The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 4 min 28 sek zpět
Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
Tenable has given the vulnerability the name ConfusedFunction.
"An attacker could escalate their privileges to the Default Cloud Build Service Account and
Kategorie: Hacking & Security
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
Tenable has given the vulnerability the name ConfusedFunction.
"An attacker could escalate their privileges to the Default Cloud Build Service Account and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
"An attacker could exploit a bypass using an API request with Content-Length set
Kategorie: Hacking & Security
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
"An attacker could exploit a bypass using an API request with Content-Length setRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.
"A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and
Kategorie: Hacking & Security
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.
"A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
New Chrome Feature Scans Password-Protected Files for Malicious Content
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.
"We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To that
Kategorie: Hacking & Security
New Chrome Feature Scans Password-Protected Files for Malicious Content
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.
"We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To that Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
How a Trust Center Solves Your Security Questionnaire Problem
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams.
They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
How a Trust Center Solves Your Security Questionnaire Problem
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams.
They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the
Kategorie: Hacking & Security
Telegram App Flaw Exploited to Spread Malware Hidden in Videos
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos.
The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.
"
Kategorie: Hacking & Security
Telegram App Flaw Exploited to Spread Malware Hidden in Videos
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos.
The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.
"Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
How to Reduce SaaS Spend and Risk Without Impacting Productivity
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process.
But this trend has also increased the attack surface—and with
Kategorie: Hacking & Security
How to Reduce SaaS Spend and Risk Without Impacting Productivity
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process.
But this trend has also increased the attack surface—and with The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell.
The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week.
The activity cluster, also
Kategorie: Hacking & Security
Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell.
The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week.
The activity cluster, also Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
"On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company
Kategorie: Hacking & Security
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
"On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza.
Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1).
The high-severity
Kategorie: Hacking & Security
- « první
- ‹ předchozí
- …
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- následující ›
- poslední »