The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle offers 93 hours of essential knowledge. You can pick up all 5 courses now for only $39.99 via the THN Store. This bundle focuses on the key skills and certificates the technical recruiters are currently looking for. It would be best if you came away with the knowledge to ace top exams, and the experience to handle real-world challenges. First up, the CCNA Routing & Switching Training helps you master Cisco networks. Professionals with these skills earn around 9% more on average . The AWS Certified Solutions Architect (Associate) covers the most popular cloud computing platform, showing you how to design, configure, and optimize cloud software. Implementing Microsoft Azure Infr...

Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software. The bug ( CVE-2020-3765 ) in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project. Whereas, the second issue ( CVE-2020-3764 ) affecting Adobe Media Encoder, software for encoding and compressing audio or video files, was discovered by Canadian security researcher Francis Provencher. None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, as th...

Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it. That means, from now onwards, at the time of login after entering the account's username and password, every user needs to input a secret six-digit authentication code sent to them via their phone or email. Two-factor authentication is an effective defense because it acts as a deterrent, preventing unauthorized users from gaining acces...

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p...

A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed " Fox Kitten ," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors. "We estimate the campaign revealed in this report to be among Iran's most continuous and comprehensive campaigns revealed until now," ClearSky researchers said . "The revealed campaign was used as a reconnaissance infrastructure; however, it can also be used as a platform for spreading and activating destructive malware such as ZeroCleare and Dustman." Tying the activities to threat groups APT33, APT34, and APT39, the offensive — conducted using a mix of open source and self-developed tools — also facilitated the groups to steal sensitive information...