The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 12 min 1 sek zpět

Facebook Offering $40,000 Bounty If You Find Evidence Of Data Leaks

10 Duben, 2018 - 21:46
Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal, the company today launched a bounty program to reward users for reporting "data abuse" on its platform. The move comes as Facebook CEO Mark Zuckerberg prepares to testify before Congress this week amid scrutiny
Kategorie: Hacking & Security

Flaw in Emergency Alert Systems Could Allow Hackers to Trigger False Alarms

10 Duben, 2018 - 18:51
A serious vulnerability has been exposed in "emergency alert systems" that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms. The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes
Kategorie: Hacking & Security

Authentication Bypass Vulnerability Found in Auth0 Identity Platform

9 Duben, 2018 - 20:01
A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media
Kategorie: Hacking & Security

Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

9 Duben, 2018 - 16:46
A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide
Kategorie: Hacking & Security

Here's how hackers are targeting Cisco Network Switches in Russia and Iran

9 Duben, 2018 - 11:48
Since last week, a new hacking group, calling itself 'JHT,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—"Do not mess with our elections" with an American flag (in ASCII art). MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches
Kategorie: Hacking & Security

Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords

6 Duben, 2018 - 20:16
Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports. Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business
Kategorie: Hacking & Security

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

6 Duben, 2018 - 13:41
Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and
Kategorie: Hacking & Security

Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now

6 Duben, 2018 - 09:58
Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. <!-- adsense --> In an
Kategorie: Hacking & Security

Intel Admits It Won't Be Possible to Fix Spectre (V2) Flaw in Some Processors

5 Duben, 2018 - 16:46
As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the
Kategorie: Hacking & Security

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

5 Duben, 2018 - 16:21
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines
Kategorie: Hacking & Security

Facebook admits public data of its 2.2 billion users has been compromised

5 Duben, 2018 - 11:17
Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information. On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion
Kategorie: Hacking & Security

Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

4 Duben, 2018 - 16:49
Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in
Kategorie: Hacking & Security

New Android Malware Secretly Records Phone Calls and Steals Private Data

3 Duben, 2018 - 16:25
Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender." Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls. Talos
Kategorie: Hacking & Security

Apple Plans to Replace Intel Chips in Macs with its Custom Designed CPUs

3 Duben, 2018 - 10:31
In a major blow to Intel, Apple is reportedly planning to use its custom-designed ARM chips in Mac computers starting as early as 2020, ultimately replacing the Intel processors running on its desktop and laptop hardware. The company makes its own A-series custom chips for iPhones, iPads and other iThings, while the Mac devices use Intel x64 silicon. Now according to a report from Bloomberg,
Kategorie: Hacking & Security

Google Bans Cryptocurrency Mining Extensions From Chrome Web Store

3 Duben, 2018 - 08:17
In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden rise in malicious extensions that appear to offer useful functionality, while embedding hidden
Kategorie: Hacking & Security

How to Make Your Internet Faster with Privacy-Focused DNS Service

2 Duben, 2018 - 15:34
Cloudflare, a well-known Internet performance and security company, announced the launch of—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable
Kategorie: Hacking & Security

Russian Hacker Who Allegedly Hacked LinkedIn and Dropbox Extradited to US

31 Březen, 2018 - 12:57
A Russian man accused of hacking LinkedIn, Dropbox, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic. Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the FBI, but he
Kategorie: Hacking & Security

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

31 Březen, 2018 - 11:38
Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly
Kategorie: Hacking & Security

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

29 Březen, 2018 - 10:38
A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text. Introduced two years ago, APFS (Apple File System) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance. <!-- adsense -->
Kategorie: Hacking & Security

QR Code Bug in Apple iOS 11 Could Lead You to Malicious Sites

28 Březen, 2018 - 07:06
A new vulnerability has been disclosed in iOS Camera App that could be exploited to redirect users to a malicious website without their knowledge. The vulnerability affects Apple's latest iOS 11 mobile operating system for iPhone, iPad, and iPod touch devices and resides in the built-in QR code reader. With iOS 11, Apple introduced a new feature that gives users ability to automatically read
Kategorie: Hacking & Security