OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group,
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East.
Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups—APT34, also known as ITG13 and Oilrig, and Hive0081,
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.
One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take
In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects.
Among other things, the seized domains reportedly offered various counterfeit goods and pirated products and services, including pirated movies, illegal television streaming, music, electronics,
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post.
Compliance fatigue will spread among security professionals
Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019.
Driven by laudable
Facebook has finally started implementing the open source data portability framework as the first phase of 'Data Transfer Project,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter.
Facebook today announced a new feature that will allow its users to transfer their Facebook photos and videos to their Google Photos accounts—directly and
In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely.The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.Adobethe company owning Magento e-commerce platformtoday disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.
As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.According to a report published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with "credential phishing emails" that tried to trick
For the first time, The Hacker News launches a comprehensive Cybersecurity Salary Survey aimed to provide insights into the payment standards of security positions, enabling security professionals to benchmark their salaries against their peers, as well as get clear insights into the leading roles, certifications, geo- and industry- components that factor a cybersecurity position payroll.
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts.In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users' personal
Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to
