#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

How SMBs Can Mitigate the Growing Risk of File-based Attacks

How SMBs Can Mitigate the Growing Risk of File-based Attacks

Oct 02, 2019
Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to medium businesses (SMBs) usually lack the kind of security that protects their larger counterparts, they have a greater risk of being affected. Falling victim to file-based malware can cause enormous problems for SMBs. An attack can damage critical data stored in the organization's computers. Such loss can force a company to temporarily halt operations, resulting in financial losses. If a customer's private and financial information is compromised, the company may also face compliance inquiries and lawsuits. Their reputations could also take a hit, discouraging customers from doing business with them. But despite these risks, SMBs still invest very little in cybersecurity
Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Oct 02, 2019
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz , a 34-year-old resident of California and former Yahoo software engineer, admitted accessing Yahoo internal systems to compromise accounts belonging to younger women, including his personal friends and work colleagues. Once he had access to the users' Yahoo accounts, Ruiz then used information obtained from users' email messages and their account's login access to hacking into their iCloud, Gmail, Facebook, DropBox, and other online accounts in search of more private material. Besides this, Ruiz also made copies of private images and videos that he found in the personal accounts of Yahoo users without their permission and stored them on a private computer a
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Researchers Find New Hack to Read Content Of Password Protected PDF Files

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Oct 01, 2019
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

Oct 01, 2019
If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability , exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites. In a brief security notice published earlier today, Comodo admitted the data breach, revealing that an unknown attacker exploited the vBulletin vulnerability (CVE-2019-16759) and potentially gained access to Comodo Forums database. It's worth noting that Comodo forum was hacked on September 29, almost four days after vBulletin developers released a patch to let administrators address the vulnerability, but the company failed to apply the patches on time. As The Hacker News broke the news last week, an anonymous hacker publicly disclosed details of a critical then-unpatched vulnerability in vBulleti
Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Oct 01, 2019
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks. But rather than relying on visitors' willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users' sessions as possible. In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April , which allowed them to successfully bypass browser's built-in pop-up blocker on iOS devices and hij
Pay What You Wish — 9 Hacking Certification Training Courses in 1 Bundle

Pay What You Wish — 9 Hacking Certification Training Courses in 1 Bundle

Sep 30, 2019
The greatest threat facing most nations is no longer a standing army. It's a hacker with a computer who can launch a crippling cyber attack from thousands of miles away—potentially taking down everything from server farms to entire power grids with a few lines of code. So it should come as no surprise that virtually every major company in both the public and private sector—as well as national security teams and government agencies—are looking for talented and trained professionals who can help them evade these cyber threats. Although it may seem a bit counterintuitive, the only person who can fight back against a hacker is another hacker. Known as ethical or "white hat" hackers, these intrepid cyber warriors are the first and most important line of defense against these nefarious hackers, and they're being paid handsomely for their services. The Complete White Hat Hacker Certification Bundle will teach you everything you need to know in order to join their r
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

Sep 30, 2019
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update— Exim version 4.92.3 —after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2. Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages. This is the second time in this month when the Exim maintainers have released an urgent security update. Earlier this month, the team patched a critical remote code execution flaw (
Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data

Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data

Sep 29, 2019
A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc . With a current market capitalization of over $5 billion, Zynga is one of the world's most successful social game developers with a collection of hit online games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World—with over a billion players worldwide. Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach " Words With Friends ," a popular Zynga-developed word puzzle game, and unauthorisedly access a massive database of more than 218 million users. According to the hacker, the data breach affected all Android and iOS game players who installed and signed up for the 'Words With Friends' game on and before 2nd September this year.
Cybersecurity Resources