You are here

THN

Subscribe to THN feed THN
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
Updated: 26 min 11 sec ago

Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers

Fri, 27/09/2019 - 09:29
Watch out Windows users! There's a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it. Why? That's because, first, it's an advanced fileless malware and second, it leverages only legitimate built-in system utilities and third-party tools to extend its

DoorDash Breach Exposes 4.9 Million Users' Personal Data

Fri, 27/09/2019 - 06:08
Do you use DoorDash frequently to order your food online? If yes, you are highly recommended to change your account password right now immediately. DoorDash—the popular on-demand food-delivery service—today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well. DoorDash is a San

Outlook for Web Bans 38 More File Extensions in Email Attachments

Thu, 26/09/2019 - 16:21
Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny

Thu, 26/09/2019 - 08:33
Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant "full access" permissions to enable

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

Tue, 24/09/2019 - 15:58
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication. Written in

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

Tue, 24/09/2019 - 11:43
A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp,

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples

Tue, 24/09/2019 - 10:03
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage. Over the past

Cynet 360: The Next Generation of EDR

Tue, 24/09/2019 - 07:41
Many organizations regard Endpoint Detection and Response (EDR) as their main protection against breaches. EDR, as a category, emerged in 2012 and was rapidly acknowledged as the best answer to the numerous threats that legacy AV unsuccessfully struggled to overcome – exploits, zero-day malware and fileless attacks are prominent examples. While there is no dispute on EDR's efficiency against a

Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw

Tue, 24/09/2019 - 04:48
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the

Pages