Search results for security | Breaking Cybersecurity News | The Hacker News

EC-Council is launching " CyberLympics " - Olympic games for Cyber Security Global CyberLympics is conceptualized and organized by EC-Council. The goal of the CyberLympics is to raise awareness towards increased education and ethics in information security. The mission of the Global CyberLympics is Unifying Global Cyber Defense through the Games. EC-Council's Global CyberLympics , the world's first ethical hacking championship will be held this September across six continents. The Global CyberLympics is endorsed by the U.N.'s cybersecurity executing arm. The mission behind the games is to foster better cooperation and communication on cybersecurity issues among countries. Global CyberLympics is a series of ethical hacking games comprised of both offensive and defensive security challenges that will take place starting from September across six continents. Teams will vie for regional championships, followed by a global hacking championship round to determine the world's b

China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the government about a critical security vulnerability affecting the broadly used Log4j logging library. The development was disclosed by  Reuters  and  South China Morning Post , citing a report from 21st Century Business Herald, a Chinese business-news daily newspaper. "Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator," Reuters said. "In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms." Tracked as  CVE-2021-44228  (CVSS score: 10.0) and codenamed  Log4Shell  or LogJam, the cat

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Python is an excellent programming language that has rapidly become popular among Hackers, Reverse engineers, software testers, Forensic analyst and Penetration testers. Python is a simple object-oriented and minimalistic language that is easy to learn for novice programmers as well as experienced developers. Most Python programs run on all major operating systems including Windows, Linux, Mac, etc. What makes Python such an effective platform for Security Professional and Hackers? Python supports pre-built extensive libraries that are specifically designed for penetration testing and provide some powerful functionalities. So if you are looking for a most widely used and easy to learn scripting language, go for Python. Here I'm introducing you a Free IT training from Cybrary – Python for Security Professionals . There is nothing wrong if I say that scripting languages like BASH, Perl, and Ruby can not do the same things as Python, but building those ca

Third Security breach at Core Security Technologies Possible Security Breach in Website of Core Security Technologies by sncope Hacker. This is 3rd time when sncope hack and Leak the Passwords of Core Security Technologies. The details of Pentest done by  sncope is available on Pastebin . It include the Login details with hashed passwords and IP address of Users as shown below. Last Time Core Security was Hacked in September 2011 by sncope. That time Hacker defaced the Homepage of Site. Update : According to Core Security Technologies Hacker breached an old Server which is not in use from last 8 Years and there is no sensitive or confidential Information stored on it.  Core Security 's Response about above Attack " There is nothing of importance posted here. Core's active servers, websites or networks were not compromised nor did the information recently posted contain information residing on those systems. In fact, the information is from a third-party server with

Hey readers, guess what? The Hacker News (THN) is about to complete its 6 years as a leading Information Security Channel – attracting over 9 Million readers worldwide – and a trusted source for Hacking, Cyber Security and Infosec News for the enthusiasts, technologists & nerds. In the special occasion of this year's Anniversary, The Hacker News is excited to announce the launch of its THN Deals Store ! THN Deals Store aims to give anything you need to take your potential to the next level, and that too, at amazingly good prices and incredible discounts. In fact, we even have a bunch of freebies and giveaways for our readers. THN Deals Store is packed with great deals on everything from Online Cyber Security and Hacking Courses to gear and gadgets , downloadable Security Products, privacy services, IT Certification Preparation Courses , programming courses and even drones. So, if you are searching for a great deal for anything you need, Welcome to the THN Deals St

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The " Regulations on the Management of Network Product Security Vulnerability " are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks. "No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities," Article 4 of the regulation states. In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being disclos

Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there's no solid evidence yet available, an article published by WSJ claims  that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab. Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky. "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," Kaspersky said in a statement. The NSA contractor working with the American intelligence agency, whose identity has not yet been disclosed, reportedly do

PayPal will Pay Security Researchers for finding Vulnerabilities Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner. If you manage to find a security flaw in any of PayPal's products, you may be entitled to a cash reward. " I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program, " PayPal's Chief Information Security Officer Michael Barrett said in a  blog post  on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering. PayPal plans to categorize reported bugs into one of four categories: XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), SQL Injection or Authentication Bypass  Researchers need to have a verified PayPal account in order to receive the monetary rewards. " I original

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up.  According to the latest reports , cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry." "Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner  tweeted . "Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers." Microsoft's security intelligence team, in a separate tweet,  confirmed  that it has begun "blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers.&q

First time ever in the History, Apple Inc. has pushed out an automatic security update for Macintosh OS X computers to address a critical security issue that, according to the company, was too risky to wait for users to patch after seeking their prior approval. Despite having the ability for years to silently and automatically update its users computers, Apple typically asks its users' permission to approve them manually or automatically before installing any security update of this kind. But, the company has exercised its ability for the very first time to patch a critical security flaw in a component of its OS X operating system called the Network Time Protocol (NTP) . This newly discovered security vulnerability, assigned CVE-2014-9295, became public late last week and affects all operating systems, including OS X and other Linux and Unix distributions, running versions of NTP4 prior to 4.2.8. NTP is used for synchronizing clocks between computer systems and across the globa

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ' BlueKeep ' RDP vulnerability. Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181 , CVE-2019-1182 , CVE-2019-1222 , and CVE-2019-1226 , can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction. Just like BlueKeep RDP flaw , all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically. "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RD

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Autonomous XDR company Cynet, a provider of an automated breach protection platform and MDR service for even the smallest security teams, is conducting a webinar with well-known vCISO Brian Haugli to understand the common challenges faced by CISOs with small security teams [ register here ]. In the first part of the webinar, Haugli will share the four foundational risks that are common across most companies he helps. He will then discuss the most common pieces of advice he provides across the companies he serves. Haugli will also share a situation

The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.  Nearly every morning, the headlines are full of sensational news about tens of millions of health or financial records being found in unprotected cloud storage like AWS S3 buckets, Microsoft Azure blobs or another cloud-native storage service by the growing number of smaller cloud security providers.  ImmuniWeb, a rapidly growing application security vendor that offers a variety of AI-driven products, has announced this week that its free  Community Edition , running over 150,000 daily security tests, now has one more online tool –  cloud security test . To check your unprotected cloud storage, you just need to enter your

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application Development report ( PDF ), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015. The security researchers crawled popular web scripting languages including PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, iOS, and COBOL, scanning hundreds of thousands of applications over the last 18 months. Also Read:  A Step-by-Step Guide — How to Install Free SSL Certificate On Your Website Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest. Here's the Top 10 List:

A recently open-sourced network mapping tool called  SSH-Snake  has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández  said . "The worm automatically searches through known credential locations and shell history files to determine its next move." SSH-Snake was first released on GitHub in early January 2024, and is described by its developer as a "powerful tool" to carry out  automatic network traversal  using SSH private keys discovered on systems. In doing so, it creates a comprehensive map of a network and its dependencies, helping determine the extent to which a network can be compromised using SSH and SSH private keys starting from a particular host. It also supports  resolution of domains  which have multiple IPv4 addresses. "It's comp

If there is one thing the past few years have taught the world, it's that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it's also not entirely feasible for many. Attackers are better than ever at slipping in undetected, and threats are constantly evolving.  Teams can't afford to take a minute off, but they also can't manage the massive security necessary to defend most organizations. A new eBook by XDR provider Cynet ( download here ) breaks down this challenge and offers some solutions for lean security teams looking for ways to improve their detection and response capabilities.  The guide strikes an optimistic tone for lean IT security teams. Though the challenges are expansive – including talent shortages, an ever-expanding threat surface, and rising security tool prices – organizations can still find smart and effective ways to stay protected 24x7. Why 2

Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. It's a little surprise — managements are typically not security savvy and don't really care about the bits and bytes in which the security pro masters. Cynet addresses this gap with the IR Reporting for Management PPT template , providing CISOs and CIOs with a clear and intuitive tool to report both the ongoing IR process and its conclusion. The IR for Management template enables CISOs and CIOs to communicate with the two key points that management cares about—assurance that the incident is under control and a clear understanding of imp

Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - https://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html Now, RSA Release Open Letter to RSA Customers , as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted

OSSAMS - Open Source Security Assessment Management System As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to solve this problem, and we are calling it Open Source Security Assessment Management System (OSSAMS). OSSAMS is a framework for putting configuration files, security scan data files (like Nessus), and other data collected, during a security assessment or penetration test, into a RDBMS. The framework is going to be designed in a fashion similar to Metasploit, SNORT, or other systems that allow the security community to create plugins for new tasks as needed. The primary goal of OSSAMS is to normalize the data, there by allowing the security professional to better assess the current state of security for an organization. Completed: acunetix, burp, grendel, nessus, netsparker, nexpose commu