RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's… [...]

Google Improves Its Password Manager to Boost Security Across All Platforms

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified… [...]

Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud… [...]

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8),… [...]

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide,… [...]

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access… [...]

Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of… [...]

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. On Tuesday June 14, 2022, Microsoft issued Windows updates to address this… [...]

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release… [...]

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking… [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's Weekly threat report is drawn from recent open source reporting. [...]

The NCSC's weekly threat report is drawn from recent open source reporting. [...]

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices. [...]

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host… [...]

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host… [...]

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system… [...]

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system… [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a… [...]

No items
ZuoRAT Can Take Over Widely Used SOHO Routers
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.
A Guide to Surviving a Ransomware Attack
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
Top Six Security Bad Habits, and How to Break Them
Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.