow

5 Keys to Improve Your Cybersecurity

Tue, 18/06/2019 - 09:24
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free

Tue, 18/06/2019 - 06:04
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018. Created by

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

Thu, 13/06/2019 - 10:11
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Thu, 13/06/2019 - 07:42
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage

Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities

Wed, 12/06/2019 - 14:52
Real-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with—from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now

Android's Built-in Security Key Now Works With iOS Devices For Secure Login

Wed, 12/06/2019 - 14:31
In April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

Wed, 12/06/2019 - 13:55
A new threat has hit head the headlines (Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint

Pages