Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is...
OpenSSH now supports FIDO U2F security keys for 2-factor authentication
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol.
OpenSSH, one of the most widely used open-source implementations of the Secure Shell...
A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched.
All SweynTooth flaws...
U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies
The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant...
500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign...
Download: Definitive ‘IR Management and Reporting’ Presentation Template
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a...
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary...
Update Microsoft Windows Systems to Patch 99 New Security Flaws
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities.
According to the advisories, 12 of the...
Adobe Releases Patches for Dozens of Critical Flaws in 5 Software
Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first...
Israel’s Ruling Party Likud Exposed Personal Data of All 6.5 Million Voters
An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have...
U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach
The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans.
In September 2017, credit reporting agency...
The Rise of the Open Bug Bounty Project
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.
The once skyrocketing bug bounty industry seems to be...
5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code...
Exfiltrating Data from Air-Gapped Computers Using Screen Brightness
It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed.
In recent years, several cybersecurity researchers demonstrated...
Prepare for Cisco, CompTIA, and More IT Certifications with this Bundle
Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates.
If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle...
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices.
Whether it's about exploiting operating system and software vulnerabilities or...
This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways.
When combined together, the reported...
Google Accidentally Shared Private Videos of Some Users With Others
Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users.
The latest privacy mishap is the...
Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has...
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo...
Sensitive plastic surgery images exposed online
Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.
Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
12 hottest new cybersecurity startups at RSA 2020
Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...
Hundreds of Millions of PC Components Still Have Hackable Firmware
The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.
Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites
Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker.
The problem lies with versions 1.3.4 and...
