The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the so-called intelligent devices. When it comes to internet-connected devices, smart TVs are the ones that have highly-evolved, giving consumers a lot of options to enjoy streaming, browsing the Internet, gaming, and saving files on the Cloud—technically allowing you to do everything on it as a full-fledged PC. Apparently, in the past few years we have reported how Smart TVs can be used to spy on end users without their explicit consent, how remote hackers can even take full control over a majority of Smart TVs without having any physical access to them, and how flaws in Smart TVs allowed hackers to hijack TV screen . Now most recently, Smart TVs selling under SUPRA brand-name h

If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally's locations—nearly 15% of its restaurants. The impacted restaurants [ name, addresses and exposure dates ] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia. After becoming aware of a "data security issue involving malware" at some Checkers and Rally's locations, the company launched an extensive investigation which r

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u , the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated. The campaign, which dates back to February 26 but was first detected in early-April, has been found delivering 20 different payload versions hosted on various hosting providers. The attack relies on the brute-forcing technique after finding publicly accessible Windows MS-SQL and PHPMyAdmin servers using a simple port scanner. Upon successful login authentication with administrative privileges, attackers execute a sequence of MS-SQL commands on the compromised system to download malicious payload from a remote file server and

Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and course bundles has you covered. Ethical Hacking A to Z Training Bundle MSRP: $1273 - Sale Price: $39 — Memorial Day Sale Price: $15.60 with coupon code WEEKEND60 Although it may sound counterintuitive, the only person who can stop a hacker is another hacker. Known as ethical or "white hat" hackers, these intrepid cyber warriors are in high-demand throughout countless industries, and this training will teach you how to join their ranks through 8 courses and over 45 hours of instruction. The Complete 2019 CompTIA Certification Training Bundle MSRP: $3433 - Sale Price: $69 — Memorial Day Sale Price: $27.60 with coupon code WEEKEND60 There's never been a bet

Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019. The hackers then potentially downloaded database containing Flipboard users' real name, usernames, cryptographically (salted hash) protected passwords and email addresses, including digital tokens for users who linked their Flipboard account to a third-party social media service. According to a breach notification email sent out to affected users and seen by The Hacker News, the company has now reset passwords for all users as a precautionary measure, forcing users to create a new strong password for their accounts. "You can continue to use Flipb

Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what WannaCry and NotPetya like wormable attacks did in 2017. Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and could spread automatically on unprotected systems. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a targeted computer just by sending specially crafted requests to the device's Remote Desktop Service (RDS) via the RDP—without requiring any interaction from a user. Describing the BlueKeep vulnerability as being Wormable

The United States Justice Department has unveiled charges against WikiLeaks founder Julian Assange with 17 new counts on the alleged violation of the Espionage Act by publishing classified information through WikiLeaks website. If convicted for all counts, Assange could face a maximum sentence of 175 years in U.S. prison for his "alleged role in one of the largest compromises of classified information in the history of the United States." Assange was arrested last month in London after Ecuador abruptly withdrew his asylum and later sentenced to 50 weeks in U.K. prison for breaching his bail conditions in 2012. The 47-year-old is currently facing extradition to the United States for his role in publishing thousands of classified diplomatic and military documents on WikiLeaks in 2010 that embarrassed the U.S. governments across the world. Though the previous indictment charged Assange with just one count of helping former Army intelligence analyst Chelsea Manning c