#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

HTTP | Breaking Cybersecurity News | The Hacker News

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Mar 24, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982 , the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. While an 'opkg install' command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package or software update without verification. If exploited successfully, a remote attacker could gain complete control over the targeted OpenWrt network device, and subsequently, over the netwo
How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Apr 11, 2016
Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users. The Online Privacy relies heavily on SSL/TLS Certificates and encryption keys to protect millions of websites and applications. As explained in our  previous article on The Hacker News , the current Digital Certificate Management system and trusted Certificate Authorities (CAs) are not enough to prevent misuse of SSL certificates on the internet. In short, there are hundreds of Certificate Authorities, trusted by your web browsers and operating systems, that has the ability to issue certificates for any domain, despite the fact you already have one purchased from another CA. An improper
Code Keepers: Mastering Non-Human Identity Management

Code Keepers: Mastering Non-Human Identity Management

Apr 12, 2024DevSecOps / Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or
Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

Jul 28, 2014
In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against government surveillance, but some left security holes that may expose your personal data. A critical issue on Instagram's Android Application has been disclosed by a security researcher that could allow an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Instagram , acquired by Facebook in April 2012 for approximately US$1 billion, is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, apply digital filters, and share them on a variety of social networking services, such as Facebook, Twitter, Tumblr and Flickr.
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources