Security News | Breaking Cybersecurity News | The Hacker News

In October, A Security researcher ' Craig Heffner ' discovered a backdoor vulnerability ( CVE-2013-6027 ) with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password. Last week, D-Link has released new version of Firmware for various vulnerable router models, that patches the unauthorized administrator access backdoor. Heffner  found that the web interface for some D-Link routers could be accessed if the browser's user agent string is set to xmlset_roodkcableoj28840ybtide . From last month, D-Link was working with Heffner and other security researchers, to find out more about the backdoor and now the Company has released the updates for the following models: DIR-100 DIR-120 DI-524 DI-524UP DI-604UP DI-604+ DI-624S TM-G5240 The company advised users to do not enable the Remote Management feature, since this will allow malicious users to use this exploit from the internet and also warned t

The increasing public attention of Bitcoin did not go unnoticed by Cyber Criminals who have begun unleashing Bitcoin Mining malware. Security researchers at Malwarebytes warned about a new malware threat, in which Bitcoin Miners are bundled with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. Malware allow cybercriminals to utilize systems' computing resources for their own gain. " This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash. " The malware is found to be using ' jhProtominer ' a popular mining software that runs via the command line, to abuse the CPUs and GPUs of infected computers to generate Bitcoins. Upon further investigation Malwarebytes found that the parent of the Bitcoin miner was " monitor.exe ", a part of YourFreeProxy application, which " beacons out constantly, waiting for commands from a remote server, eventually downlo

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Apple has released the latest version of its mobile platform i.e. iOS 7.0.4 includes bug fixes, security patches with some new features. The update is available for iPhone , iPad and iPod touch, identified as " build 11B554a ." Most importantly Apple has patched a critical security flaw that allowed to purchase stuff from the online Apple Store without having to tap in a valid password. Vulnerability assigned as  CVE-2013-5193 , " A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization. " Apple's security bulletin says. The patch restores the aforementioned authentication check and will allow app store transactions only  if the user will provide a valid password. The update also addressed an issue that would cause FaceTime calls to fail for some users. Apple recommended users to update their devices immediately. iOS users ca

For years, the Capture the Flag platform has been a common and very popular part of the hacker convention scene. Teams come from all over the world to show their skill and technique in various competitions. The CTF365 team took that interest, passion and excitement and went to a new level in their platform. That original capture the flag environment is now available to anyone from the safety and comfort of their own home. Not only is the original and fun capture the flag platform available, but the CTF365 team is bringing in red verses blue competitions, as well as an entire exploitable virtual world! While still in alpha, the development team is working tirelessly to bring a brand new approach to an original favorite to the hacker and information security community. What is CTF365? CTF365 is a revolution in the world of capture the flag, simulated attacks and Information security as a whole. Capture the flag is always a fan favorite at hacker conventions, online and

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries. The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature. Cai Mingzhao , Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges. Interesting! When China is itself the culprit in major Cyber Threats and attacks. " To maintain cyber security, we need to strengthen international cooperation, " and " We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit, " he said . He said that the China is a victim of cyber security breaches, where more than 80% of Chinese i

Today Malware is a very real threat, and if you're not careful about what you download and install, you could end up with a serious problem. But now Google will be trying their very best to block malware from installing itself on your computer on your behalf. Google has developed a security feature for Chrome that lets the browser detect and stop malware downloads. The feature has been added to Chrome Canary, the latest version of the browser which is available to download in beta form now. All you'll see is a notification like the one below, which you can then dismiss: " These malicious programs disguise themselves so you won't know they're there and they may change your homepage or inject ads into the sites you browse. Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state. " wrote Linus Upson, a Google vice president, in a blog post . Google is implementing

Yesterday I learned about  ' Dark Mail Alliance ', where  Lavabit , reportedly an email provider for NSA leaker Edward Snowden and Silent Circle comes together to create a surveillance-proof email technology. Ladar Levison at Lavabit and Silent Circle CEO Mike Janke, Founders of two e-mail services that recently shut down amid government efforts to nab encryption keys, as well as the larger revelations regarding the NSA's surveillance efforts. The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders i.e. inbox, sent mail, and drafts. But where it differs is that it applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect. The encryption, based on a Silent Circle instant messaging protocol called SCIMP and the secret keys generated to encrypt the communic

Cybercrime , identity theft, and frauds are on the rise; and in most cases, the data breaches are associated with credit cards and cardholder data. The impact of data breach not only affects your organization, but also your customers. A common observation cites that organizations that are PCI compliant are 50% less likely to suffer a data breach . It is alarming to notice that most organizations have difficulty complying with the requirements necessary for processing cardholder data . PCI makes the process smooth Based on the feedback from the industry, PCI Security Council has introduced some changes in the compliance regulations and has come up with version 3.0 for PCI compliance whose final version is scheduled for release on November 7, 2013. And, it is expected to be effective from January 2014. So, how will the upgraded version of PCI Compliance impact your organization? Awareness :  Most security breaches happen due to lack of awareness in the following areas:

One of the most intimidating issues that gives nightmares to IT teams across organizations is data breaches or data loss. Typically, data loss happens when security is compromised and corporate sensitive data is accessed. It might fall under any of these categories: Unauthorized, intentional or unintentional exfiltration of confidential information Data spill or data leak This can happen due to external security attacks like malware, hacking or sometimes even from an internal source such as a disgruntled employee. This calls for a data loss prevention (DLP) system in place that would help you contain and avoid the loss of data. Data loss happens in many stages and can be broadly categorized into three categories: Data in Motion: Data that moves through the network to the outside, in most cases using the Internet Data at Rest: Data that rests in your database and other provisions for storage Data at the Endpoints: Data at the endpoints of your network, say, data on USB and oth

In the past, there was a general belief that Macs is much more secure than Windows PCs, but now Mac malware is a serious threat to the security of users' computers and information. One of the reasons behind the increase in Mac related Malware attacks is the fact that Apple products are popular with many prominent businessmen and influential politicians. Daniel Pistelli, Reverse Engineer and lead developer of Cerbero Profiler, former developer of IDA Pro comes up with another interesting research, and explained The Hacker News , the basic details behind the technique he used to create an undetectable malware for Mac OS X. Apple implements internally an encryption mechanism to protect some of their own executable like " Dock.app " or " Finder.app ". This encryption can be applied to malware as well. If one does, anti-malware solutions can no longer detect the malware because of the encryption, but OS X has no problem loading such malware. This same

Facebook Graph Search is more powerful than ever, has been updated to allow people to search in greater depth on Facebook.  Facebook expanded its Graph Search to include posts and status updates, which means everything you've been posting is way easier to find than ever before. " Now you will be able to search for status updates, photo captions, check-ins and comments to find things shared with you ," says Facebook . For example, you could enter " Posts by my friends from last month ," or " Posts written at The White House " in order to find that specific information. Facebook's search is increasing in power much faster than people are realizing that their life is being digitally sorted and indexed. As Facebook widens its scope of searchable information, questions about privacy continue to rise. Facebook users should check their privacy settings if they want to limit the people who can search every post or status update they have ev