The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once again discovered a new flaw in the content management software (CMS) that could potentially lead to remote code execution attacks. The flaw stems from a cross-site request forgery (CSRF) issue in the Wordpress' comment section, one of its core components that comes enabled by default and affects all WordPress installations prior to version 5.1.1. Unlike most of the previous attacks documented against WordPress, this new exploit allows even an "unauthenticated, remote attacker" to compromise and gain remote code execution on the vulnerable WordPress websites. "

If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers. A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by exploiting zero-day vulnerabilities in the game client. According to the researchers, Counter-Strike 1.6, a popular game that's almost two decades old, contains unpatched multiple remote code execution (RCE) vulnerabilities in its client software that let attackers execute arbitrary code on the gamer's computer as soon as they connect to a malicious server, without requiring any further interaction from the gamers. It turned out that a Russian gaming server developer, nicknamed 'Belonard,' has been exploiting these vulnerabilities in the wild to promote his business and create a

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). With the AWS Certified Architect Developer Bundle 2019 , you get seven courses and over 51 hours of video tutorials that are working towards official exams. It's worth nearly $1,000, but you can get the training now for only $35 for a limited time . According to Synergy Research , Amazon Web Services has a massive 35% share of the cloud computing market. The platform plays host to millions of clients and dozens of multinationals, including Adobe, LinkedIn, GE, and Netflix. As a certified AWS expert, you put yourself first in line for exciting opportunities at these major companies. AWS Certification Training – 7 In-Depth Online Courses If you're

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send , to the public, allowing users to securely share large files like video, audio or photo files that can be too big to fit into an email attachment. Firefox Send was initially rolled out by Mozilla to test users way back in August 2017 as part of the company's now-defunct "Test Pilot" experimental program. Firefox Send allows you to send files up to 1GB in size, but if you sign up for a free Firefox account, you can upload files as large as 2.5GB in size. The service uses a browser-based encryption technology that encrypts your files before uploading them to the Mozilla server, which can only be decrypted by the recipients. Unlike popul

It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity. The update addresses flaws in Windows, Internet Explorer, Edge, MS Office, and MS Office SharePoint, ChakraCore, Skype for Business, and Visual Studio NuGet. Four of the security vulnerabilities, all rated important, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild. Microsoft Patches Two Zero-Day Flaws Under Active Attack Microsoft has also patched two separate zero-day elevation of privilege vulnerabilities in Windows. Both flaws, also rated as important, reside in Win32k component that hackers are actively exploiting in the wild, including the one that Google warned of last w

Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions. Upon successful exploitation, both critical vulnerabilities could allow an attacker to achieve arbitrary code execution in the context of the current user and take control of an affected system. However, the good news is that the company found no evidence of any exploits in the wild for these security issues, Adobe said. The vulnerability in Adobe Photoshop CC , discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems. Users are recommended

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an advanced security solution from the list below who are unhappy with it and up for renewal in 2019 - can try Cynet for free  here. If they decide to switch to Cynet – they will be reimbursed for the remaining contract with the previous security vendor. The Cynet offer is relevant to companies that have at least 300 endpoints and are currently customers of any of the following solutions: Crowdstrike / Carbon Black / Darktrace / Cylance / Symantec / Fire Eye Endpoint Protection / SentinelOne / Cybereason / CISCO AMP / Trend Micro Apex / Palo Alto Networks Traps. What makes Cynet so sure th