The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an advanced security solution from the list below who are unhappy with it and up for renewal in 2019 - can try Cynet for free  here. If they decide to switch to Cynet – they will be reimbursed for the remaining contract with the previous security vendor. The Cynet offer is relevant to companies that have at least 300 endpoints and are currently customers of any of the following solutions: Crowdstrike / Carbon Black / Darktrace / Cylance / Symantec / Fire Eye Endpoint Protection / SentinelOne / Cybereason / CISCO AMP / Trend Micro Apex / Palo Alto Networks Traps. What makes Cynet so sure th

Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software. A new document published by Microsoft on Monday, a day before this month's Patch Tuesday, says just like Windows "automatically installs updates to keep your device secure and running at peak efficiency," the OS will now run another automatic process to uninstall problematic updates. From now on, if you receive the following notification on your device, that means your Windows 10 computer has recently been recovered from a startup failure,first sighted by Windows Latest blog . "We removed some recently installed updates

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

One of the most important software companies NGINX , which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks , in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log into your applications at work. NGINX powers over half of the busiest websites in the world. Majority of sites on the Internet today, including The Hacker News, and hundreds of thousands apps, like Instagram, Pinterest, Netflix, and Airbnb are hosted on web servers running NGINX. NGINX web server is the third most widely used servers in the world—behind only Microsoft and Apache, and ahead of Google. In short, the internet as we know it today would not exist without NGINX. F5 Acquires NGINX to Bridge NetOps and DevOps F5 Networks is the industry leader in cloud and security application

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab. New Phishing Attack Mimics Mobile Browser Animation and Design As you can see in the video, a malicious website that looks like Airbnb pro

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure actions, workflows, and scheduled tasks, in order to perform some operations on large-scale servers. For example, you can set instructions (if this, then that) on Stackstorm platform to automatically upload network packet files to a cloud-based network analyze service, like CloudShark, in events when your security software detects an intrusion or malicious activity in the network. Since StackStorm executes actions—which can be anything, from the HTTP request to an arbitrary command—on remote servers or services that developers integrate for automated tasks, the pl

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in. However, the FBI believes that the miscreants likely used a "password spraying" attack where the attackers guessed weak passwords to gain an early foothold in the company's network in order to launch more extensive attacks. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent

You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability, assigned as CVE-2019-5786 , affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux. Without revealing technical details of the vulnerability, the Chrome security team only says the issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks. What's more worrisome? Google warned that this zero-day RCE vulnerability is actively being exploited in the wild by attackers to target Chrome users. "Access to bug details and links may be kept restricted until a majo