#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

malicious | Breaking Cybersecurity News | The Hacker News

Category — malicious
Ruby on Rails exploit could hijack unpatched servers for botnet

Ruby on Rails exploit could hijack unpatched servers for botnet

May 31, 2013
Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc , Hackers are exploiting a known and patched vulnerability in coding language Ruby on Rails, which allows a remote user to edit the web server's crontab to download a file to the /tmp directory where it is compiled and executed. The exploit that is currently being used by attackers adds a custom cron job (a scheduled task on Linux machines) that executes a sequence of commands. " Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers ," Jarmoc blogged. " There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands ." The original fla
Cyber security scenario according to WebSense

Cyber security scenario according to WebSense

Mar 12, 2013
It's time of stocktaking, principal security firm are proposing their analysis to synthesize actual situation on cyber security, 2012 is widely considered a year when the malware has increased significantly thanks to the contributions of various actors that we will analyze shortly. WebSense has published a new interesting study, 2013 Threat Report , that confirms an extraordinary growth of cyber threats, the data that most of all alert the security community is the increasing number of sophisticated attacks able to elude traditional defense mechanisms. The analysis revealed that technologies most exposed to cyber attacks continue to be mobile platforms and social media, internet is confirmed as primary channel for cyber menaces, let's consider in fact that number of malicious web sites grew nearly 600% and 85% are represented by legitimate web hosts. Another concerning phenomenon is the use of Email as vector for cyber menace, attackers consider this carrier as
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
I hack, reflection on the role of hacker

I hack, reflection on the role of hacker

Jan 25, 2013
The role of hacker is recognized as crucial today in cyber security, these specialists are the nightmare of security experts but their knowledge is fundamental to understand the vulnerabilities of our infrastructures … think like a hacker if you want really protect your system . But hacking is a culture, a way of life that is hard to match ago with the business logic, true hackers don't do this for money, money are fundamental but not all, the must for them is always to put into question their capabilities, try to consistently exceed their limits. Fortunately industry, private business and governments have understood it and have re-evaluated the importance of hackers, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors. Discover vulnerabilities before attackers could exploit them is essential, millions of people and devices are connected to the network, a unique oppo
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Expert Insights / Articles Videos
Cybersecurity Resources