#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Proxy | Breaking Cybersecurity News | The Hacker News

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Jun 30, 2023 Privacy / Tech
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were  first reported  by BBC Persian. Some of the other improvements include streamlined steps to simplify the setup process as well as the introduction of shareable links to "share functioning/valid proxy addresses to their contacts for easy and automatic installation." Support for  proxy servers  was officially launched by the messaging service  earlier this January , thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp. The company has also made available a  reference implementation  for setting up a proxy server with ports 80, 443, or 5222 available and a domain name that points to the server's IP address.
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

Mar 16, 2022
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it  B1txor20  "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." First observed propagating through the  Log4j vulnerability  on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control (C2) servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a  SOCKS5 proxy , and functions to upload sensitive information back to the C2 server. Once a machine is successfully compromised, the malware utilizes the DNS tunnel to retrieve and execute co
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Critical Bug Reported in NPM Package With Millions of Downloads Weekly

Critical Bug Reported in NPM Package With Millions of Downloads Weekly

Sep 13, 2021
A widely used NPM package called ' Pac-Resolver ' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.  The flaw, tracked as  CVE-2021-23406 , has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects Pac-Resolver versions before 5.0.0. A Proxy Auto-Configuration ( PAC ) file is a JavaScript function that determines whether web browser requests should be routed directly to the destination or forwarded to a web proxy server for a given hostname. PAC files are how proxy rules are distributed in enterprise environments. "This package is used for PAC file support in  Pac-Proxy-Agent , which is used in turn in  Proxy-Agent , which then used all over the place as the standard go-to package for HTTP proxy auto-detection and configuration in Node.js," Tim Perry  said  in a
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Anonymous Search engine 'DuckDuckGo' Android app offers Tor integration

Anonymous Search engine 'DuckDuckGo' Android app offers Tor integration

Oct 03, 2013
The world of mobile search is about to get a bit more anonymous. Thanks to the fears over government surveillance and corporate tracking, Anonymous Search Engine DuckDuckGo continues to break its own search records. DuckDuckGo Search & Stories - Android app deliver the same functionality as traditional services such as Google but with the added promise that your IP address and identity will not be recorded.  In June, Anonymous search engine  DuckDuckGo  had launched its app for  iOS  and Android and during recent update, DuckDuckGo's application for Android also integrated the Tor support. " Privacy is perhaps more important on mobile than on the web, and we haven't had many private alternatives ," DuckDuckGo founder Gabriel Weinberg said. To enable Tor with DuckDuckGo android app, user need to Check " Enable Tor " from setting. It will prompt the user to install about application to anonymize the Mobile data communication. As a search
On 10th Anniversary 'The Pirate Bay' Releases Its Own uncensored Web Browser 'PirateBrowser'

On 10th Anniversary 'The Pirate Bay' Releases Its Own uncensored Web Browser 'PirateBrowser'

Aug 10, 2013
No matter how much effort an ISP puts in or the government does, censorship always gets a backdoor . One of the biggest Controversial File Sharing site ' The Pirate Bay ' is censored in various capacities in some countries around the world, but Pirate Bay is celebrating its 10th birthday in Stockholm sponsored by an energy drinks maker. On their 10th anniversary the site is releasing its " Pirate Browser ," a custom Firefox browser that skirts Internet censorship and lets you access the Pirate Bay from anywhere.  However, Its founders recently served jail time for their activities, with one of the founders going back to prison in an unrelated Swedish hacking case. PirateBrowser is meant to focus more on unrestricted access to the Internet than it is about being able to download new episode of Breaking Bad without paying for them, but one tends to be a function of the other. According to the Pirate Browser website, It's a customized Firefox 23 and inclu
Cybersecurity Resources