#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

download | Breaking Cybersecurity News | The Hacker News

Category — download
If You're Not Using Antivirus Software, You're Not Paying Attention

If You're Not Using Antivirus Software, You're Not Paying Attention

Nov 25, 2021
Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Dec 14, 2020
Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. " SoReL-20M " (short for  So phos- Re versing L abs –  20   M illion), as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable (.PE) files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities. "Open knowledge and understanding about cyber threats also leads to more predictive cybersecurity," Sophos AI group said. "Defenders will be able to anticipate what attackers are doing and be better prepared for their next move." Accompanying the release are a set of  PyTorch  and  LightGBM -based machine learning  models pre-trained
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Nov 01, 2024SaaS Security / Insider Threat
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major vulnerabilities. So, how can CISOs reduce the noise? What misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to security breaches. #1 Misconfiguration: HelpDesk Admins Have Excessive Privileges Risk: Help desk teams have access to sensitive account management functions making them prime targets for attackers. Attackers can exploit this by convincing help desk personnel to reset MFA for privileged users, gaining unauthorized access to critical systems. Impact: Compromised help desk accounts can lead to unauthorized changes to admin-
4 Free Online Cyber Security Testing Tools For 2021

4 Free Online Cyber Security Testing Tools For 2021

Dec 01, 2020
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a  list  of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic increase in disastrous breaches and data leaks during 2020, compromising PII and other sensitive data of millions of victims. These incidents stemmed from sophisticated intrusions by malicious nation-state actors and APT hacking groups, human error, and widespread misconfigurations exposing unprotected cloud storage or databases with confidential data to the Internet. Gartner's security analysts recommend automating laborious security tasks and processes, amid the ongoing shortage of cybersecurity skills, and promptly addressing emerging cloud and containers security risks.  G
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Download Tortilla Tool - Anonymize everything through Tor

Download Tortilla Tool - Anonymize everything through Tor

Jul 17, 2013
Recent disclosures by whistleblower Edward Snowden claiming that internet traffic is being intercepted and used by the Americans in their war on terror, force to re-think about the user's privacy and online anonymity. It has been relatively common knowledge for years that wherever we go on the web, we leave clear tracks, so it shouldn't really have come as much of a surprise to discover this has been going on. The best thing you can do to stay anonymous online is to hide your IP address . If someone knows your IP address, it is the easiest way to trace your online activity back to you and they can easily determine the geographic location of the server that hosts that address and get a rough idea of where you're located. TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Browsing with TOR is a lot like simultaneously using hundreds of different proxies that are randomized periodically.
Patch Efficiently with Automated Patch Management

Patch Efficiently with Automated Patch Management

Jul 15, 2013
You've got to ask yourself one question. How much hassle does patching cause you? Is the second Tuesday of each month something you dread, or is it just another day for you? If you spend days and days testing and deploying patches; if you stay up until the wee hours of the morning one weekend each month; if you have a current profile on every single server in your environment; then patching is likely to be a heavy burden. But there is another way. Patching is not something that should be a major pain each month. It should be a simple and straightforward administrative task. Admins who patch by hand or are worried about some patch crashing critical systems each month should consider automated patch management. This strategy will boost efficiency and give you back your weekends, and ensure that your systems can be patched quickly, efficiently and safely. Automated patch management helps IT admins patch their servers and workstations in the most efficient way possible, by removi
FixMeStick's first to supports Windows 8 with Secure Boot ON

FixMeStick's first to supports Windows 8 with Secure Boot ON

Jun 12, 2013
Windows 8 PCs contain a new technology called Secure Boot that only boots devices that have been verified by Microsoft. Also Microsoft's own Offline Defender won't boot on Windows 8 PCs with Secure Boot on. Neither will Norton's Bootable Recovery Tool. We asked the guys at FixMeStick how their external hardware-based anti-malware device can boot on brand new Windows 8 hardware with Secure boot on, as well as 10 year old PCs with 32 processors running XP. Here's their answer: 1. It got a Master Boot Record. : In other words, it boots on BIOS-based PCs, essentially all PCs prior to Windows 8. 2. and it got UEFI boot partition : It also got a UEFI boot partition, so it will boot on PCs with the latest UEFI firmware too. 3. It's 32 bit : There's a 32 bit operating system on the stick so it will work with 32 bit microprocessors. Most rescue ISOs\disks are 32 bit only, so by default they work on 32 bit processors and 64 bit processors. 4. and it's 64
WiFi Hacking software AirCrack-NG updated after 3 years

WiFi Hacking software AirCrack-NG updated after 3 years

Jun 03, 2013
The Best WiFi hacking suite  AirCrack-NG updated to 1.2 Beta 1 after three years from the last release. Aircrack-ng is a set of tools for auditing wireless networks. New version added a few new tools and scripts (including distributed cracking tool). Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Release Notes: Compilation fixes on all supported OSes. Makefile improvement and fixes. A lot of fixes and improvements on all tools and documentation. Fixed licensing issues. Fixed endianness and QoS issues. Download AirCrack-NG for Linux and For Windows
Download Kali Linux, from the creators of BackTrack

Download Kali Linux, from the creators of BackTrack

Mar 13, 2013
Great news for Hackers and Backtrack Linux fans! The most awaited penetration testing Linux distribution has been released called ' Kali Linux ' or ' Backrack 6 ', from the creators of BackTrack itself. From last 7 years we have seen five awesome versions of Backtrack Linux. But this time to achieve some higher goals, team decided to leave the 4 years old development architecture and ' Kali Linux ' born today. Kali Linux is based upon Debian Linux, instead of Ubuntu and new streamlined repositories synchronize with the Debian repositories 4 times a day, constantly providing users with the latest package updates and security fixes available. Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository. The Kali Li
HTML5 browser exploit can flood your Hard Drive with junk data

HTML5 browser exploit can flood your Hard Drive with junk data

Mar 04, 2013
Feross Aboukhadijeh , 22-year-old Web developer from Stanford has discovered  HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts of data (like 5-10 MB). In a proof-of-concept he was able to full up 1 GB of HDD space every 16 seconds. He created FillDisk.com in order to demonstrate the exploit in HTML5. Once user will visit the website the Web Storage standard allows website to place large amounts of data on your drive. Please note that, It's not a hack and this exploit won't allow attackers to access your computer. However, Web browsers have the ability to limit just how much space websites can dump onto your hard drive. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit. Whereas Chrome, Safari (iOS and desktop), and IE vulnerable to this. You can fin
UbnHD2 : Ubuntu based Pentesting OS for Mobiles

UbnHD2 : Ubuntu based Pentesting OS for Mobiles

Dec 27, 2012
Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS. UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer . Features Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM) X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0 USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum) Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded Download From Sourceforge
Anonymous leaks VMware ESX Server Kernel source code

Anonymous leaks VMware ESX Server Kernel source code

Nov 04, 2012
Anonymous group member "Stun" announce the leak of VMware ESX Server Kernel source code via twitter today. The tweet reads,  " WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED LINK #Anonymous #AntiSec ". VMware ESX is an enterprise-level computer virtualization product offered by VMware. The reason behind this wild leak by anonymous is that, Vmware continue producing on same level again and again which is not a good practice for better Security. " Bullshitting people and selling crap. But it's time for Anonymous finally to deliver. Ofc VMware will try to make like this Kernel is old and isn't used in its recent products. But thanks god, there is still such as thing as reverse engineering that will prove it's true destiny. " Hacker said. A 1.89 MB uploaded on torrent and titled "VMware ESX Server Kernel LEAKED". I have download the archive and file inside archive as shown above. Dump seems to be produced by revers
Firefox 16.0.2 available, Cross site scripting attack patched

Firefox 16.0.2 available, Cross site scripting attack patched

Oct 29, 2012
16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code. On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available. Generally Firefox offers 16 power
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources