The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month —almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction. The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections. A remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server. Since Microsoft Outlook a

Can you get hacked just by clicking on a malicious link or opening a website? — YES . Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website. Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker. All these five vulnerabilities in Windows Microsoft Graphics were dis

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal , the company today launched a bounty program to reward users for reporting "data abuse" on its platform. The move comes as Facebook CEO Mark Zuckerberg prepares to testify before Congress this week amid scrutiny over the data sharing controversy surrounding Cambridge Analytica, a political consultancy firm that obtained and misused data on potentially 87 million of its users . Through its new " Data Abuse Bounty " program, Facebook would ask users to help the social media giant find app developers misusing data, Facebook announced Tuesday. Similar to its existing bug bounty program, the Data Abuse Bounty program will reward a sum of money to anyone who reports valid events of data collection that violate Facebook's revamped data policies . "This program is complemen

A serious vulnerability has been exposed in "emergency alert systems" that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms. The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes and terrorist attacks. False alarms can create panic and chaos across the city, as witnessed in Dallas last year , when 156 emergency sirens were turned on for about two hours, waking up residents and sparking fears of a disaster. Dubbed " SirenJack Attack ," the vulnerability discovered by a researcher at Bastille security firm affects warning sirens manufactured by Boston-based ATI Systems, which are being used across major towns and cities, as well as Universities, military facilities, and industrial sites. According to Balint Seeber, director of threat research at

Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information. The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached. Facebook stores details of almost every action you have taken and interaction you have engaged in on its platform. What many Facebook users are unaware of, though, is that you can easily download and see all the information Facebook has collected from you in just a few minutes. Here's how to find out what data Facebook has collected over time, including all your past posts, messages, photos, videos and more. Here's how to Download Your Facebook Data: First, sign into Facebook (on a desktop browser, not your mobile). Then, click the drop-down arrow on the top right, and click on "Settings." This will take you to facebook.com/settings, where you will find your "General Account Set