#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Vulnerability | Breaking Cybersecurity News | The Hacker News

THN Weekly Roundup — 10 Most Important Stories You Shouldn't Miss

THN Weekly Roundup — 10 Most Important Stories You Shouldn't Miss

Jul 22, 2017
Here we are with our weekly roundup, briefing this week's top cyber security threats, incidents and challenges. This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit. We are here with the outline of this week's stories, just in case you missed any of them. We recommend you read the entire thing ( just click 'Read More' because there's some valuable advice in there as well ). Here's the list of this Week's Top Stories: 1. Feds Shuts Down AlphaBay and Hansa Dark Web Markets — Dream Market Under Suspicion On Thursday, Europol announced that the authorities had shut down two of the largest criminal Dark Web markets — AlphaBay and Hansa — in what's being called the largest-ever international operation against the dark web's black market conducted by the
Tor Launches Bug Bounty Program — Get Paid for Hacking!

Tor Launches Bug Bounty Program — Get Paid for Hacking!

Jul 20, 2017
With the growing number of cyber attacks and breaches, a significant number of companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Following major companies and organisations, the non-profit group behind Tor Project – the largest online anonymity network that allows people to hide their real identity online – has finally launched a " Bug Bounty Program ." The Tor Project announced on Thursday that it joined hands with HackerOne to start a public bug bounty program to encourage hackers and security researchers to find and privately report vulnerabilities that could compromise the anonymity network. HackerOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the United States Department of Defense for Hack the Pentagon initiative. Bug bo
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking

Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking

Jul 20, 2017
A security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that could allow hackers to execute malicious code on targeted Linux machines. Dubbed Bad Taste , the vulnerability ( CVE-2017-11421 ) was discovered by German researcher Nils Dagsson Moskopp, who also released proof-of-concept code on his blog to demonstrate the vulnerability. The code injection vulnerability resides in "gnome-exe-thumbnailer"  — a tool to generate thumbnails from Windows executable files (.exe/.msi/.dll/.lnk) for GNOME, which requires users to have Wine application installed on their systems to open it. Those who are unaware, Wine is a free and open-source software that allows Windows applications to run on the Linux operating system. Moskopp discovered that while navigating to a directory containing the .msi file, GNOME Files takes the filename as an executable input and run it in order to create an image thumbna
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Jul 18, 2017
Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application. Dubbed " Devil's Ivy ," the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices. The Devil's Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications. "When exploited, it allows an attacker to remotely access a video
Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Jul 18, 2017
Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don't care to apply patches on time. Late last year, Cisco's Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory. The Memcached application has been designed to speed up dynamic web applications ( for example php-based websites) by reducing stress on the database that helps administrators to increase performance and scale web applications. It's been almost eight months since the Memcached developers have released patches for three critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 and CVE-2016-8706) but tens of thousands of servers
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Jul 12, 2017
As part of this month's Patch Tuesday , Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain. NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems. Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely. The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode. L
Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely

Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely

Jul 07, 2017
Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models. Dubbed BroadPwn , the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges. "The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin. The BroadPwn vulnerability ( CVE-2017-3544 ) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at
Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

Jul 04, 2017
Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data. Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS X. It's the same software used by the former NSA contractor and whistleblower Edward Snowden to keep his communication secure from law enforcement. The vulnerability, labeled CVE-2017-7526 , resides in the Libgcrypt cryptographic library used by GnuPG, which is prone to local FLUSH+RELOAD side-channel attack. A team of researchers — from Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide — found that the "left-to-right sliding window" method used by the libgcrypt library for carrying out the mathematics o
Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Jun 29, 2017
A critical vulnerability has been discovered in Systemd , the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445 , actually resides in the ' dns_packet_new ' function of 'systemd-resolved,' a DNS response handler component that provides network name resolution to local applications. According to an advisory published Tuesday, a specially crafted malicious DNS response can crash 'systemd-resolved' program remotely when the system tries to lookup for a hostname on an attacker-controlled DNS service. Eventually, large DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution. This means the attackers can remotely run any malware on the targeted system or server via their evil DNS service
Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Jun 28, 2017
A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems. Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity. Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948 , in Skype Web's messaging and call service during a team conference call. The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday. "The issue can be exploi
A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

Jun 20, 2017
Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover. Dubbed Stack Clash , the vulnerability ( CVE-2017-1000364 ) has been discovered in the way memory was being allocated on the stack for user space binaries. Exploiting Stack Clash Bug to Gain Root Access The explanation is simple: Each program uses a special memory region called the stack, which is used to store short-term data. It expands and contracts automatically during the execution of any program, depending upon the needs of that program. According to researchers at Qualys, who discovered and reported this bug, a malicious program can attempt to use more memory space than available on the stack,
High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

Jun 01, 2017
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo, stands for "superuser do!," is a program for Linux and UNIX operating systems that lets standard users run specific commands as a superuser (aka root user), such as adding users or performing system updates. The flaw actually resides in the way Sudo parsed "tty" information from the process status file in the proc filesystem. On Linux machines, sudo parses the /proc/[pid]/stat file in order to determine the device number of the process's tty from field 7 (tty_nr), Qualys Security explains in its advisory . Although the fields in t
All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

May 25, 2017
Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. What's interesting about Cloak and Dagger attack? The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device. Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity. Cloak and Dagger attacks utilise two basic Android permissions: SYSTEM_ALERT_WINDOW ("draw on top") BIND_ACCESSIBILITY_SERVICE ("a11y") The first permissi
Wanna Cry Again? NSA’s Windows 'EsteemAudit' RDP Exploit Remains Unpatched

Wanna Cry Again? NSA's Windows 'EsteemAudit' RDP Exploit Remains Unpatched

May 25, 2017
Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB ( Server Message Block) was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month. Although Microsoft released patches for SMB flaws for supported versions in March and unsupported versions immediately after the outbreak of the WannaCry ransomware, the company ignored to patch other three NSA hacking tools, dubbed " EnglishmanDentist ," " EsteemAudit ," and " ExplodingCan ." It has been almost two weeks since WannaCry ransomware began to spread, which infected nearly 300,000 computers in more than 150 countries within just 72 hours, though now it has been slowed down. For those unaware, WannaCry exploited a Windows zero-day SMB bug that allowed remote hackers to hijack PCs running on unpatched Windows OS and then spread itself to other unpatched systems using its wormable capability.
18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

May 23, 2017
After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This popular image-processing library made headline last year with the discovery of the then-zero-day vulnerability, dubbed ImageTragick , which allowed hackers to execute malicious code on a Web server by uploading a maliciously-crafted image. Now, just last week, security researcher Chris Evans demonstrated an 18-byte exploit to the public that could be used to cause Yahoo servers to leak other users' private Yahoo! Mail image attachments. 'Yahoobleed' Bug Leaks Images From Server Memory The exploit abuses a security vulnerability in the ImageMagick library, which Evans dubbed
Latest Joomla 3.7.1 Release Patches Critical SQL Injection Attack

Latest Joomla 3.7.1 Release Patches Critical SQL Injection Attack

May 17, 2017
If your website is based on the popular Joomla content management system, make sure you have updated your platform to the latest version released today. Joomla, the world's second popular open source Content Management System, has reportedly patched a critical vulnerability in its software's core component. Website administrators are strongly advised to immediately install latest Joomla version 3.7.1, released today, to patch a critical SQL Injection vulnerability (CVE-2017-8917) that affects only Joomla version 3.7.0. " Inadequate filtering of request data leads to a SQL Injection vulnerability ." release note says. The SQL Injection vulnerability in Joomla 3.7.0 was responsibly reported by Marc-Alexandre Montpas, a security researcher at Sucuri last week to the company. According to the researcher , ' The vulnerability is easy to exploit and doesn't require a privileged account on the victim's site ,' which could allow remote hackers to steal sensitive inf
Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

May 16, 2017
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017. However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said: "TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month." To some extent, this is good news, but it is terrible news too. Good because now all these upcoming alleged unpatched vulnerabilities will be patched after being disclosed and terrible because the group will sell new zero-day e
Cybersecurity Resources