The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It's time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation component , which is being used in Drupal Core and affects Drupal 8.x versions before 8.5.6. Since Symfony—a web application framework with a set of PHP components—is being used by a lot of projects, the vulnerability could potentially put many web applications at risk of hacking. Symfony Component Vulnerability According to an advisory released by Symfony, the security bypass vulnerability originates due to Symfony's support for legacy and risky HTTP headers. "Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rew...

Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing. The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time. The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router. The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 Mikro...

Like many others, do you also believe that the popular system-cleaning tool CCleaner was performing well before Avast acquired the software from Piriform last year? If yes, then pop-up advertisements in the previous CCleaner software version was not the last thing you have to deal with. Avast has released a new version of CCleaner 5.45 that not only always runs in the background, but also collects information about your system without giving you a way to turn the feature off. CCleaner is a popular application, available in both free and premium versions, with over 2 billion downloads that allow users to clean up their Windows, Mac, and mobile devices to optimize and enhance performance. Last year, CCleaner made headlines when it suffered a massive supply-chain malware attack of all times, wherein hackers compromised its servers for over a month and replaced the original version of the software with the malicious one, infecting over 2.3 million users worldwide. CCleaner ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday. The three suspects are believed to be members of the organized Russian cybercrime group known as FIN7 , the hackers group behind Carbanak and Cobalt malware and were arrested last year in Europe between January and June. The suspects—Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30—are all from Ukraine and accused of targeting 120 companies based in the United States, as well as U.S. individuals. The victims include Chipotle Mexican Grill, Jason's Deli, Red Robin Gourmet Burgers, Sonic Drive-in, Taco John's, Chili's, Arby's, and Emerald Queen Hotel and Casino in Washington state. Carbanak (FIN7) Group Charged for Stealing 15 Million Credit Cards According to the press release published ...

Another day, another significant data breach. This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators. Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords. According to Reddit, the unknown hacker(s) managed to gain read-only access to some of its systems that contained its users' backup data, source code, internal logs, and other files. In a post published to the platform Wednesday, Reddit Chief Technology Officer Christopher Slowe admitted that the hack was a serious one, but assured its users that the hackers did not gain access to Reddit systems. "[The attackers] were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API k...