#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

hosting services | Breaking Cybersecurity News | The Hacker News

Category — hosting services
5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

Jan 16, 2019
A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains. Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers. Critical Flaws Reported in Popular Web Hosting Services Yibelo tested all the below-listed vulnerabilities on all five web hosting platforms and found several account takeover, cross-scripting, and in
World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices

World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices

Sep 28, 2016
Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed. If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic. France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week. As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. 1 Tbps DDoS Attack Hits OVH IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
5 Biggest Hosting Companies hacked by Syrian Electronic Army

5 Biggest Hosting Companies hacked by Syrian Electronic Army

Mar 30, 2015
Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks. This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world's leading web hosting companies. The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies. REASON BEHIND HACK According to SEA group, Endurance Group's BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their se
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
GoDaddy Vulnerability Allows Domain Hijacking

GoDaddy Vulnerability Allows Domain Hijacking

Jan 21, 2015
An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery ( CSRF or XSRF) vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company. The vulnerability was reported to GoDaddy on Saturday by Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. Without any time delay, the company patched the bug in less than 24 hours after the blog was published. While managing an old domain registered on GoDaddy, Saccomanni stumbled across the bug and noticed that there was absolutely no protection against CSRF vulnerability at all on many GoDaddy DNS management actions. Cross-Site Request Forgery (CSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. This common but rathe
Expert Insights / Articles Videos
Cybersecurity Resources