You are here

THN

Subscribe to THN feed THN
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
Updated: 26 min 5 sec ago

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy

Wed, 09/10/2019 - 14:17
There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and financial information of virtually all citizens of Ecuador – around 20 million people. These are

You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads

Wed, 09/10/2019 - 05:58
After exposing private tweets, plaintext passwords, and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today. Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes—though the company

Microsoft Releases October 2019 Patch Tuesday Updates

Tue, 08/10/2019 - 15:12
Microsoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. What’s good about this month’s patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this

vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities

Tue, 08/10/2019 - 08:54
After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take

Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

Tue, 08/10/2019 - 06:26
I have really bad news for Adobe customers in Venezuela… California-based software company Adobe on Monday announced to soon ban accounts and cancel the subscriptions for all of its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. The Trump administration issued an executive order on 5th August 2019, targeting

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Fri, 04/10/2019 - 18:24
Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger—promoted as one of the most secure messengers in the world—isn't any exception. Google Project Zero

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

Fri, 04/10/2019 - 06:12
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of

Just Sending a GIF via WhatsApp Could Have Hacked Your Android Phone

Thu, 03/10/2019 - 06:31
A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message

How SMBs Can Mitigate the Growing Risk of File-based Attacks

Wed, 02/10/2019 - 15:39
Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to medium businesses (SMBs) usually lack the kind of security that protects their larger counterparts,

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

Wed, 02/10/2019 - 09:00
Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years. Since phishing

How SMBs Can Mitigate the Growing Risk of File-based Attacks

Wed, 02/10/2019 - 05:53
Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to medium businesses (SMBs) usually lack the kind of security that protects their larger counterparts,

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Wed, 02/10/2019 - 05:30
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz, a 34-year-old resident of California and former Yahoo software engineer, admitted

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Tue, 01/10/2019 - 14:39
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex, the new set of techniques includes two classes of attacks

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

Tue, 01/10/2019 - 08:39
If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites. In a brief

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Tue, 01/10/2019 - 06:02
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler attackers

Pay What You Wish — 9 Hacking Certification Training Courses in 1 Bundle

Mon, 30/09/2019 - 10:06
The greatest threat facing most nations is no longer a standing army. It's a hacker with a computer who can launch a crippling cyber attack from thousands of miles away—potentially taking down everything from server farms to entire power grids with a few lines of code. So it should come as no surprise that virtually every major company in both the public and private sector—as well as national

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

Mon, 30/09/2019 - 09:14
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an early

Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data

Sun, 29/09/2019 - 06:10
A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc. With a current market capitalization of over $5 billion, Zynga is one of the world's most successful social game developers with a collection of hit online

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

Fri, 27/09/2019 - 16:54
Remember the Simjacker vulnerability? Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers. If you can recall, the Simjacker vulnerability resides in a dynamic

Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X

Fri, 27/09/2019 - 10:42
An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a "permanent unpatchable bootrom exploit," in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip). Dubbed Checkm8, the exploit leverages unpatchable security weaknesses in Apple's Bootrom (SecureROM), the first significant code

Pages