Search results for Security | Breaking Cybersecurity News | The Hacker News

Sony Hires Ex- Homeland Security Official after PlayStation Hack Sony has hired a former official at the US Department of Homeland Security for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks. Philip Reitinger, formerly the director of Homeland Security's National Cyber Security Center, will join Sony in the newly created position of chief information security officer and a senior vice president. The new hire signals a heightened seriousness by Sony in the aftermath of an intrusion into its online videogame service earlier this year. The breach compromised the personal information of more than 100 million accounts from its online networks, including the possible loss of some credit card information. Sony said there have been no reports of any credit card data theft. Sony shut down the PlayStation Network and Qriocity streaming video and music network on April 20, kee

Today Microsoft has released its Advance Notification for the month of June 2014 Patch Tuesday releasing seven security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity. This Tuesday, Microsoft will issue Security Updates to address seven major vulnerabilities and all those are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Word, Microsoft Office and Internet Explorer. CRITICAL VULNERABILITY THAT YOU MUST PATCH Bulletin one is considered to be the most critical one, which will address a the zero-day Remote Code Execution vulnerability, affecting all versions of Internet Explorer, including IE11 in Windows 8.1.  All server versions of Windows are affected by this vulnerability, but at low level of severity because by default, Internet Explorer runs in Enhanced Security Configuration and just because Server Core version

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

If you own a D-Link wireless router, especially DWR-932 B LTE router , you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration. If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks. Moreover, your hacked router can be easily abused by cybercriminals to launch massive Distributed Denial of Service (DDoS) attacks, as the Internet has recently witnessed record-breaking 1 Tbps DDoS attack that was launched using more than 150,000 hacked Internet-connected smart devices. Security researcher Pierre Kim has discovered  multiple vulnerabilities in the D-Li

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system " Tails " that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users' communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server, and Visual Studio. None of the vulnerabilities addressed this month by the tech giant were disclosed publicly at the time of release, leaving the two recently disclosed zero-day flaws in Internet Explorer and Edge browsers still open for hackers. However, two new privilege escalation vulnerabilities, which affect all supported versions of the Windows operating system, have been reported as being actively exploited in the wild. Both rated as important, the flaws ( CVE-2019-0803

In New York on Sunday, lawmakers urged President Obama to expand the U.S. State Department's foreign policy mechanisms to address crime and security on the Internet. The recent attacks on companies that severed ties to WikiLeaks were cited as one of the main reasons these changes were needed. Standing at Symantec's New York City office, Senator Kirsten Gillibrand and Representative Yvette D. Clarke urged the President to adopt proposals that protect New York businesses and infrastructure. These proposals would put foreign countries that fail to enforce cyber security laws on notice, and even apply sanctioning to those that do not cooperate. For the past week, the lawmakers explained during a press event, MasterCard, Visa, PayPal, and other American companies were sabotaged by a string of coordinated attacks. The reason for said attacks is due to the fact that each company cut ties to WikiLeaks. They said the global cyber assault was "intended to flood the companies' web

Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word! By sha

Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory." Natalie Silvanovich also published a  proof-of-concept (PoC) exploit code that fits in a single tweet. The reported RCE vulnerability , according to the duo, could work against default installations with "wormable" ability – capability to replicate itself on an infected computer and then spread to other PCs automatically. According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft

NeXpose 5.0 vulnerability management solution Released by Rapid7 Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 65,000 vulnerability checks for more than 16,000 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulati

Should you put a tape or a sticker over the lens of your laptop's webcam? Yes, even Facebook CEO Mark Zuckerberg and FBI Director James Comey do that. Covering your laptop's webcam might be a hell cheap and good idea to guard against hackers and intruders who might want to watch your private life and environment through your devices. In fact, Comey recently came out defending his own use of tape to cover his personal laptop's webcam. People Are Responsible for Their Safety, Security & Privacy During a conference at the Center for Strategic and International Studies, when Comey was asked that he still put tape over his cameras at home, he replied: "Heck yeah, heck yeah. And also, I get mocked for a lot of things, and I am much mocked for that, but I hope people lock their cars… lock your doors at night. I have an alarm system. If you have an alarm system you should use it, I use mine." Comey went on to explain that it was common practice at

After hacking social media accounts of HBO and its widely watched show Game of Thrones , a notorious group of hackers calling itself OurMine took control over the official Twitter and Facebook accounts for Sony's PlayStation Network (PSN) on Sunday. After taking over the accounts, OurMine, Saudi Arabian group of hackers which claims to be a "white hat" security firm, posted its first tweet on Sunday evening, claiming to have breached PlayStation Network and stolen its database. The tweet followed by a series of tweets encouraging the company to contact the hacking group through its website to buy its IT security service in an effort to protect itself from future cyber attacks. "PlayStation Network Databases leaked #OurMine," the first tweet by OurMine on the compromised PlayStation Twitter account read.  "No, we aren't going to share it, we are a security group if you work at PlayStation then please go to our website," the followed Twe

Apple's latest 35.4 MB update of  iOS 7.0.6  doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Apple provides very little information when disclosing security issues, ' For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. ' said in the security advisory . Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL) and the details are: Impact:  The vulnerability assigned CVE-2014-1266 and  affects both the iOS and OS X operating systems , describes as ' Secure Transport failed to validate the authent

A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains. Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers. Critical Flaws Reported in Popular Web Hosting Services Yibelo tested all the below-listed vulnerabilities on all five web hosting platforms and found several account takeover, cross-scripting, and in

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: ' Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics .' Join us for an insightful session led by Jose Hernandez of Lacework Labs, where we dissect and analyze the year's most pressing cloud security issues. This webinar is not just about theory; it's a practical guide filled with actionable strategies to shield your organization from advanced threats in the cloud.  Highlights include: Kubernetes Security Breaches:  Explore the surge in Kubernetes-related vulnerabilities and the concerning increase in administrative plane abuses. Zenbleed in Focus:  Understand the far-reaching impact of the Zenbleed vulnerability and how Lacework Labs is

After being an owner of Smartphones, now it's your turn to own a Smart Car. Wouldn't it sound great if you could use your favorite mobile apps on Car's dashboard display? Yes! You heard right.. Google has tied-up with several Auto manufacturers with the goal to bring Android to Cars with built-in controls and hardware by the end of this year. Google has announced at the CES technology trade show in Las Vegas, the Open Automotive Alliance (OAA) will achieve this with their partners i.e. General Motors, Honda, Audi, Hyundai and chipmaker Nvidia. This new project is designed to accelerate innovation in the Automotive sector, with the customized version of most popular mobile platform 'Android' for Cars, that will bring Google Places, Maps, Voice, Earth and developer support to cars. " This open development model and common platform will allow automakers to more easily bring cutting-edge technology to their drivers, and create new opportunities for developers to delive

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI)  said  in a tweet last week. "Any maintainer of a critical project (both 'Maintainers' and 'Owners') are included in the 2FA requirement," it  added . Additionally, the developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team. PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over  3,500 projects  are said to be tagged with a "critical" designation. According to the repository maintainers, any project accounting for the top 1%

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed. Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million. Equifax last month announced that it had suffered a massive data breach that exposed highly sensitive data of hundreds of millions of its customers, which includes names, social security numbers, dates of birth and addresses. In addition, credit card information for nearly 209,000 customers was also stolen, as well as certain documents with personally identifying information (PII) for approximately 182,000 Equifax consumers. The breach was due to a critical vulnerability ( CVE-2017-5638 ) in Apache Struts 2 framework, which Apache patched over two months earlier (on March 6) of the security incident. Equifax was e

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se

Warning for Adobe users! Another zero-day vulnerability has been discovered in Adobe Flash Player   that is actively being exploited by cyber crooks in drive-by download attacks, security researchers warned today. This is for the third time in last few weeks when Adobe is dealing with a zero day vulnerability in Flash Player. The Adobe Flash Player Vulnerability identified as CVE-2015-0313 , exists in the latest version of Flash Player, i.e. version 16.0.0.296 and earlier. In late January, Adobe released an updated version of its Flash player software that patches zero-day vulnerability, tracked as CVE-2015-0311 , spotted by French security researcher Kafeine. This Adobe Flash Player Vulnerability was also being actively exploited via Malvertisement and drive-by-download attacks. In case of a "drive-by-download" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw cou

The IT sector has become one of the most significant growth catalysts for the Indian economy. The government approved the National Cyber Security Policy that aims to create a secure computing environment in the country and build capacities to strengthen the current set up with focus on manpower training. The policy was approved by the Cabinet Committee on Security (CCS) that lays stress on augmentation of the India's indigenous capabilities in terms of developing the cyber security set-up.  The policy is not aimed only at government entities and big business, but at home users as well. It aims to create a cyber security framework that will address all related issues over a long period.  The framework will lead to specific actions and programmes to enhance the security posture of country's cyber space. Cyber Security Policy will also help in enhancing the intelligence as its integral component and help in anticipating attacks and adopt, counter measures.