The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical vulnerability has been discovered in the official Apple's App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in

Wanna Hack an extremely secure Computer? You do not need sophisticated techniques or equipment to do so. To hack an Air-Gapped computer – All you need is a cell phone; even old-fashioned, dumb phones from the past decade will work. Yes, Hacking Air-Gapped Computers is possible using a basic low-end mobile phone. Israeli security researchers have devised a new attack to steal data from a computer that is isolated from the internet and other computers that are connected to external networks, also known as an air-gapped computer. This new hack attack that could steal data from a highly secured computer uses: The GSM network Electromagnetic waves A basic low-end mobile phone The research was conducted by lead security researcher Mordechai Guri, along with Yuval Elovici, Assaf Kachlon, Ofer Hasson, Yisroel Mirsky, and Gabi Kedma – the same researchers who developed a previous attack that used a smartphone to wirelessly extract data from Air-Gapped computers .

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o

Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of

Do you own a Smartwatch ? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch. Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks. In a study, HP's Fortify tested today's top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns. The most shocking part of the study was that –  Not even a Single Smartwatch Found to be 100 percent Safe Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers. With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers' security because these wearable devices could potentially open doors to new threats to personal and sensitive informat