Security
Headlines
HeadlinesLatestCVEs

Source

The Hacker News

Here's a New Free Tool to Discover Unprotected Cloud Storage Instances

The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.  Nearly every morning, the

The Hacker News
#The Hacker News
Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware

In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.  "Adversaries have set up a phony website that looks

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, and concern a use-after-free flaw in V8 JavaScript

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of two new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designed as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, and concern a use-after-free flaw in V8

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win

ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage

The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.  Nearly every morning, the

New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack

Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another

Cybersecurity Firm Group-IB's CEO Arrested Over Treason Charges in Russia

Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "reason for the search was not yet clear," adding "The decentralized infrastructure