The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity. The update addresses flaws in Windows, Internet Explorer, Edge, MS Office, and MS Office SharePoint, ChakraCore, Skype for Business, and Visual Studio NuGet. Four of the security vulnerabilities, all rated important, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild. Microsoft Patches Two Zero-Day Flaws Under Active Attack Microsoft has also patched two separate zero-day elevation of privilege vulnerabilities in Windows. Both flaws, also rated as important, reside in Win32k component that hackers are actively exploiting in the wild, including the one that Google warned of last w...

Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions. Upon successful exploitation, both critical vulnerabilities could allow an attacker to achieve arbitrary code execution in the context of the current user and take control of an affected system. However, the good news is that the company found no evidence of any exploits in the wild for these security issues, Adobe said. The vulnerability in Adobe Photoshop CC , discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems. Users are recommended ...

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an advanced security solution from the list below who are unhappy with it and up for renewal in 2019 - can try Cynet for free  here. If they decide to switch to Cynet – they will be reimbursed for the remaining contract with the previous security vendor. The Cynet offer is relevant to companies that have at least 300 endpoints and are currently customers of any of the following solutions: Crowdstrike / Carbon Black / Darktrace / Cylance / Symantec / Fire Eye Endpoint Protection / SentinelOne / Cybereason / CISCO AMP / Trend Micro Apex / Palo Alto Networks Traps. What makes Cynet s...

Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software. A new document published by Microsoft on Monday, a day before this month's Patch Tuesday, says just like Windows "automatically installs updates to keep your device secure and running at peak efficiency," the OS will now run another automatic process to uninstall problematic updates. From now on, if you receive the following notification on your device, that means your Windows 10 computer has recently been recovered from a startup failure,first sighted by Windows Latest blog . "We removed some recently installed updates...

One of the most important software companies NGINX , which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks , in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log into your applications at work. NGINX powers over half of the busiest websites in the world. Majority of sites on the Internet today, including The Hacker News, and hundreds of thousands apps, like Instagram, Pinterest, Netflix, and Airbnb are hosted on web servers running NGINX. NGINX web server is the third most widely used servers in the world—behind only Microsoft and Apache, and ahead of Google. In short, the internet as we know it today would not exist without NGINX. F5 Acquires NGINX to Bridge NetOps and DevOps F5 Networks is the industry leader in cloud and security application...

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab. New Phishing Attack Mimics Mobile Browser Animation and Design As you can see in the video, a malicious website that looks like Airbnb pro...

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure actions, workflows, and scheduled tasks, in order to perform some operations on large-scale servers. For example, you can set instructions (if this, then that) on Stackstorm platform to automatically upload network packet files to a cloud-based network analyze service, like CloudShark, in events when your security software detects an intrusion or malicious activity in the network. Since StackStorm executes actions—which can be anything, from the HTTP request to an arbitrary command—on remote servers or services that developers integrate for automated tasks, the pl...

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in. However, the FBI believes that the miscreants likely used a "password spraying" attack where the attackers guessed weak passwords to gain an early foothold in the company's network in order to launch more extensive attacks. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent...

You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability, assigned as CVE-2019-5786 , affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux. Without revealing technical details of the vulnerability, the Chrome security team only says the issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks. What's more worrisome? Google warned that this zero-day RCE vulnerability is actively being exploited in the wild by attackers to target Chrome users. "Access to bug details and links may be kept restricted until a majo...

Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs. However, unfortunately, most companies either don't collect the right telemetry or even when they do, it's practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that. Backstory solves this problem by allowing organizations to privately upload and store their petabytes of "internal security telemetry" on Google cloud platform and leverage machine learning and da...

Security researchers have finally, with "high confidence," linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter , the cyber espionage campaign targeting government, defense, nuclear, energy, and financial organizations around the world was initially uncovered in December 2018 by security researchers at McAfee. At that time, even after finding numerous technical links to the North Korean Lazarus hacking group , researchers were not able to immediately attribute the campaign due to a potential for false flags. Researchers Analysed Sharpshooter's Command Server Now, according to a press release shared with The Hacker News, a recent analysis of the seized code and command...

Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel allows an attacker to manipulate filesystem images without informing the operating system. The flaw could eventually allow an attacker or a malicious program to bypass the copy-on-write (COW) functionality to cause unexpected changes in the memory shared between processes, leading to memory corruption attacks. Copy-On-Write, also referred to as COW, is a resource-management optimization strategy used in computer programming. In general, if any process (destination) requires a file or data that is already in the memory but created by another process (source), both processes can share the ...