The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

About two weeks back, over 40,000 organizations running MongoDB were found unprotected and vulnerable to hackers. Now, once again the users of MongoDB database are at risk because of a critical zero-day vulnerability making rounds in underground market. MongoDB , one of the leading NoSQL databases, is an open-source database used by companies of all sizes, across all industries for a wide variety of applications. By leveraging in-memory computing, MongoDB provides high performance for both reads and writes. 'PhPMoAdmin' ZERO-DAY VULNERABILITY Hacker known by the online moniker, "sp1nlock" has found a zero-day vulnerability in ' phpMoAdmin ', a free, open-source, written in PHP, AJAX-based MongoDB GUI (graphical user interface) administration tool that allows you to easily manage noSQL database MongoDB. According to multiple posts available on the exploit selling underground forums, the phpMoAdmin is vulnerable to a Zero-Day Remote Code Exec

GoPro , the popular wearable high-definition camera manufacturer, has vulnerability in its official website that exposes usernames and passwords of thousand of its customers' wireless network. Action camera maker GoPro manufactures cameras which are compact, lightweight, rugged, and are wearable or mountable on vehicles. GoPro cameras capture still photos or video in HD through a wide-angle lens. GoPro offers a mobile app to its users that gives you full remote control of all camera functions — take a photo, start/stop recording and adjust settings. You need to connect to the wireless network operated by your camera, and the GoPro app gives you instant access to the GoPro Channel to view photos and play back videos, then share your favorites via email, text, Facebook, Twitter and more. FLAW EXPOSES WIRELESS PASSWORD Security researcher Ilya Chernyakov reported The Hacker News team that GoPro camera update mechanism could expose your wireless username and passwor

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

An open source software group, Open Whisper Systems , has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal  app is specifically designed to make secure and easy-to-use encrypted voice calling. But that's what the application was providing in its previous release introduced last July with  Signal 1.0 . Apple's iMessage also provides encrypted communication, but it was challenged by security researchers in 2013, revealing that  Apple controls the key infrastructure  and could, in turn, be compelled to change a key anytime they want, and read the content of your messages. But there was no way to send secure messages from an iPhone iMessage to an Android phone, or vice versa, unless you signed up for a monthly subscription plan and got the person you wanted to communicate with to sign up for it too. GAME CHANGER: SIGNAL 2.0 Signal 2.0 lets you send end-to-end encrypted messages to us

A whole lot of things gone in the official kickoff of Mobile World Congress 2015 , but a unique phone with a curved screen on both sides of the device acquired everybody's attention. That's what unveiled by Samsung late Sunday. Samsung has officially unveiled its next-generation flagship Smartphones — Samsung Galaxy S6 and Samsung Galaxy S6 Edge . This time, the company didn't just focus on the specs and features, but also on design — unique and sleek. 1. EYE-CATCHING PREMIUM DESIGN Both Samsung Galaxy S6 and Samsung Galaxy S6 Edge comes with a sleek glass-and-metal body on the front and back. On one hand, the Samsung Galaxy S6 Edge has a screen that curves around both sides with a comfortable grip, giving the phone a much smarter look. While, the Samsung Galaxy S6 has the most beautiful appearence to ever exist in the entire Samsung's S series. The new Galaxy smartphones are made of 'stronger metal' and comes with the toughest glass, Corning Gorilla

Seagate , a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product , found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world's largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the market worldwide in supplying storage hardware products. A security researcher, named OJ Reeves , discovered the zero-day remote code execution vulnerability on 7th October last year and, reported to the company totally in the white hat style. But even after 130 days of responsible disclosure, the zero-day bug remains unpatched till now. In order to exploit the vulnerability, an atta