/ Security News /

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker’s choice, potentially …

/ Security News /

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from Dimitri van de Giessen, an ethical hacker and system engineer—is scheduled to be available …

/ Security News /

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw, impacting both desktop and web versions of the app, was discovered by …

/ Security News /

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack — named “IMPersonation Attacks in 4G NeTworks” …

/ Security News /

A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac …

/ Security News /

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stacks of various operating systems …

/ Security News /

Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network. In case you don’t own one of these, Amazon’s Ring Video Doorbell …

/ Security News /

If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the …

/ Security News /

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue affects reverse proxy cache systems like Varnish and some …

/ Security News /

Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services. While manually installing it on your device, have you ever noticed what configurations these messages, technically …