cyber security | Breaking Cybersecurity News | The Hacker News

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to provide customer support and chat with visitors through their websites. Discovered by cybersecurity researchers at Alert Logic , the flaw originates because of an improper validation check for authentication that apparently could allow unauthenticated users to access restricted REST API endpoints. As described by researchers, a potential remote attacker can exploit exposed endpoints for malicious purposes, including: stealing the entire chat history for all chat sessions, modifying or deleting the chat history, injecting messages into an active chat session, posing as a custome

Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim —two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems. On Linux systems, Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents. Since Neovim is just an extended forked version of Vim, with better user experience, plugins and GUIs, the code execution vulnerability also resides in it. Code Execution Flaw in Vim and Neovim Razmjou discovered a flaw in the way Vim editor handles "modelines," a feature that's enabled-by-default to automatically find and apply a set of custom pref

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint , the vulnerabilities reside in the administrative panel of Ministra TV platform, which if exploited, could allow attackers to bypass authentication and extract subscribers' database, including their financial details. Besides this, the flaws could also allow attackers to replace broadcast and steam any content of their choice on the TV screens of all affected customer networks. Ministra TV platform, previously known as Stalker Portal, is a software written in PHP that works as a middleware platform for media streaming services for managing Internet Protocol television (IPTV), video-on-demand (VOD) and over-the-top (OTT) content, licenses and their subscribers. Deve

As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which they display relevant advertisements, content, and promotions on the websites you visit. Which makes sense as no one likes to waste time in watching advertisements and offers that are not of one's interest. However, since tracking cookies gather way more information without requiring users' explicit permissions and there is no control over how companies would use it, the technique also poses a massive threat to users' online privacy. To limit this extensive tracking, Mozilla included the "Enhanced Tracking Protection" option as an experimental feature in Octo

A security researcher who last year bypassed Apple 's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission ("allow" or "deny") from users before accessing sensitive data or components on the system, including the device camera or microphone, location data, messages, and browsing history. For those unaware, 'Synthetic Clicks' are programmatic and invisible mouse clicks that are generated by a software program rather than a human. MacOS itself has built-in functionality for synthetic clicks, but as an accessibility feature for disabled people to interact with the system interface in non-traditional ways. So, the feature is only available for Apple-approved apps, preventing ma

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u , the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated. The campaign, which dates back to February 26 but was first detected in early-April, has been found delivering 20 different payload versions hosted on various hosting providers. The attack relies on the brute-forcing technique after finding publicly accessible Windows MS-SQL and PHPMyAdmin servers using a simple port scanner. Upon successful login authentication with administrative privileges, attackers execute a sequence of MS-SQL commands on the compromised system to download malicious payload from a remote file server and

Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019. The hackers then potentially downloaded database containing Flipboard users' real name, usernames, cryptographically (salted hash) protected passwords and email addresses, including digital tokens for users who linked their Flipboard account to a third-party social media service. According to a breach notification email sent out to affected users and seen by The Hacker News, the company has now reset passwords for all users as a precautionary measure, forcing users to create a new strong password for their accounts. "You can continue to use Flipb

Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data breaches targeting large enterprises that resulted in the theft of the personal and financial records of millions of customers. Falling victim to cyber attacks can deal with a major financial blow to businesses as the cost of dealing with an attack has risen to $1.1 million on the average. It can even be more devastating for small to medium-sized businesses. 60 percent of these smaller operations close within six months after failing to recover from cyber attacks. But aside from these monetary costs, companies can also lose credibility and their customers' confidence. Needless to say, businesses must improve the protection of their infrastructures

Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10 , the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released. AngryPolarBearBug2 Windows Bug One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object. Upon successful exploitation, an attacker can del

High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is less commonly known is that by following basic and well-defined practices and wise security product choices, any organization can level up its defenses to a much higher standard. "At the end of the day it comes down to strategic planning," says Eyal Gruner, CEO and co-founder of Cynet, "rather than thinking in term of specific product or need, zoom out and breakdown the challenge to its logical parts – what do you need to do proactively on an on-going basis, while you're under attack and when you manage a recovery process." From the various frameworks of security b

Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its production version. Founded by Jeff Atwood and Joel Spolsky in 2008, Stack Overflow is the flagship site of the Stack Exchange Network. With 10 million registered users and over 50 million unique visitors every month, Stack Overflow is very popular among professional and enthusiast programmers. In an older version of the announcement published by Mary Ferguson, VP of Engineering at Stack Overflow, the company confirmed the breach but said it did not find any evidence that hackers accessed customers' accounts or any user data. However, the updated announcement now says that after

The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called "The Community" and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a method known as "SIM Swapping." According to the 15-count indictment unsealed today, five Americans and an Irishman related to The Community hacking group are charged with conspiracy to commit wire fraud, as well as wire fraud and aggravated identity theft. Another three Americans, who reportedly are the former employees of mobile phone providers, are charged in a criminal complaint with the wire fraud. SIM Swapping , or SIM Hijacking , is a type of identity theft that typically involves fraudulently porting of the same number to a new SIM card belonging to the attacker. In SIM swapping, attackers social engineer a victim's mobile phone provider by convincing it

The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim Young, and Zhou Zhihong—are charged with four counts of conspiracy to commit fraud, wire fraud, and damage to a protected computer, according to an indictment [ pdf ] unsealed today in federal court in Indianapolis. In 2015, the hackers managed to breach Anthem, the country's second-largest health insurance company and stole personal information of over 80 Millions of its customers, including their Social Security Numbers, birthdates, email addresses, residential addresses, medical identification numbers, employment information, and income data. The incident marked as one of the worst data breaches in history, with the company paying

Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com , for over last seven months, researchers found that the attackers have been injecting malicious JS scripts hosted on this domain into hundreds of online shopping websites. The JavaScript scripts in question include the digital credit card skimming code that when execute on a site, automatically steal payment card information, such as credit card owner name, credit card number, expiration time, CVV information, entered by its customers. In an email Interview, NetLab researcher told The Hacker News that they don't have enough data to determine how hackers infected affected websites on the first place or what vulnerabilities they exploited, but did confirm that all affected

For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in exchange for the decryption keys use to unlock the files. The ransomware attack on the Baltimore City Hall took place on Tuesday morning and infected the city's technology systems with an unknown ransomware virus, which according to government officials, is apparently spreading throughout their network. According to new Baltimore Mayor Bernard C. Jack Young, Baltimore City's critical public safety systems, such as 911, 311, emergency medical services and the fire department, are operational and not affected by the ransomware attack. Young also says the city technology officials are

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing. News of the hack comes just hours after Zhao tweeted that Binance has "to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours." According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that's connected to the Internet), which contained about 2% of the company's total BTC holdings, and withdraw stolen Bitcoins

The saying that there are two types of organizations, those that have gotten breached and those who have but just don't know it yet, has never been more relevant, making the sound incident response a required capability in any organization's security stack. To assist in this critical mission, Cynet is launching a free IR tool offering, applicable to both IR service providers in need of a powerful, free incident response platform , and to organizations that either suspect security incidents and want to get immediate visibility into what happened, or that know they have a breach and need to respond immediately. The Cynet Free IR tool offering for IR providers can be accessed here . The Cynet Free IR tool offering for organizations can be accessed here . Incident response is about getting two things done as fast as possible: accurately knowing breach scope and impact; ensuring that all malicious presence and activity are eliminated. Cynet introduces unmatched speed and effi

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting

Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time. Google's Location History feature, if enabled, allows the company to track locations that you have visited, while Web and App Activity tracks websites you have visited and apps you have used. Until now, Google allowed you to either altogether disable the Location History and Web and App Activity feature or manually delete all or part of that data, providing no controls for regular deletion so that users can manage their data efficiently. However, an AP investigation last year revealed that even if you turn off the Location History feature in all your accounts, Google services on Android and iPhone devices continue to trac