The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come up with a solution to the problem and write the code for it, you need to make sure security is kept intact. Cyber attacks are becoming more and more prevalent, and the trend is unlikely to change in the foreseeable future. As individuals, businesses, organizations, and governments become more reliant on technology, cybercrime is expected to only grow. Most of what people do in contemporary society involves the internet, computers, and apps/software. It's only logical for programmers to be mindful of the security aspect of making applications or software. It's not enough for programmers to produce something that works. After ...

Attention WordPress users! Your website could easily get hacked if you are using " Ultimate Addons for Beaver Builder ," or " Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password. What's more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access. Both vulnerable plugins, made by software development company Brainstorm Force, are currently powering over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks, helping website admins and de...

Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world's second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider. According to multiple reports from local media and social media, the police conducted searches and has also detained several employees of the company, including Igor Sysoev , the original developer of Nginx and Maxim Konovalov , another co-founder of the company. Over 30% of the websites on the Internet today, including many of the world's most popular sites like Netflix and Twitch, run on the Nginx server. Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks , an American technology company, for $ 670 million. According to a copy of the complaint shared on Twitter, Rambler accused that Sys...

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines located in these regions. It's notable and interesting because all previous variants of the Vega family, also known as VegaLocker, were primarily targeting Russian speaking users, which indicates Zeppelin is not the work of the same hacking group behind the previous attacks. Since Vega ransomware and its previous variants were offered as a service on underground forums, researchers at BlackBerry Cylance believes either Zeppelin "ended up in the hands of different threat actors" or "redeveloped from bought/stolen/leaked sources." According to a report BlackBerry Cyl...

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits. Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells. However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory. Plundervo...