Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving

Odds are good that the winner of this year’s RSA Conference Innovation Sandbox will be a security automation player — because almost all of the finalists for this year’s competition for “most innovative startup” highlight security automation in some form or another. As has happened almost every year since 2005, Innovation Sandbox finalists will face

Every app installed on your smartphone with permission to access location service “can” continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the

A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying vulnerabilities,

VirusTotal introduced an enterprise version that provides a faster malware search feature and uses N-gram content searches to identify threats. What is an N-gram content search and why is it so important? The practice of identifying threats and sharing information about those threats with defenders was an extension of signature techniques that have long been

Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens… thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password. In a report shared with The Hacker News, Bob Diachenko disclosed that two days ago

A vulnerable ConnectWise plugin led to several managed service providers being infected with GandCrab ransomware, but a new decryptor tool has provided relief for at least one of the victims. The vulnerable ConnectWise plugin was designed to sync data between the ConnectWise professional service automation software and the Kaseya VSA remote monitoring and management software.

Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately. Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical

How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints,

A researcher recently discovered an info-stealer — dubbed Vidar — that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated? Malware infections haven’t changed much over time, even taking into

It’s not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it’s more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader “CracksNow,” who had trusted status from many torrent sites, has now been banned from several torrent sites after he

Google this week touted security improvements based on human help, rather than algorithm smarts alone. Google announced, in 2018, its bug bounty program — aka Vulnerability Reward Program — paid out $3.4 million in total rewards to 317 researchers who submitted issues. Those 317 researchers, from 78 different countries, earned more than 1,300 rewards, with

Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical,

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web. Last week, The Hacker News received an email from a Pakistani hacker who claims to have

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if

Twice in the last three months, Dunkin’ Donuts — currently rebranding itself as Dunkin’ — was hit with a credential stuffing attack that affected an undisclosed number of members of its DD Perks membership program. The company said one of its security vendors detected the attack and stopped most of the account intrusions, but it

The United States Department of Justice has announced espionage charges against a former US Air Force intelligence officer with the highest level of top-secret clearance for providing the Iranian government classified defense information after she defected to Iran in 2013. Monica Elfriede Witt, 39, was a former U.S. Air Force Intelligence Specialist and Special Agent

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that’s precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost all data and backup files for

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system. The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed

Machine learning has become a valuable component of network security products, but the technology is a mixed blessing. Unfortunately, hackers can also employ machine learning. Machine learning in network security separates legitimate network and application operations from attacks by building a set of rules that characterizes both activities. Meanwhile, attackers can use machine learning to

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to

Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of

Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug (CVE-2019-6223) was discovered by 14-year-old

A security researcher reported a supply chain attack that involved an official software repository for the Python programming language. How did this supply chain attack work? There isn’t a sysadmin or programmer around who hasn’t cursed a software installer or its associated instructions that overlook something that results in a failed install. The frustration of

Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don’t have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been

For all of the undeniable conveniences the Internet has brought us, it’s becoming an increasingly dangerous place to be. Both individual hackers and entire government agencies are now able to hack into your computer or smartphone from across the globe and steal everything from your browsing history to your credit card numbers, and they’re often

The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC). Yes, infinite… like a never-ending source of money. Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to

Multifactor authentication products can provide significant benefits to an enterprise, but the technology is complex,… and the tools themselves can vary greatly from vendor to vendor. It’s helpful to examine sample use cases for specific tools to show how a vendor’s product can meet the multifactor authentication (MFA) needs and requirements of an enterprise. Here

It’s 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I’m not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives—LibreOffice and Apache OpenOffice—free, open source office software used by millions of Windows, MacOS and Linux

Just because an app is available on Google Play Store doesn’t mean that it is a legitimate app. Despite so many efforts by Google, some fake and malicious apps do sneak in and land millions of unaware users on the hunting ground of scammers and hackers. Cybersecurity firm Trend Micro uncovered at least 29 devious