You are here

THN

Subscribe to THN feed THN
The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
Updated: 2 hours 37 min ago

RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory

Wed, 12/06/2019 - 07:16
A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel

Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities

Tue, 11/06/2019 - 15:49
After Adobe, the technology giant Microsoft today—on June 2019 Patch Tuesday—also released its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products. This month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity. The

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign Software

Tue, 11/06/2019 - 12:09
It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary

New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

Tue, 11/06/2019 - 07:41
Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Mon, 10/06/2019 - 15:26
Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

Fri, 07/06/2019 - 07:52
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Fri, 07/06/2019 - 06:22
Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Thu, 06/06/2019 - 10:14
Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Thu, 06/06/2019 - 06:54
Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform,

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

Tue, 04/06/2019 - 16:36
A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions. Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

Tue, 04/06/2019 - 14:57
As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which

Apple Launches Privacy-Focused 'Sign in with Apple ID' Feature at WWDC 2019

Mon, 03/06/2019 - 17:58
Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect users' privacy by not only disclosing their actual email addresses to the 3rd-party services but by

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks

Mon, 03/06/2019 - 13:08
A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission ("allow" or "deny") from

SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video

Mon, 03/06/2019 - 06:15
I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the so-called intelligent devices. When it comes to internet-connected devices, smart TVs are the

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants

Fri, 31/05/2019 - 05:20
If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

Wed, 29/05/2019 - 15:53
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on

Top 5 Last-Minute Memorial Day Deals at THN Store → Get 60% Extra OFF

Wed, 29/05/2019 - 15:06
Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and course bundles has you covered. Ethical Hacking A to Z Training Bundle MSRP: $1273 - Sale Price

Flipboard Database Hacked — Users' Account Information Exposed

Wed, 29/05/2019 - 07:27
Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

Tue, 28/05/2019 - 09:08
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what

Pages