Search results for security | Breaking Cybersecurity News | The Hacker News

Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy's cybersecurity strategies, represents a major leap forward in our commitment to digital safety and infrastructure integrity. Key Enhancements in Cybersecurity Comprehensive Threat Intelligence from Recorded Future Recorded Future provides critical security reports, spotlighting potential security breaches and malicious activities. This sophisticated intelligence, allows us to act promptly against threats like Ransomware, APT(Advanced Persistent Threats), C2 (Command and Control) servers, malware, and more Upon thorough evaluation of these reports and confirmation that the implicated accounts are indeed conducting illegal activities a

With the growing number of cyber attacks and data breaches, a number of tech companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Samsung is the latest in the list of tech companies to launch a bug bounty program, announcing that the South Korean electronics giant will offer rewards of up to $200,000 to anyone who discovers vulnerabilities in its mobile devices and associated software. Dubbed Mobile Security Rewards Program , the newly-launched bug bounty program will cover 38 Samsung mobile devices released from 2016 onwards which currently receive monthly or quarterly security updates from the company. So, if you want to take part in the Samsung Mobile Security Rewards Program, you have these devices as your target—the Galaxy S, Galaxy Note, Galaxy A, Galaxy J, and the Galaxy Tab series, as well as Samsung's flagship devices, the S8, S8+, a

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Microsoft has released 13 security bulletins, six of which are considered to be critical, resolving a total of 41 security vulnerabilities in its software this month. Every Windows version Affected: One of the critical vulnerabilities affects all supported version of Windows , including Microsoft's newest Windows 10 operating system, as well as Windows Server 2016 Tech Preview 4. The memory-corruption flaw ( MS16-013 ) could allow a remote attacker to execute arbitrary code as the logged-in user by tricking a user into opening a specially crafted Journal file. This vulnerability would let the attacker run malicious programs on victim's machine, even delete data and create new accounts with full user rights. Administrator accounts are at the greatest risk than users with a fewer user rights account on the system. However, the good news is the vulnerability has not been spotted in the wild. List of All Critical Vulnerabilities Other Critical Secur

By this time, almost every one of you owns at least one internet-connected device—better known as the " Internet of things "—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and also the widespread hacks of insecure CCTV cameras, routers and other internet-connected home appliances. But this did not stop vendors from selling unsecured Internet-connected smart devices, and customers are buying them without giving a sh*t about the security of their smart devices. However, the massive cyber attack on a popular DNS service provider that shut down a large portion of the Internet last year made us all fear about the innocent-looking IoT devices, which surround us every day, but actually, poses a threat to global cyber security. Not anymore! A bipartisan group of senators have now introduced a new bill aimed at securing internet-connected devices b

ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications. DLP solutions, the go-to solution for similar challenges, are ill-equipped to handle these challenges, since they focus on file-based data protection. A new report by LayerX, "Browser Security Platform: Guard your Data from Exposure in ChatGPT" ( Download here ), sheds light on the challenges and risks of ungoverned ChatGPT usage. It paints a comprehensive picture of the potential hazards for businesses and then offers a potential solution: browser security platforms. Such platforms provide real-time monitoring and governance over web sessions, effectively safeguarding sensitive data. ChatGPT Data Exposure: By the Numbers Employee usage of GenAI apps has surge

Oxford University launches Cyber Security Centre Cyber crime is not going away. As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, the opportunities are just too great. The personal information stored on such devices credit card information, drivers' licenses and Social Security numbers is at high risk and is often targeted by criminals because of the price it can bring on the black market. The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime, and to safeguard the trustworthiness of electronically-stored information. In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students. Each year brings its own set of risks and challenges. Another con

The Wi-Fi Alliance today officially launched WPA3 —the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks . WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data. However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic. Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2's technical shortcomings from the ground. What is WPA3? What New Security Features WPA3 Offers? WP

H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you're in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and infrastructure. So, how can you prepare for the imminent onslaught from new and emerging threat groups?  You need a plan. Start with the NIST Cyber Security Framework The good news is you don't have to create your security strategy from scratch. The National Institute of Standards and Technology Cyber Security Framework (NIST CSF) is one of the most respected and widely used standards in the world. While originally designed for critical infrastructure industries, the NIST CSF is flexible enough for organizations of all sizes, sectors, and maturities to use in large part because the framewor

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a  state-sponsored attack  by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI) and other key partners, including Microsoft. It did not identify a specific culprit who might be behind the breach or disclose when the hack exactly took place. However,  The New York Times  and  The Washington Post  reported that the FBI has turned over the investigation to its Russian specialists and that the attack is likely the work of  APT29  (or Cozy Bear) — state-sponsored hackers affiliated with Russia's SVR Foreign Intelligence Service — citing unnamed sources. As of writing, the hacking tools have not been exploited in the wild, nor do they contain zero-day expl

Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The  vulnerabilities  (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020. The company's products had a 33.6% market share in the U.S. last year. The security issues in the doorbell camera allow an attacker to Obtain the administrator password of the camera by simply knowing its MAC address, which is used to identify a device uniquely Inject commands locally to gain root access, and Access audio and video feeds using an unprotected  RTSP  (Real-Time Streaming Protocol) server The doorbell is designed to periodically send heartbeat messages t

On average, organizations  report  using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how robust the app is. Without visibility and control over a critical mass of an organization's entire SaaS app stack, security teams are flying blind. This is why it's important that all SaaS apps across the organization be managed at scale.  While this breadth of coverage is critical, each app has its own characteristics, UI, and terminology. Mitigating these threats requires a deep understanding of all security controls its configurations.  Learn how to automate SaaS security management . Security teams need to map out the entire SaaS ecosystem within the organization, including the core SaaS apps and the numerous additional apps that employees connect to without checking or informing th

Deal with undisclosed terms part of computer maker's ongoing effort to expand, improve information technology, cloud computing offerings. Dell Inc. was hunting for the right computer security company to buy, and on Tuesday, it announced its choice. Dell will buy Atlanta-based SecureWorks Inc. , which has about 3,000 clients and does business in 70 countries worldwide. No purchase price was announced, but SecureWorks had more than $120 million in annual revenue selling security services, software and risk-assessment services for large and small businesses and government agencies. Peter Altabef, president of Dell's $8 billion services business, spared few superlatives in talking about SecureWorks. "It is a wonderful acquisition for us, and it is very strategic," he said. "This was one of the most important strategic efforts that I had under way." SecureWorks gives Dell its own highly regarded data security service to offer to customers, Altabef said. The mo

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an advanced security solution from the list below who are unhappy with it and up for renewal in 2019 - can try Cynet for free  here. If they decide to switch to Cynet – they will be reimbursed for the remaining contract with the previous security vendor. The Cynet offer is relevant to companies that have at least 300 endpoints and are currently customers of any of the following solutions: Crowdstrike / Carbon Black / Darktrace / Cylance / Symantec / Fire Eye Endpoint Protection / SentinelOne / Cybereason / CISCO AMP / Trend Micro Apex / Palo Alto Networks Traps. What makes Cynet so sure th

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security researcher Ben Barnea, who discovered the vulnerabilities, said in a  two-part   report  shared with The Hacker News. The security issues, which were addressed by Microsoft in  August  and  October 2023 , respectively, are listed below - CVE-2023-35384  (CVSS score: 5.4) - Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2023-36710  (CVSS score: 7.8) - Windows Media Foundation Core Remote Code Execution Vulnerability CVE-2023-35384 has been described by Akamai as a bypass for a critical security flaw that Microsoft patched in March 2023. Tracked as  CVE-2023-23397  (C

Today more and more companies are looking for external security researchers to help identify vulnerabilities and weaknesses in their applications through Bug Bounty Programs. While companies like Facebook and Google are paying out hundreds of dollars to researchers for reporting security vulnerabilities, But according to Yahoo! Your email's security worth only $12.50 ! Yahoo is not having very good run in the reputation department when it comes to user security. Researchers at High-Tech Bridge found a few bugs, and were not exactly impressed with Yahoo's reward. They pointed out cross-site scripting (XSS) flaws affecting two Yahoo domains and in return they received $12.50 bounties for each vulnerability they found. This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate T-shirts, cups, pens and other accessories. This isn't exactly a great reward for spending time reporting security vulnerabilities

Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password for every account and application.  Password reuse is both common and risky.  65% of users  admit to reusing their credentials across multiple sites. Another analysis of identity exposures among employees of Fortune 1000 companies found a  64% password reuse rate  for exposed credentials. Pair these findings with the fact that a vast majority  (80%) of all data breaches  are sourced from lost or stolen passwords, and we have a serious problem. In short, a breached password from one system can be used to compromise another. So, what does this all mean for your organization?  The real risk o

Prepare your tools, build your team, defend your country and conquer the World. It is well known that the best way to learn security is hands on. It's the kind of experience you earn in pentest labs or CTF competitions based on challenges or defensive and offensive security and it's aimed at improving your security skills. Every important Information Security conference has a CTF competition, the most prestigious universities host CTF competitions and major companies organize CTFs now and then. Just take a look at Stripe or Mozilla. CTF is everywhere and not just in the InfoSec Industry. The World is changing rapidly, and so is the InfoSec industry along with CTFs. It looks like CTF365 took this task seriously and they promise a brand new approach to CTF competitions that will change everything we know about those competitions. Is not a challenge nor scenario based game. They simply promise to build and internet within The Internet and replicate everything that ex

Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars). Data theft and other online threats presently represent a significant danger for businesses in the UK. Compounding this problem is the economic downturn, which is leading many executives to cancel, defer or downsize security budgets. To highlight the risks facing companies today, Astaro has compiled the following list detailing the five most serious internet security holes. 1. Browser vulnerabilities No provider is immune to the security holes that keep appearing in web browsers. A recent example is the CSS bug that affected Internet Explorer versions 6, 7, and 8 (CVE-2010-3962). This bug targ