#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

Sep 29, 2017
" Always keep your operating system and software up-to-date ." This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks. However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your computer remaining outdated and vulnerable. Researchers from security firm Duo Labs analysed over 73,000 Macs systems and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn't receive any update at all. Apple uses Intel-designed Extensible Firmware Interface (EFI) for Mac computers that work at a lower level than a computer's OS and hypervisors—and controls the boot process. EFI runs before macOS boots up and has higher-level privileges that, if exploited by attackers, could allow EFI malware to control everything without being detecte
Amazon's Whole Foods Market Suffers Credit Card Breach In Some Stores

Amazon's Whole Foods Market Suffers Credit Card Breach In Some Stores

Sep 29, 2017
Another day, another data breach. This time Amazon-owned grocery chain has fallen victim to a credit card security breach. Whole Foods Market—acquired by Amazon for $13.7 billion in late August— disclosed Thursday that hackers were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues like taprooms and full table-service restaurants located within some stores. Whole Foods Market has around 500 stores in the United States, United Kingdom, and Canada. The company did not disclose details about the targeted locations or the total number of customers affected by the breach, but it did mention that hackers targeted some of its point-of-sale (POS) terminals in an attempt to steal customer data, including credit details. The company also said people who only shopped for groceries at Whole Foods were not affected, neither the hackers were able to access Amazon transactions in the security breach. Instead, only certain venu
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Sep 28, 2017
Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have spotted one such malware that infected hundreds of Windows web servers with a malicious cryptocurrency miner and helped cybercriminals made more than $63,000 worth of Monero (XMR) in just three months. According to a report published by ESET today, cybercriminals only made modifications to legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched Windows servers. Although ESET's investigation does not identify the attackers, it reports that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine 'Monero,' a Bitcoin-like
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Dark-Web Drug Dealer Arrested After He Travelled US for World Beard Championships

Dark-Web Drug Dealer Arrested After He Travelled US for World Beard Championships

Sep 28, 2017
United States authorities arrested suspected dark web drug kingpin late last month while he was travelling from his base in France to the United States of America for this year's annual World Beard and Mustache Championships. Gal Vallerius, a 38-year-old French national, was travelling to Austin, Texas, for the competition but was caught by U.S. authorities on August 31 upon landing at Atlanta International Airport on a distribution complaint filed in Miami federal court, The Miami Herald reported Tuesday. Authorities confirmed Vallerius' identity to the online moniker " OxyMonster ," which was previously used to sell drugs on an illegal underground dark web marketplace called Dream Market by searching his laptop that the brown-beard contestant carried with him. Alleged Moderator/Admin Of Dark-Web Dream Market According to Drug Enforcement Administration (DEA) affidavit filed in September, Vallerius was an administrator, senior moderator and vendor on Dream
2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

Sep 28, 2017
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that time, the patch for this kernel flaw was not backported to long-term Linux distributions in kernel 3.10.77. However, researchers at Qualys Research Labs has now found that this vulnerability could be exploited to escalate privileges and it affects all major Linux distributions, including Red Hat, Debian, and CentOS. The vulnerability left "all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable," Qualys said in an advisory published yesterday.
Cybersecurity Resources