The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 50 min 23 sek zpět

Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019

12 Srpen, 2019 - 14:35
With the migration of governments and enterprises towards controller-based architectures, the role of a core network engineer has become more important than ever. Today, majority of interconnected wide area networks (WANs) and local area networks (LANs) in the world run on Cisco routers and other Cisco networking equipment, and therefore most organizations need network engineers to maintain
Kategorie: Hacking & Security

Canon DSLR Cameras Can Be Hacked With Ransomware Remotely

12 Srpen, 2019 - 10:25
The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage
Kategorie: Hacking & Security

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

11 Srpen, 2019 - 13:45
If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed. A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware
Kategorie: Hacking & Security

Apple will now pay hackers up to $1 million for reporting vulnerabilities

9 Srpen, 2019 - 09:54
Apple has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday. One of the most attractive updates is… Apple has enormously increased the maximum reward for its bug bounty program from $200,000 to $1 million—that's by far the biggest bug bounty offered by any major tech company for reporting
Kategorie: Hacking & Security

Facebook Sues Two Android App Developers for Click Injection Fraud

8 Srpen, 2019 - 12:27
Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users' smartphones to fraudulently click on Facebook ads. According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as "click injection
Kategorie: Hacking & Security

KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files

8 Srpen, 2019 - 09:26
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's
Kategorie: Hacking & Security

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

8 Srpen, 2019 - 09:21
Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. (You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP
Kategorie: Hacking & Security

Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer

7 Srpen, 2019 - 13:14
Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers. The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC information of 10,000 users if the company did not pay 300 Bitcoins—that's equivalent to almost $3.5
Kategorie: Hacking & Security

SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs

7 Srpen, 2019 - 09:54
A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned. Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the
Kategorie: Hacking & Security

Pakistani Man Bribed AT&T Insiders to Plant Malware and Unlock 2 Million Phones

6 Srpen, 2019 - 20:01
United States federal government has charged a Pakistani national for bribing employees at AT&T telecommunication company over a period of five years to help unlock more than 2 million phones and plant malware on the company's network. Muhammad Fahd, a 34-year-old man from Pakistan, was arrested in Hong Kong last year in February at the request of the U.S. government and just extradited to the
Kategorie: Hacking & Security

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

6 Srpen, 2019 - 10:16
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction. Discovered by security researchers from Tencent's Blade team, the vulnerabilities, collectively known as QualPwn, reside in the WLAN and modem firmware of Qualcomm chipsets that
Kategorie: Hacking & Security

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

3 Srpen, 2019 - 12:27
The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords. WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using
Kategorie: Hacking & Security

Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

1 Srpen, 2019 - 11:13
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. It's believed to be the first payout on a 'False Claims Act' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011,
Kategorie: Hacking & Security

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

31 Červenec, 2019 - 12:37
What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control? Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with
Kategorie: Hacking & Security

Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

30 Červenec, 2019 - 18:37
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds. OXID
Kategorie: Hacking & Security

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

30 Červenec, 2019 - 13:21
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich
Kategorie: Hacking & Security

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

30 Červenec, 2019 - 10:17
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of
Kategorie: Hacking & Security

Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully

29 Červenec, 2019 - 20:09
If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet
Kategorie: Hacking & Security

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

29 Červenec, 2019 - 18:19
Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries. According to a new report Armis researchers shared with The
Kategorie: Hacking & Security

Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

29 Červenec, 2019 - 11:26
FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the
Kategorie: Hacking & Security