#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Chaos Communications Congress | Breaking Cybersecurity News | The Hacker News

Proof It's Possible to Hack German Elections; Hackers Tamper with Voting-Software

Proof It's Possible to Hack German Elections; Hackers Tamper with Voting-Software

Sep 07, 2017
Germany's democracy is in danger, as the upcoming federal elections in the country, where nearly 61.5 million citizens are going to vote on September 24th, could be hijacked. Hackers have disclosed how to hack the German voting software to tamper with votes and alter the outcome of an election. Yes, election hacking is no theory—it is happening. A team of researchers from German hacking group Chaos Computer Club (CCC) has discovered several critical vulnerabilities in PC-Wahl—software used to capture, tabulate and transfer the votes from local polling centres to the state level during all parliamentary elections for decades. According to the CCC analysis, vulnerabilities could lead to multiple practicable attack scenarios that eventually allow malicious agents in the electoral office to change total vote counts. Critical Flaws Found In German Voting-Software The hacker collective found that the automatic software update module of PC-Wahl downloads packages over in
23-year-old Stack overflow vulnerability discovered in X11 Server

23-year-old Stack overflow vulnerability discovered in X11 Server

Jan 09, 2014
X.Org Foundation develops the X-Window System, the standard window system for open source operating systems and devices. Most of the graphical user interfaces for Unix and Linux systems rely on it. At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel , a security researcher gave the presentation titled  " X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months. In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. Later today, X.Org Foundation released a security Advisory , states " A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font. " The flaw resides in a file at " libXfo
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

Jan 02, 2014
In the era of Smartphones, Apple's iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher  Jacob Appelbaum , a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple's iPhones, which uses " modular mission applications to provide specific SIGINT functionality. " While giving the presentation at the Chaos Communications Congress (30C3) in Hamburg, Germany on Monday, Appelbaum revealed that NSA reportedly sniffing out every last bit of data from your iPhone. DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources