You are here


Subscribe to THN feed THN
The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
Updated: 1 hour 19 min ago

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

Wed, 03/04/2019 - 09:22
The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside entity gained "unauthorized access" to its web application and accessed the University’s central

Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations

Wed, 03/04/2019 - 07:51
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

Wed, 03/04/2019 - 07:18
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their

Facebook Caught Asking Some Users Passwords for Their Email Accounts

Wed, 03/04/2019 - 04:08
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration. However, Facebook has been found asking some newly-registered users to provide the social

New Apache Web Server Bug Threatens Security of Shared Web Hosts

Tue, 02/04/2019 - 14:38
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

Mon, 01/04/2019 - 12:22
In today’s world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal’s dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More than half of the known cases of massive data breaches over the past year originated from unsecured

How Endpoint Management Can Keep Workplace IT Secure

Mon, 01/04/2019 - 12:07
Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure. Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hackers constantly probe networks for vulnerable endpoints to breach. For example, systems and

Hackers Steal $19 Million From Bithumb Cryptocurrency Exchange

Sat, 30/03/2019 - 07:09
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today. According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

Sat, 30/03/2019 - 04:30
A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of which affects the latest version of Microsoft Internet Explorer and another affects the latest Edge Browser—allow

Commando VM — New Windows-based Distribution for Hackers and Pentesters

Fri, 29/03/2019 - 09:43
FireEye today released Commando VM, a first of its kind Windows-based security distribution for penetration testing and red teaming. When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers. However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone's cup of tea

Here's the List of ~600 MAC Addresses Targeted in Recent ASUS Hack

Fri, 29/03/2019 - 08:16
EXCLUSIVE — While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users. Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Fri, 29/03/2019 - 05:48
If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of

Ex-NSA Contractor Pleads Guilty to 20-Year-Long Theft of Classified Data

Fri, 29/03/2019 - 03:59
A former National Security Agency contractor—who stole an enormous amount of sensitive information from the agency and then stored it at his home and car for over two decades—today changed his plea to guilty. The theft was labeled as the largest heist of classified government material in America's history. Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, abused his

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

Thu, 28/03/2019 - 13:00
Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to

Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms

Thu, 28/03/2019 - 05:18
An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday. Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide

New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps

Tue, 26/03/2019 - 11:14
Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications. Since almost all Facebook-owned apps by default use security mechanisms such as Certificate Pinning to ensure integrity and confidentiality of the traffic, it makes it harder for white hat

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

Tue, 26/03/2019 - 09:08
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Tue, 26/03/2019 - 05:44
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system. According to

Warning: ASUS Software Update Server Hacked to Distribute Malware

Mon, 25/03/2019 - 13:27
Remember the CCleaner hack? CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017. Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS. <!-- adsense --> A group of state-sponsored