Samsung hacked | Breaking Cybersecurity News | The Hacker News

With the growing number of cyber attacks and data breaches, a number of tech companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Samsung is the latest in the list of tech companies to launch a bug bounty program, announcing that the South Korean electronics giant will offer rewards of up to $200,000 to anyone who discovers vulnerabilities in its mobile devices and associated software. Dubbed Mobile Security Rewards Program , the newly-launched bug bounty program will cover 38 Samsung mobile devices released from 2016 onwards which currently receive monthly or quarterly security updates from the company. So, if you want to take part in the Samsung Mobile Security Rewards Program, you have these devices as your target—the Galaxy S, Galaxy Note, Galaxy A, Galaxy J, and the Galaxy Tab series, as well as Samsung's flagship devices, the S8, S8+, a...

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There's both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices, along with potentially any device using an Exynos 4412 or 4210 processor and Samsung kernels. The vulnerability was described on Saturday by the user " alephzain " on XDA Developers, a forum for mobile developers. This Vulnerability could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. This functionality can be exploited by some malicious apps to gain root access to the device, wipe/steal sensitive data, install malicious codes, and could also be used to potentially brick the phone. According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not p...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...