The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems. Adobe Framemaker Adobe Acrobat and Reader Adobe Flash Player Adobe Digital Edition Adobe Experience Manager In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks. Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure ...

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over. Reportedly, Likud shared the entire voter registry with Feed-b, a software development company, who then uploaded it a website (elector.co.il) designed to promote the voting management app called 'Elector.' According to Ran Bar-Zik , a web security researcher who disclosed the issue, the voters' data was not leaked using any security vulnerability in the Elector app; instead, the incident occurred due to negligence by the softw...

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored hacking campaign as the largest hacking case ever uncovered of this type. The four accused, Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊), have also been indicted for their involvement in hacking and stealing trade secrets, intellectual property and confidential information from several other U.S. businesses in recent years. In September 2017, credit reporting agency Equifax disclosed it had become a victim of a massive cyberattack that left highly sensitive data of nearly half of the U.S. population in the hands of hackers. As The Hacker News reported earlier, hackers compr...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as "next-generation penetration testing" or similar services. You be the judge of how successful they will be. Generous venture funds have poured many millions into rapidly spending bug bounty startups that have not replaced Managed Penetration Testing (MPT) services (as some declared). However, these startups have positively improved the price/quality ratio of pen testing services on the global market. Amid the uncertainty for the future of commercial bug bounty platforms, the not-for-profit Op...

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed ' CDPwn ,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network. According to a report Armis research team shared with The Hacker N...

It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly or physically with other computers or network devices. These clever ideas rely on exploiting little-noticed emissions of a computer's components, such as light, sound , heat , radio frequencies , or ultrasonic waves , and even using the current fluctuations in the power lines. For instance, potential attackers could sabotage supply chains to infect an air-gapped computer, but they can't always count on an insider to unknowingly carry a USB with the data back out of a targeted facility. When it comes to high-value targets, these unusual techniques, which may sound theoretica...

Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates. If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle will help you ace nine of the most important exams. You can pick up the training now for only $39 via THN Deals. Over the next few years, the areas of greatest demand in IT will be networking, cloud computing, and cybersecurity. This bundle covers all three topics, with over 100 hours of training. The courses on cloud computing focus on AWS and Microsoft Azure, which are the two biggest platforms right now. You get full prep for four Azure exams and one AWS exam. The bundle also helps you pass three Cisco CCNA exams. If you plan to work with networks at any time, these certifications will serve you well. The final course works towards CompTIA Security+, which covers all the fundamentals of cybersecurity. Many companies now expect ...