#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

File sharing | Breaking Cybersecurity News | The Hacker News

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
Nov 25, 2023 Data Security / Vulnerability
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 (CVSS score: 10.0) - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. CVE-2023-49105 (CVSS score: 9.8) - WebDAV Api Authentication Bypass using Pre-Signed URLs impacting core versions from 10.6.0 to 10.13.0. CVE-2023-49104 (CVSS score: 9.0) - Subdomain Validation Bypass impacting oauth2 prior to version 0.6.1. "The 'graphapi' app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo)," the company  said  of the first flaw. "This information includes all the environment variables of the web server. In containerized deplo

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords
Sep 05, 2018
Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Malicious MEGA Chrome Extension Steals Passwords Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Awesome! WhatsApp Now Lets You Send Files of Any Format

Awesome! WhatsApp Now Lets You Send Files of Any Format
Jul 14, 2017
Have you ever felt like wishing of sending any type of file immediately to your friends and office colleagues on WhatsApp directly, instead of just contacts, images or documents? Well, now you can… The latest version of WhatsApp for Android and iOS now allows users to send and receive any type of files, whether it's .mp3, .avi, .php, zip files, or even APKs. The company last month rolled out this feature to its beta users for Android, and now after being tested successfully, the feature is being released to all WhatsApp users in the latest public update for iOS and Android. The ability to send any file types also works on the WhatsApp-Web client . And of course, there's a file-size limit: Android users can send files up to 100MB iOS users can send files up to 128MB While WhatsApp-web users can only send up to 64MB To send any file format you just need to select 'Document' from 'Attach.' Additionally, the latest update of the app will allow you to select photos

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Dropbox Hacked — More Than 68 Million Account Details Leaked Online

Dropbox Hacked — More Than 68 Million Account Details Leaked Online
Aug 31, 2016
Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach. Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users. However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase , Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users. An unnamed Dropbox employee verified the legitimacy of the data. Out of 68 Million, almost 32 Million passwords are secured using the strong hashing function " BCrypt , " making difficult for hackers to obtain users' actual passwords, while the rest of the passwords are hashed with the SHA-1 hashing algorithm . These password hashes als

Over 51 Million Accounts Leaked from iMesh File Sharing Service

Over 51 Million Accounts Leaked from iMesh File Sharing Service
Jun 13, 2016
How many more data dumps does this hacker have with him that has yet to be exposed? Well, no one knows the answer, but we were recently made aware of another data breach from Peace – the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . The hacker under the nickname "Peace" (or Peace_of_mind) is now selling over 51 Million records obtained from iMesh – now defunct peer-to-peer file sharing service. The New York-based iMesh was one of the first and most popular file sharing services that allowed users to share multimedia files with their friends via the peer-to-peer (or P2P) protocol. Launched in the late 90s, iMesh became the third-largest service in the United States in 2009, but the service was unexpectedly closed down last month. LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that the comp

Kanye West, Who wants to destroy 'The Pirate Bay', Caught using Torrent Site

Kanye West, Who wants to destroy ‘The Pirate Bay’, Caught using Torrent Site
Mar 02, 2016
The 38-year-old rapper Kanye West is at the centre of controversy once again. West is himself a Pirate Lover just like everyone else, and he proved it today by sharing a photo of his laptop screen on Twitter. The rapper tweeted an ill-judged picture on Tuesday night to show what he was listening to on YouTube ( Sufjan Stevens' 'Death With Dignity' song ), but his fans discovered something he would have hide if realized before sharing that snap. Taking a closer look at the address bar was quite revealing, showing two very interesting tabs: The notorious file-sharing website The Pirate Bay MediaDownloader Pirate Bay Offers Tech Support to Kanye West West's recent album The Life of Pablo was involved in a piracy concern. He was so outraged when he saw his recent album was being pirated by 500,000 downloads in just two days that he considered taking legal action against The Pirate Bay . However, in a recent tweet West accidentally revealed his own pirate habi

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit
Jan 27, 2016
What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's " 12345678 " as a Hard-Coded Password . Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone who can guess '12345678' password. The Chinese largest PC maker made a number of headlines in past for compromising its customers security. It had shipped laptops with the insecure  SuperFish adware , it was  caught using Rootkit  to secretly install unremovable software, its  website was hacked , and it was  caught pre-installing Spyware  on its laptops. Any of these incidences could have been easily prevented. Now, Research center of Core Security CoreLabs issued an advisory on Monday that revealed several software vulnerabilities in Lenovo SHAREit app for Windows and Android that could result in: Information leaks Security protocol bypas

Swedish Court — 'We Can't Ban The Pirate Bay'

Swedish Court — 'We Can't Ban The Pirate Bay'
Nov 30, 2015
The controversial file-sharing website The Pirate Bay will still be running in Sweden as the District Court of Stockholm on Friday ruled that they be unable to force the internet service providers (ISPs) to block the website from operating. The Pirate Bay is an infamous Swedish search engine predominantly used worldwide for pirating material, such as software, movies, music files and TV shows, entirely free of charge. Numerous ISPs around Europe block the Pirate Bay, but the notorious site will not be inaccessible in its home country Sweden, at least for now, according to the local media . Last year, a lawsuit was filed by Warner Music, Sony Music, Universal Music, Nordisk Film and the Swedish Film Industry in order to force Swedish ISP broadband companies to block the Pirate Bay, claiming them liable for the infringements of its customers. Also Read:   The Pirate Bay Runs on 21 "Raid-Proof" Virtual Machines To Avoids Detection However, the Broadband

File Hosting Service RapidShare Shutting Down

File Hosting Service RapidShare Shutting Down
Feb 11, 2015
Remember RapidShare ? Once one of the world's most popular and first ever one-click online file hosting and cloud storage website on the Internet. The company has announced that it will shut down its business at the end of next month. RapidShare file hosting service announced its shut down Tuesday through a notice on its official website, saying that it will stop active service on March 31, 2015. All user accounts on the website will no longer be available after this date, and all files will be deleted automatically. WHAT RAPIDSHARE USERS MUST DO ? " We strongly recommend all customers to secure their data. After March 31st, 2015 all accounts will no longer be accessible and will be deleted automatically ," the notice on RapidShare official website reads. Just two days back, the most popular Torrent website KickAss Torrents banned by the .so registry (Somalian registry), forcing the site's operators to switch to another domain. Now, suddenly the ol

Telegram Messenger Offers Large File Sharing up to 1.5GB while you Chat

Telegram Messenger Offers Large File Sharing up to 1.5GB while you Chat
Feb 02, 2015
In spite of all the things smartphones can do, messaging remains one of the most popular activities. Popular messaging apps like WhatsApp , Viber, WeChat  support text messages, voice calls, photo & video sharing features, but there is no provision for sharing every file types on these amazing messengers. But, some or the other day, we all got struck into an awkward situation where we have to share PDF, apk or zip files with our friends while chatting. However using any other 3rd-party file sharing services, we can share image, video, audio, zip files or any other file type with our friends, but it would be a lengthy process and sometimes require to use computer. Gone are the days when you relied on your computer to get all of your work done. Telegram Messenger , the most popular and ultra secure messaging application, is now offering file sharing feature that allows its users to share large files and documents (up to 1.5GB) securely . Telegram is a messaging a
Cybersecurity Resources