πŸ”’
There are new articles available, click to refresh the page.
βœ‡ The Hacker News

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

By: Ravie Lakshmanan β€”
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The
βœ‡ The Hacker News

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

By: Ravie Lakshmanan β€”
Cloud-based repository hosting service GitHub on Friday shared additional details into theΒ theft of GitHub integration OAuth tokensΒ last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure
βœ‡ The Hacker News

The Myths of Ransomware Attacks and How To Mitigate Risk

By: The Hacker News β€”
Today's modern companies are built on data, which now resides across countless cloud apps. ThereforeΒ preventing data lossΒ is essential to your success. This is especially critical for mitigating against rising ransomware attacks β€” a threat thatΒ 57% of security leaders expect to be compromised by within the next year.Β  AsΒ organizations continue to evolve, in turn so does ransomware. To help you
βœ‡ The Hacker News

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

By: Ravie Lakshmanan β€”
Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of DarmstadtΒ saidΒ in a new research paper. The core
βœ‡ The Hacker News

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

By: Ravie Lakshmanan β€”
Zyxel has releasedΒ patchesΒ to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734Β - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's
βœ‡ The Hacker News

Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers

By: Ravie Lakshmanan β€”
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further
βœ‡ The Hacker News

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers

By: Ravie Lakshmanan β€”
A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red CanaryΒ saidΒ in a new report. ChromeLoader is a rogue Chrome browser extension and is typically
βœ‡ The Hacker News

The Added Dangers Privileged Accounts Pose to Your Active Directory

By: The Hacker News β€”
In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do. The actions vary based on the nature of the account but can include anything from setting up new user accounts to shutting down mission-critical systems.
βœ‡ The Hacker News

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

By: Ravie Lakshmanan β€”
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team CymruΒ saidΒ in a new report published Wednesday. "The technical entry bar for the
βœ‡ The Hacker News

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

By: Ravie Lakshmanan β€”
The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the projectΒ saidΒ in an
βœ‡ The Hacker News

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

By: Ravie Lakshmanan β€”
Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for "misrepresenting its privacy and security practices," the company has been banned from
  • There are no more articles
❌