A 19-year-old completely self-taught hacker from Argentina has just been recognized as the first bug bounty hacker to earn more than $1 million in bounty payout awards, according to HackerOne. Santiago Lopez, the hacker, who uses the handle @try_to_hack, has been discovering and disclosing vulnerabilities through HackerOne’s bug bounty program since 2015. In 2016, he earned
The 2018 Holiday shopping season was the biggest on record for e-commerce, with nearly $126 billion in online sales. But as e-commerce continues to expand, the demand for warehouse workers is growing faster than the labor supply and creating an increased need for automation. Given its dominance in e-commerce and the massive scale of its business, there’s no surprise
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of
The Gillmor Gang — Frank Radice, Denis Pombriant, Michael Markman, Keith Teare, and Steve Gillmor . Recorded live Saturday March 2, 2019. Netflix and the mining of social capital, bingewashing and the new prime time, how AOC asks the right questions. Produced and directed by Tina Chase Gillmor @tinagillmor @fradice, @denispombriant, @mickeleh, @kteare, @stevegillmor Liner
Artificial intelligence continues to evolve, but most IT systems still need human intervention to stay operational. Threat actors face the same issue when controlling their malware. Consider the malware cyber kill chain. Its components have remained the same, but when you dig into the details, many aspects have changed, requiring enterprises to update their protections.
Even though misconfigurations in public clouds create risks to enterprise security, a new study found that more than half of IT professionals do not really understand the risks inherent in public cloud misconfigurations as well as they understand risks within their traditional IT environments. The 2019 State of Enterprise Cloud and Container Adoption and Security
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed.
The organization was the victim of a water-hole attack, likely attributable to the APT LuckyMouse group The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016. Indeed, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help
The state of Massachusetts is reportedly facing increased cyber threats from adversaries who are trying to steal sensitive information, according to the Gloucester Daily Times. In an interview with Stephanie Helm, director of the MassCyberCenter, State House reporter Christian M. Wade learned that the state’s computer systems as well as Massachusetts businesses and individuals are
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive’s service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief
Cryptocurrency mining tool Coinhive has decided to shut up shop, although not because of its rampant abuse by hackers over the past two years. The team behind the Monero miner revealed all in a brief post on Tuesday, claiming that the 18-month project had come to an end as it was no longer economically viable.
by John E Dunn Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD. Nicknamed ‘Thunderclap’ in a presentation at last week’s Network and Distributed System Security Symposium (NDSS), the vulnerability has to do with Direct Memory Access (DMA), a standard technique
Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution