server security | Breaking Cybersecurity News | The Hacker News

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic . OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. One of the high-severity flaws, CVE-2016-2107 , allows a man-in-the-middle attacker to initiate a " Padding Oracle Attack " that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. A Padding Oracle flaw weakens the encryption protection by allowing attackers to repeatedly request plaintext data about an encrypted payload content. The Padding Oracle flaw ( exploit code ) was discovered by Juraj Somorovsky using his own developed tool c

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Utah State computer systems are experiencing a massive cyber attack on up to 300 Million Hacking attempts per day due to National Security Agency's (NSA) data center in the state. Yes, 300,000,000 hacking attempts in a day! According to the statistical survey, it is evident that the computer systems in the US State of Utah began to experience the hacking attack a few years back, precisely, soon after the NSA revelations by global surveillance whistleblower Edward Snowden. It is a less-known fact that the NSA has built its new data center near the city of Bluffdale, Utah. However, a couple of years back, when Snowden revealed the presence of the data center, the attacks have constantly been going on. The PRISM spying program by Big Brothers at NSA might have shifted the attention of hackers for the retaliation against mass-surveillance and flared up this heightened cyber attacks against the spying agency. According to Utah Commissioner of public safety, Keith S

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks. What Causes the Flaw to occur? The serious bug was actually the result of a code that enables an experimental " roaming " feature in the OpenSSH versions 5.4 to 7.1 in order to let users resume connections. However, The roaming feature contains two different vulnerabilities: An information sharing flaw ( CVE-2016-0777 ) A less harmless buffer overflow flaw ( CVE-2016-0778 ) The vulnerability does not have any catchy name like some previous OpenSSH flaws. Impact of the Vulnerability This new feature can be exploited by hackers, who could use a malicious OpenSSH server to trick a

Juniper Networks has announced that it has discovered " unauthorized code " in ScreenOS , the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs). It's not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of the software date back to at least 2012 and possibly earlier. The backdoor impacts NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, states the advisory published by the company. However, there's no evidence right now that whether the backdoor was present in other Juniper OSes or devices. The issue was uncovered during an internal code review of the software, according to Juniper chief information officer Bob Worrall , and requires immediate patching by upgrading to a new version of the software just released today. &quo

The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before. Why are USB devices dangerous? USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase. USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port. USB devices are cheap and easy to find. If you're in the market for a USB storage device, there

A wave of excitement in The Pirate Bay lovers. After almost two months of untimely and unexpected outage, the infamous torrent-indexing website The Pirate Bay (TPB) made a defiant return on Saturday. The Pirate Bay — a widely popular file-sharing website predominantly used to share copyrighted material free of charge — went dark from the Internet following a raid in Sweden late last year. In response to a complaint from Swedish anti-piracy group Rights Alliance, the police raided The Pirate Bay's server room in Stockholm and seized several servers and other equipment. Though, its almost impossible to keep The Pirate Bay offline for too long, last took down was the longest outage the torrenting site has ever experienced. The site is back one day early based on the countdown timer that was running on the official domain of TPB, i.e. thepiratebay.se . Anyone visiting thepiratebay.se domain today will be welcomed with a functioning site. People are already uploading and downloa

Google introduced a new security tool to help developers detect bugs and security glitches in the network traffic security that may leave passwords and other sensitive information open to snooping. The open source tool, dubbed as Nogotofail , has been launched by the technology giant in sake of a number of vulnerabilities discovered in the implementation of the transport layer security, from the most critical Heartbleed bug in OpenSSL to the Apple's gotofail bug to the recent POODLE bug in SSL version 3. The company has made the Nogotofail tool available on GitHub, so that so anyone can test their applications, contribute new features to the project, provide support for more platforms, and help improve the security of the internet. Android security engineer Chad Brubaker said that the Nogotofail main purpose is to confirm that internet-connected devices and applications aren't vulnerable to transport layer security (TLS) and Secure Sockets Layer (SSL) encry

Till now, he have heard about " Bitcoin digital wallet hacked " or " Bitcoin website hacked ", but now a hacker has stolen cryptocurrency from mining pools and generated $83,000 in digital cash in more than four months by gaining access to a Canadian Internet provider. Bitcoin is a virtual currency that makes use of cryptography to create and transfer bitcoins. Users make use of digital wallets to store bitcoin addresses from which bitcoins are received or sent. Bitcoin uses public-key cryptography so that each address is associated with a pair of mathematically linked public and private keys that are held in the wallet. Researchers at Dell SecureWorks Counter Threat Unit (CTU) , a cyber intelligence company, have discovered a series of malicious activities in which a cryptocurrency thief used bogus Border Gateway Protocol ( BGP ) broadcasts to hijack networks belonging to no less than 19 Internet service providers, including Amazon and other hosting services like DigitalO

Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch Tuesday. According to Microsoft's advisory , The 12 security update including two for Internet Explorer (IE), that will patch a near-record 57 vulnerabilities in the browser, Windows, Office and the enterprise-critical Exchange Server email software. Part of this update will be security patches for every single version of Internet Explorer. Apparently, this is to address a security hole that leaves users open to being exploited through drive-by attacks. Out of the 12 updates, five are considered " critical, " and others are labeled " important, ". As always, the critical patches will automatically install for any Windows users with automatic updates enabled. Two of the

The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure. Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business. Not only does it make you feel safer but it also protects people who visit your home, place of business, or website. It is important to understand the potential risks and then make sure you are fully protected against them. In the fast-paced world of technology, it is not always easy to stay abreast of the latest advancements. For this reason it is wise to partner with a reputable Internet security company. Here we have a very cool guide from  Symantec , This guide will de-mystify the technology involved and give you the information you need to make the