Eskenzi PR ad banner Eskenzi PR ad banner


We report on the latest Hacking News in the UK, US and the world. Follow IT Security Guru for regular news, updates and interviews in hacking from our team of editors. Read our latest articles relating to computer and cyber hacking from a team of IT security experts, including ethical hackers and penetration testing. For any queries relating to Hacking News, please contact our editorial team at [email protected]

Synopsys discover new vulnerability in Pluck Content Management System

Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with ease of use and simplicity in mind, Pluck is best suited for running a small website. Pluck CMS features an “albums” module. Albums are used to create collections of images that can be inserted into web...

Read more
Ferrari Data Breach: The Industry has its say

Apparently, the team at Ferrari may not have been up to speed with the latest ways to ensure your security is top priority. It was announced on Monday via a statement uploaded to their website that Ferrari was “recently contacted by a threat actor with a ransom demand related to certain client contact details”. Ferrari then went on to say that it “will not be held to ransom” and that the best course of action...

Read more
Serious API security flaws now fixed in could affect many more websites

Salt Security, the API security company, has released new threat research from Salt Labs highlighting several critical security flaws in The now remediated flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilised by, which had the potential to affect any users logging into the site through their Facebook accounts.   The OAuth misconfigurations could have allowed for both large-scale account takeover (ATO) on customers’ accounts and server compromise,...

Read more
Over 8000 VNC instances left exposed, researchers find

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is...

Read more
Armis discloses critical vulnerability that allows remote takeover of Schneider Electric industrial controllers

Researchers at Armis, the unified asset visibility and security platform provider, have disclosed the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). The vulnerability, dubbed Modipwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series. Millions of devices use these PLCs and are now deemed to be at...

Read more
Cerberus Christian Espinosa Book Review

Growing up was not easy for entrepreneur, Iron Man and author, Christian Espinosa. “I played football, but I was also smart, but I also liked heavy metal, so I felt out of place from each particular clique” Espinosa revealed reminiscing on his formative years. As a response to various socio-economic difficulties beyond control, Espinosa’s mindset changed dramatically as he threw himself at every challenge and character development opportunity, trying to be the best he could...

Read more
Data Breach image

To lean on the cliché, these unprecedented times have brought about significant challenges for everyone. Practically every organisation, person and industry has been forced to make unexpected changes and significant sacrifices in a variety of different forms. The rush to equip organisations and employees with the tools needed to work from home has greatly exacerbated the already underlying condition of poor cybersecurity hygiene. While businesses and individuals were focused on staying safe and operational, cybercriminals...

Read more
Credit card shopping online

Research has revealed that the likes of Costco, Walmart and The Home Depot are more at risk to web-based cyberattacks then compared to their EU counterparts, according to findings from Outpost24. In a year that saw a global pandemic leading to a 30% surge in online shopping and exponential growth in cybersecurity threats for enterprises, Outpost24 analysed the web application attack surface for 20 of the biggest retailers in Europe and the US to evaluate...

Read more
DBIR 2020

by Eoin Keary, CEO and founder of Edgescan: For the third year running Edgescan contributed to the Verizon DBiR. The DBiR is recognized as the defacto cyber report which casts a wide net across all types of cyber security and breaches, this includes vulnerability management in both infrastructure and applications. Edgescan vulnerability data is curated and validated, sanitised and reflects tens of thousands of assessments we deliver globally across the full stack to our clients. As stated by...

Read more
Phishing username and password

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals' tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication. Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign's main goal is to steal user information to be used as leverage to extort a Bitcoin ransom. Here's cybersecurity experts' advice and...

Read more
Page 1 of 4 1 2 4