The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
- New Case Study: The Malicious Commentby [email protected] (The Hacker News) on 7 May 2024 at 10:42 am
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a ‘Thank you’ not a ‘Thank you’? When it’s a sneaky bit of code that’s been hidden inside a ‘Thank You’
- Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)by [email protected] (The Hacker News) on 7 May 2024 at 10:02 am
Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called, 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen. The new change entails adding a second step method, such as an
- Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Launderingby [email protected] (The Hacker News) on 7 May 2024 at 9:32 am
A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik and his co-conspirators have been accused of owning and managing
- Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Executionby [email protected] (The Hacker News) on 6 May 2024 at 2:00 pm
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devicesby [email protected] (The Hacker News) on 6 May 2024 at 1:47 pm
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim