News

As the world becomes more interconnected by the day, more and more companies of all sizes and industries are finding themselves under attack by fearless cybercriminals who can access their entire server farms from across the globe with only a few lines of code. And it’s not just private corporations that are suffering. A wide

Security researchers found vulnerabilities in the Qualcomm TrustZone secure element extension that could allow attackers to steal the most sensitive data stored on mobile devices. TrustZone implements architectural security extensions on ARM processors that can be integrated into the bootloader, radio, Android system image and a trusted execution environment (TEE) in mobile devices. Slava Makkaveev,

The recent controversies surrounding the WhatsApp hacking haven’t yet settled, and the world’s most popular messaging platform is in choppy waters once again. The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files

It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously. Starting with the country’s first-ever conviction for ‘SIM Swapping’ this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be

Security pros know October as National Cybersecurity Awareness Month. But October 2019 marked another important event: It was the fifth anniversary of the release of Docker 1.0. Since Docker was introduced, there has been a tremendous evolution in containers and the containerization ecosystem. Consider, for example, the emergence of container-focused cloud services, the proliferation of

Complying with cyber regulations forms a significant portion of the CISO’s responsibility. Compliance is, in fact, one of the major drivers in the purchase and implementation of new security products. But regulations come in multiple different colors and shapes – some are tailored to a specific vertical, while others are industry-agnostic. Some bare explicit consequences

ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News. With nearly 100 million downloads, ZoneAlarm offers antivirus software, firewall, and additional virus protection solutions to home PC users, small businesses, and mobile

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called “Delegated Credentials for TLS.” Delegated Credentials for TLS is a new simplified way to implement “short-lived” certificates without sacrificing the reliability of secure connections. In short, the new TLS protocol extension aims to effectively

ORLANDO — Microsoft will make cybersecurity training mandatory for all its employees and plans to release its internal training tools in a version that customers can use themselves, perhaps within a year. The disclosure was made during a session led by Ken Sexsmith, director of security training and awareness at Microsoft, at the Ignite conference

Do you always uncomfortable trusting companies with your data? If so, you’re not alone. While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company’s data. Unfortunately, when we say companies can’t eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an

Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business. Gartner’s “The Future of Network Security Is in the Cloud” report spells out the potential for the transformation of networking and security in the cloud, built upon a

Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network. In case you don’t own one of these, Amazon’s Ring Video Doorbell

SSL certificate abuse is driving an increasing number of phishing attacks, and little is being done to stop it. Last month, cybersecurity vendor Lookout announced that it had detected a phishing campaign targeting the United Nations and several U.N. humanitarian organizations, including but not limited to UNICEF. Lookout’s blog post detailed the “several noteworthy techniques

Two former employees of Twitter have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government, likely with the purpose of unmasking the identity of dissidents. According to an indictment filed on November 5 and unsealed just yesterday, one of the charged Twitter employees, American citizen Ahmad Abouammo,

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users’ data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorizedly access this information were primarily social media management and video streaming apps

The end of the year is coming, and it’s time for security decision-makers to make plans for 2020 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive2020 Security Plan PPT Template is built to simplify this task,

Threat Stack has announced Python support for its Threat Stack Application Security Monitoring product. The update comes with no additional cost as part of the Threat Stack Cloud Security Platform. With Python support for Application Security Monitoring, Threat Stack customers who use Python with Django and Flask frameworks can ensure security in the software development

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could

Cybersecurity researchers have spotted a new cyberattack, which is believed to be the very first but amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for a highly-critical remote code execution flaw in the Windows Remote

A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals. Dubbed “MessageTap,” the backdoor malware is a 64-bit ELF data miner that has recently been discovered installed on a

For security defenses to have any chance of working against cyberthreats, IT professionals need to stay on the offensive. One case in point: The increase in the types of security tools powered by AI and machine learning. These advanced technologies have definitely improved cyber-response capabilities, giving some hope to cybersecurity pros caught in a seemingly

Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity

Another day, another massive data breach—this time affecting a leading web technology company, as well as both of its subsidiaries, from where millions of customers around the world have purchased domain names for their websites. The world’s top domain registrars Web.com, Network Solutions, and Register.com disclosed a security breach that may have resulted in the

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted

Cybersecurity is perhaps the single greatest threat to any organization today. While hardly a new challenge, the proliferation of systems, data, cloud technologies, apps, devices and distributed endpoints has only exacerbated cybersecurity threats. Organizations must work harder than ever to safeguard their assets and customers. This goes beyond automating reactive measures. It now requires infosec

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over

Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come. All major United States mobile phone carriers, including AT&T, Verizon, T-Mobile, and Sprint, have

If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the

Their aim is to break into an organization’s network, systems and applications, but pen testers aren’t performing with ill intent. Also known as ethical hackers, these security evangelists’ job is to legally break in to ensure malicious attackers can’t exploit the same vulnerabilities. If a penetration tester career path is in your future, so too