#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Windows | Breaking Cybersecurity News | The Hacker News

Category — Windows
Malware threat to Opera users, Trojan signed with a stolen certificate

Malware threat to Opera users, Trojan signed with a stolen certificate

Jun 27, 2013
On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. " On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised." "We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments ." said in a post on the Opera Security Blog. Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. Opera plans to roll out a new version of its
Windows zero day vulnerability publicly exposed by Google engineer

Windows zero day vulnerability publicly exposed by Google engineer

May 23, 2013
A Google security engineer has not only discovered a Windows zero-day flaw, but has also stated that Microsoft has a knack of treating outside researchers with great hostility. Tavis Ormandy , a Google security engineer, exposed the flaw on Full Disclosure , that could be used to crash PCs or gain additional access rights. The issue is less critical than other flaws as it's not a remotely exploitable one. Ormandy said on Full Disclosure, " I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation. ". He's been working on it for months, and according to a later post, he has now a working exploit that " grants SYSTEM on all currently supported versions of Windows. "  " I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools ," Ormandy adds. Microsoft acknowledged
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Microsoft will roll out fix for two critical flaws in Windows and Internet Explorer

Microsoft will roll out fix for two critical flaws in Windows and Internet Explorer

Apr 06, 2013
Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important. The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.  The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations. The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software a
cyber security

2024 State of SaaS Security Report eBook

websiteWing SecuritySaaS Security / Insider Threat
A research report featuring astonishing statistics on the security risks of third-party SaaS applications.
Patch released for critical Adobe vulnerabilities

Patch released for critical Adobe vulnerabilities

Feb 20, 2013
Today Adobe released a patch for two critical vulnerabilities (CVE-2013-0640 and CVE-2013-0641) that are already being exploited by attackers. Adobe released version 11.0.02 of its Adobe Reader and Adobe Acrobat Pro applications.  Vulnerabilities affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. " These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system ." security advisory  reads . Exploits were discovered by security company FireEye and researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. Users can update the software through the built-in updater or by downloading a copy of the  Windows ,  Mac , or  Linux  installer directly from Adobe's website. 
Hackers release Windows Phone 8 Malware - to be showcased at MalCon

Hackers release Windows Phone 8 Malware - to be showcased at MalCon

Nov 10, 2012
It's be Just hours Windows Phone 8 has been released - and hackers have already dished out a malware prototype for the platform. Windows Phone 8 is the second generation of the Windows Phone mobile operating system. Windows Phone 8 Microsoft's latest in mobile OS technology - comes in as a direct competition to rivals Apple and Google. The research firm Gartner indicates that by 2016 the increase in Windows Phone users will slightly fall below Apple`s iOS users. To be showcased at the International Malware Conference, MalCon - on 24th November in India, the prototype has been created by Shantanu Gawde, who has previously created a malware that utilized the famed Xbox Kinect. Windows Phone 8 replaces its previously Windows CE-based architecture with one based on the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms. While no further details of the malware are available at this point of time, it will
Windows website loophole allow anyone to get WIndows 8 in just $14.99

Windows website loophole allow anyone to get WIndows 8 in just $14.99

Oct 30, 2012
Windows 8 launched in 37 languages and 140 worldwide markets, as the tech giant unveiled the new version of its computer operating system. The OS is now available in over 30 certified devices, and a broad selection of local apps are already available in the onboard Windows Store. It is also available for download onto PCs and other devices running previous iterations of Microsoft's Windows OS. Microsoft is currently running a special promotion upto 31st of January 2013, under which you can upgrade to Windows 8 Pro Edition for a very small amount. If you have purchased / are going to purchase a Personal Computer which is pre-loaded with genuine version of Windows 7 (any edition), then you are eligible to get Windows 8 Upgrade (Pro Edition) for $14.99 (US Dollar) or £14.99 (British Pounds) or €14,99 (Euros) or INR 699 (Indian Rupees). But because of a flaw in website providing promo code, now anyone is able to get the promo code, using which user can updrade his windows with
Security Flaw in Mac Safari Remains Unfixed for Two Years, Experts Concerned

Security Flaw in Mac Safari Remains Unfixed for Two Years, Experts Concerned

Nov 03, 2010
Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani's work developing what's known as a "carpet bomb" attack, the security researcher said in an interview Monday. "I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else." That turned out to be the wrong assessment. Soon after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X. Nobody has shown how to do this on the Mac OS X version of Safari, but Dhanjani still thinks Apple should fix the issue on both platforms. In a carpet bomb attack, the victim visits a malicious website, which then starts downloading unau
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources