Security
Headlines
HeadlinesLatestCVEs

Tag

#web

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a

The Hacker News
Open in Source
#web#git#auth#ssl#The Hacker News
AccPack Buzz 1.0 Arbitrary File Upload

AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an

Don’t Let Your Domain Name Become a “Sitting Duck”

More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud. "Of those 107,000 malware samples, over 99,000 of

Can GPT-4o Be Trusted With Your Private Data?

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk.

Introducing the MSRC Researcher Resource Center

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the security of our products and services. We’re always looking for ways to build upon this partnership, and with that goal in mind, we are excited to announce the creation of the MSRC Researcher Resource Center.

Criminal Hackers Add GenAI Credentials to Underground Markets

According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.

Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.

Threat actor impersonates Google via fake ad for Authenticator

Only trust official sources they say, but what happens when a Google vetted ad is for a Google product?