The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 55 min 24 sek zpět

Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords

16 Prosinec, 2017 - 09:36
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’
Kategorie: Hacking & Security

FCC Just Killed Net Neutrality—What Does This Mean? What Next?

15 Prosinec, 2017 - 20:58
Net neutrality is DEAD—3 out of 5 federal regulators voted Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs
Kategorie: Hacking & Security

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

15 Prosinec, 2017 - 09:49
Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that
Kategorie: Hacking & Security

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

14 Prosinec, 2017 - 11:15
The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old
Kategorie: Hacking & Security

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices

14 Prosinec, 2017 - 10:20
Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take
Kategorie: Hacking & Security

Password Stealing Apps With Over A Million Downloads Found On Google Play Store

13 Prosinec, 2017 - 11:57
Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services, malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from
Kategorie: Hacking & Security

ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced

12 Prosinec, 2017 - 20:10
A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on
Kategorie: Hacking & Security

Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online

12 Prosinec, 2017 - 15:36
Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released
Kategorie: Hacking & Security

Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak

12 Prosinec, 2017 - 08:42
As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption
Kategorie: Hacking & Security

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

11 Prosinec, 2017 - 19:24
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker, which has been
Kategorie: Hacking & Security

Get the Ultimate 2018 Hacker Bundle – Pay What You Want

11 Prosinec, 2017 - 13:37
Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical
Kategorie: Hacking & Security

THN Weekly Roundup — Top 10 Stories You Should Not Miss

11 Prosinec, 2017 - 10:45
Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft's Windows operating
Kategorie: Hacking & Security

Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability

10 Prosinec, 2017 - 16:48
Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim's PC. Enabled by default, Microsoft Malware Protection Engine offers the core cybersecurity capabilities, like scanning, detection, and cleaning, for the company's
Kategorie: Hacking & Security

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

9 Prosinec, 2017 - 11:57
HP has an awful history of 'accidentally' leaving keyloggers onto its customers' laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes by
Kategorie: Hacking & Security

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

9 Prosinec, 2017 - 10:30
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to
Kategorie: Hacking & Security

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

7 Prosinec, 2017 - 20:31
A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The vulnerability was discovered by researchers of the Security and Privacy Group at the University of Birmingham, who tested hundreds of different banking apps—both iOS and Android—and found that several of
Kategorie: Hacking & Security

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

7 Prosinec, 2017 - 17:03
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal
Kategorie: Hacking & Security

Largest Crypto-Mining Exchange Hacked; Over $70 Million in Bitcoin Stolen

7 Prosinec, 2017 - 10:28
Bitcoin is breaking every record—after gaining 20% jump last week, Bitcoin price just crossed the $14,800 mark in less than 24 hours—and there can be no better reason for hackers to put all of their efforts to steal skyrocketing cryptocurrency. NiceHash, the largest Bitcoin mining marketplace, has been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at
Kategorie: Hacking & Security

Uber Paid 20-Year-Old Florida Hacker $100,000 to Keep Data Breach Secret

7 Prosinec, 2017 - 08:49
Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber's system last year and was paid a huge amount by the company to destroy the data and keep the incident secret. Just last week, Uber announced that a massive data breach in October 2016 exposed
Kategorie: Hacking & Security

New TeamViewer Hack Could Allow Clients to Hijack Viewers' Computer

6 Prosinec, 2017 - 17:28
Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of
Kategorie: Hacking & Security