#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

winrar | Breaking Cybersecurity News | The Hacker News

Category — winrar
KILLER! Unpatched WinRAR Vulnerability Puts 500 Million Users At Risk

KILLER! Unpatched WinRAR Vulnerability Puts 500 Million Users At Risk

Sep 30, 2015
Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham , a security researcher at Vulnerability-Lab , the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. The WinRAR RCE vulnerability lie under the ' High Severity ' block, and scores 9 on CVSS ( Common Vulnerability Scoring System ). HOW WINRAR VULNERABILITY WORKS? Let's take a look at its actions. The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the " Text to display in SFX window " section when the user is creating a new SFX file. WinRAR SFX is an executable compressed file type containing one or more file
WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware

WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware

Apr 02, 2014
Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher  Danor Cohen (An7i)   discovered the WinRAR file extension spoofing vulnerability. WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format. Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window. Danor manipulated the second filename and extension to prepare a special Z
9 Steps to Get CTEM on Your 2025 Budgetary Radar

9 Steps to Get CTEM on Your 2025 Budgetary Radar

Nov 06, 2024Threat Management / Business Continuity
Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that the rollout of a viable CTEM ( Continuous Threat Exposure Management ) program actually is . In any year, cybersecurity investments are tough budgetary sells – they're hard to quantify and don't always clearly drive revenues or cut costs. In today's belt-tightening climate, all the more so. Even though cybersecurity budgets will likely grow this year according to Forrester, it's still important to make sure today that CTEM doesn't slip down the budget priority list.  In this article, we'll discuss how to keep CTEM on the budgetary radar. But First – Here are Some Reasons Why CTEM is Objectiv
Expert Insights / Articles Videos
Cybersecurity Resources