Tuesday, February 18, 2020
The Hacker News

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is...
The Hacker News

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell...
The Hacker News

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws...
The Hacker News

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies

The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant...
The Hacker News

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign...
The Hacker News

Download: Definitive ‘IR Management and Reporting’ Presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a...
The Hacker News

Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary...
The Hacker News

Update Microsoft Windows Systems to Patch 99 New Security Flaws

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the...
The Hacker News

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first...
The Hacker News

Israel’s Ruling Party Likud Exposed Personal Data of All 6.5 Million Voters

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have...
The Hacker News

U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In September 2017, credit reporting agency...
The Hacker News

The Rise of the Open Bug Bounty Project

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be...
The Hacker News

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code...
The Hacker News

Exfiltrating Data from Air-Gapped Computers Using Screen Brightness

It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated...
The Hacker News

Prepare for Cisco, CompTIA, and More IT Certifications with this Bundle

Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates. If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle...
The Hacker News

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or...
The Hacker News

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs

A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported...
The Hacker News

Google Accidentally Shared Private Videos of Some Users With Others

Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the...
The Hacker News

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has...
The Hacker News

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo...

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...