#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

security vulnerability | Breaking Cybersecurity News | The Hacker News

Category — security vulnerability
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Jul 29, 2021
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI)  noted . "However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system." The top 30 vulnerabilities span a wide range of software, including remote work, virtual pri...
New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

Oct 10, 2019
Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against the rapidly evolving threat landscape. Finding the right solution is everything but an easy task. Part of what makes it hard is the tremendous number of security vendors that offer an infinite number of security products, promising that each can solve all the cyber problems of the planet with one hand tied behind its back. These CISO/vendor encounters are the theme of six short humoristic videos released this week that take them to the ultimate extreme. Here is one of the videos: If you want, you can watch all 6 funny videos here . These videos were partly inspired by David Spark...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

Jul 30, 2019
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week with the release of the latest iOS 12.4 update . Four of these vulnerabilities are "interactionless" use-after-free and memory corruption issues that could let remote attackers achieve arbitrary code execution on affected iOS devices. However, researchers have yet released details and exploits for three of these four critical RCE vulnerabilities and kept one (CVE-2019-8641) private because the latest patch update did not completely address this issue. The fifth vulnerability (CVE-2019-8646), an out-of-bounds re...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Mar 26, 2019
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system. According to the advisory , just opening a maliciously crafted web content using any vulnerable WebKit-based application could allow remote attackers to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device. Among the WebKit vulnerabilities include a consistency issue (CVE-2019-6222) that allows malicious websites to potentially access an iOS device microphone without the "microphone-in-use" indicator being shown. A similar vulnerability (CVE-2019-8566) has been patched in Apple's Replay...
Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Jan 08, 2019
Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world—said it would now pay up to $2 million for remote iOS jailbreaks and $1 million for exploits that target secure messaging apps. Get $2 Million for Remotely Jailbreaking An iPhone Previously, Zerodium was offering $1.5 million for persistent iOS jailbreaks that can be executed remotely without any user interaction (zero-click)—but now the company has increased that amount to $2 million. The company is now offering $1.5 million for a remote iOS jailbreak that requires minimal user interaction (i.e., single-click)—the amount h...
Expert Insights / Articles Videos
Cybersecurity Resources