A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base

When evaluating an identity and access management platform, the benefits far outweigh any drawbacks. That said, only a few identity and access management risks need to be considered when designing an IAM implementation and ongoing maintenance processes. For example, it’s important to note that as you begin to centralize the management of usernames and authentication

The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by

The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called “The Community” and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a method known as “SIM Swapping.” According to the

With your plan of attack in hand, building data gathered from the data request, a flashlight and notebook, you can begin to perform the building security assessment. Here are some examples to consider as part of the review that are relative to the hierarchy of systems identified in part one of this series. Editor’s note:

The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim

Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting malicious JS scripts

The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making the sound incident response a required capability in any organization’s security stack. To assist in this critical mission, Cynet is launching a free IR tool

Cybercriminals are turning their attention away from consumers to focus on businesses, a recent report from Malwarebytes found. According to the “Cybercrime Tactics and Techniques Q1 2019” report, overall detections of enterprise security threats are rising steadily. While consumer detections declined by almost 40% from the final quarter of 2018, business detections increased by about

Wyzant—an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing “certain personal identification information” for its customers. The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals

The Information Technology industry has seen exponential growth over the years. It is essential for everyone to earn cybersecurity certification if you want to be a part of this growing industry. Organizations always prefer employees with strong internationally-recognized professional certifications. It proofs your skills, knowledge, and gives more credibility to advance your career. IT Certification

Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after

Editor’s note Once considered an afterthought in software design, application security is increasingly top of mind for developers. The way applications are used these days — accessed over networks — invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to

Europol announced the shut down of two prolific dark web marketplaces—Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers. Dell SupportAssist, formerly known as Dell System Detect, checks the health of your

WikiLeaks founder Julian Assange has been sentenced to 50 weeks—for almost a year—in prison by a London court for breaching his bail conditions in 2012 and taking refuge in the Ecuadorian embassy for nearly 7 years. The 47-year-old Assange was arrested last month by London’s Metropolitan Police Service after the Ecuadorian government suddenly withdrew his

On Jan. 4, 2018, Facebook CEO Mark Zuckerberg posted his New Year’s resolution, vowing to fix Facebook’s various issues with abuse, election interference and misinformation campaigns. But a timeline of events since then shows a bevy of Facebook security and data privacy issues. In February 2018, Facebook was found guilty in German and Belgian courts

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail,

Open source and information security applications go together like peanut butter and jelly. The transparency provided by open source in infosec applications — what they monitor and how they work — is especially important for packet sniffer and intrusion detection systems (IDSes) that monitor network traffic. It may also help explain the long-running dominance of

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies—that’s about one month’s revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet; instead,

Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems

Best practices — we all know they’re important. Most of the time, they’re static guidelines on how to design or implement systems. But in terms of email security, best practices for employees are almost always a combination of steps taken by security architects and a set of desired behaviors for an organization’s email system end

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support

A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on

Threat intelligence firm Flashpoint said dark web threats are evolving, and the company has a plan to give enterprises better visibility into such threats. The New York-based cybersecurity vendor introduced on Wednesday a new version of its Flashpoint Intelligence Platform to keep enterprise security teams better informed about dark web threats and new threat actor

U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a “geofence” warrant, authorities obtain location history of

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more

An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified. Founded over two decades

BOSTON — Forcepoint believes it’s time for a more human-centric cybersecurity approach, and the company made a major investment to accelerate that vision. Forcepoint this week opened its new Cyber Experience Center, a 53,000-square-foot facility in Boston’s Seaport district. The center is designed educate enterprises about their current security challenges as well as promote a