Dedicated Hosting | Breaking Cybersecurity News | The Hacker News

A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains. Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers. Critical Flaws Reported in Popular Web Hosting Services Yibelo tested all the below-listed vulnerabilities on all five web hosting platforms and found several account takeover, cross-scripting, and in

South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files. However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted. The hosting company has already paid two installments at the time of writing and would pay the last installment of ransom after recovering data from two-third of its infected servers. According to the security firm Trend Micro , the ransomware used in the attack was Erebus that was first spotted in September last year and was seen in February this year with Win

Wing Security recently announced that basic third-party risk assessment is  now available as a free product . But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first...  What exactly is Third-Party Risk Management in SaaS? SaaS is rapidly growing, offering businesses convenience, swift implementations, and valuable opportunities. However, this growth introduces a security challenge where risks arise from the interconnected nature of SaaS supply chains. It is clear that before onboarding a new contractor or vendor, we need due diligence, security checks, and referrals. However, we now understand that in the SaaS domain, applications are, in fact, the go-to vendor of choice.  Let's explain: Any employee can very easily connect SaaS vendors to company data, granting them pe

Dark Web is right now going through a very rough time. Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said: " Hello, Freedom Hosting II, you have been hacked. " Freedom Hosting II is the single largest host of underground websites accessible only through Tor anonymising browser that hosts somewhere between 15 and 20 percent of all sites on the Dark Web, anonymity and privacy researcher Sarah Jamie Lewis estimated . Besides defacing all Dark Web sites hosted on Freedom Hosting II with the same message and stealing its database, the hackers also demanded a ransom for 0.1 Bitcoin (just over $100) to return the compromised data to the hosting service. Now, it has been reported that the stolen database from Freedom Hosting II has publicly been released online to a site hosted on the Tor network, wh

The Dutch hacker, who in 2013 was accused of launching the biggest cyberattack to date against the anti-spam group Spamhaus, escaped prison Monday even after he was sentenced to nearly 8 months in jail because most of his term was suspended. Sven Olaf Kamphuis , 39, was arrested in April 2013 by Spanish authorities in Barcelona based on a European arrest warrant for launching massive distributed denial of service (DDoS) attack against Spamhaus that peaked at over 300 Gbps. Spamhaus is a non-profit group based in Geneva and London that tracks spam and cyber-related threats, creates blacklists of those sites and then sells them to Internet Service Providers. However, the DDoS attacks on the company were so sustained that put "the proper functioning of the Internet at risk and thus the interests of many individuals, businesses and institutions," said the court. Kamphuis was initially sentenced to a total of 240 days, but he has already served 55 days in on remand aft

Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed. If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic. France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week. As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. 1 Tbps DDoS Attack Hits OVH IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (

Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks. This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world's leading web hosting companies. The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies. REASON BEHIND HACK According to SEA group, Endurance Group's BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their se

Code Spaces , a code-hosting and software collaboration platform used by different organizations for project management and development needs, was forced to shut down operations after an attacker compromised its internal system and deleted its customer's data and backups as well. This is really a nightmare for the code-hosting company based in Coventry, UK that claimed to offer " Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management. " Codespaces.com homepage shows a lengthy explanation on the attack and an apology from its customer. " Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility, " read the note. " As such at this point in time we have no alternative but to cease trading and concentra