If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a

Managing the security of a business’s applications and data is a touchy subject. After all, the more digitized a business gets, the more it relies on safeguards to keep sensitive information and intellectual property away from those who seek to find it. As a result, the traditional method of ensuring data security is being held

Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries. According to a new report Armis researchers shared with The Hacker News

Yesterday, some residents of Johannesburg, the largest city in South Africa, were left without electricity after the city’s power company got attacked by a ransomware virus. City Power, the company responsible for powering South Africa’s financial capital Johannesburg, confirmed Thursday on Twitter that it had been hit by a Ransomware virus that had encrypted all

Quantum computers, cryptography and encryption are a potent mix, especially because quantum computers could eventually give attackers a practical method for decrypting almost all traditionally encrypted data. Although the potential for quantum computing was first posited in 1982 by physicist Richard Feynman, and the MIT mathematician Peter Shor reported an algorithm that would enable quantum

Are you using LibreOffice? You should be extra careful about what document files you open using the LibreOffice software over the next few days. That’s because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file. LibreOffice is one of the

Marcus Hutchins, better known as MalwareTech, has been sentenced to “time served” and one year of supervised release for developing and selling the Kronos banking malware. Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court. In response to today’s sentencing Hutchins said: “Sentenced to time

Are you using an Android device? Beware! You should be more careful while playing a video on your smartphone—downloaded anywhere from the Internet or received through email. That’s because, a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android

Backup provider Acronis is evolving into a cybersecurity vendor. Acronis CEO Serguei Beloussov said backup alone is not enough to provide true data protection. In order to be fully protected, organizations need to guarantee their data is recoverable, accessible, private, authentic and secure. Later this year, Acronis will be launching security products with its backup

The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal. Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices

Blockchain technology is conceptually rather complicated. It is, however, based on basic, known technologies such as peer-to-peer networks and distributed ledger. At its core, blockchain is a distributed ledger technology for recording transactions between two or more parties. It’s been used primarily to support cryptocurrencies, but that’s changing as other uses, such as data storage,

A German security researcher has publicly disclosed details of a severe vulnerability in one of the most popular FTP server applications, which potentially could affect over one million servers. The vulnerable software in question is ProFTPD, an open source FTP server that is being used by a large number of popular businesses and websites including

Enterprises should expect to see more cyber attacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used by hackers to extort them. Enterprises are

Enzoic has launched a new version of Enzoic for Active Directory that includes support for real-time password monitoring to fight against the use of compromised passwords. Enzoic for Active Directory screens users’ passwords against its continuously updated database of compromised credentials, including billions of unique username and password combinations, according to the vendor. Microsoft Azure

Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users

Organizations with a BYOD policy may find that it helps with lowering costs, but BYOD forces IT to address issues such as data leakage and user privacy. Enterprise mobility management (EMM) and unified endpoint management (UEM) platforms accommodate BYOD with features such as mobile app-wrapping and mobile app containers, but these privileges can lead to

Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It’s a known fact that there are a very few strains of Linux malware exist in the wild as

If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you’re not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in

In the wake of GandCrab shutting down and master decryption keys being released, a new ransomware threat is emerging. The GandCrab ransomware had been one of the more dangerous threats since its first appearance in early 2018, but the group behind the ransomware as a service (RaaS) announced its retirement last month. On Monday, the

If you use Slack, a popular cloud-based team collaboration server, and recently received an email from the company about a security incident, don’t panic and read this article before taking any action. Slack has been sending a “password reset” notification email to all those users who had not yet changed passwords for their Slack accounts

Getting started can be the most tedious part of any task, especially when the task is as daunting and perplexing as network security. But the task is manageable, as long as one understands the topic’s basics. To ensure a network security strategy operates optimally and efficiently, IT pros should start with the basics, such as

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. According to multiple sources in local Bulgarian media, an unknown hacker earlier this week emailed them download links to 11GB of stolen

The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also

Zoom faced privacy concerns after the disclosure of a vulnerability that could allow threat actors to use the video conferencing software to spy on users. The Zoom vulnerability, originally reported to only affect the Mac version of the software, has been found to partially affect Windows and Linux as well. Jonathan Leitschuh, software engineer at

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple’s iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed

The CryptoLocker virus turns your virtual servers — the life of your data center — into encrypted blocks of data waiting for an unlock code. Although no fix is ever completely effective, there are methods to more easily and safely recover your virtual data. CryptoLocker viruses are a form of malware that encrypts your data

After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement

The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam,

It’s been called a tech pipeline: a recruitment path for graduates of computer science or national security, both traditionally male-dominated disciplines, into the cybersecurity workforce. This pipeline is one reason why the cybersecurity industry is so homogenous in terms of diverse backgrounds. When hiring managers choose from a pool of candidates who share similar backgrounds,

Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That’s definitely a ‘NO,’ which is