Security researcher | Breaking Cybersecurity News | The Hacker News

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, LinkedIn, Telegram, Discord, and Keybase in a bid to communicate with the researchers and build trust. The goal, it appears, is to steal exploits developed by the researchers for possibly undisclosed vulnerabilities, thereby allowing them to stage further attacks on vulnerable targets of their choice. "Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including 'guest' posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers,"  said  TAG researcher Adam Weide

Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b

Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said , "The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate." The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services , and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses. One such IP address belongs to Brian Richard Farrell , an alleged Silk Road 2 lieutenant who was arrested in January 2014. The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few

The corporate data leaked in the recent cyber attack on the infamous surveillance software firm Hacking Team has revealed that the Adobe Flash zero-day (CVE-2015-5119) exploit has already been added to several exploit kits. Security researchers at Trend Micro have discovered evidences of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week's data breach on the spyware company. The successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing an attacker to take full control of the affected system. Adobe Flash Zero-Day Targeted Japan and Korea According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Korea and Japan . "In late June, [Trend Micro] learned that a user in Korea was the attempted target of various

A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways. Chris Roberts, the founder of One World Labs , was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane's in-flight entertainment system. In that particular tweet, Roberts joked: " Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone? :) " The federal agents addressed the tweet immediately and took it seriously following the Roberts' capabilities of such hacking tactics. In the FBI affidavit first made public Friday - first obtained by APTN National News - Roberts told the FBI earlier this year about not once, b

Oracle's newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon. Data Redaction is one of the new Advanced Security features introduced in Oracle Database 12c. The service is designed to allow administrators to automatically protect sensitive data, such as credit card numbers or health information, during certain operations by either totally obscuring column data or partially masking it. But according to David Litchfield , a self-taught security researcher who found dozens and dozens of critical vulnerabilities in Oracle's products, a close look at this Data Redaction security feature help him found a slew of trivially exploitable vulnerabilities that an attacker don't even need to execute native exploit code to defeat the feature. David Litchfield is a security specialist at Datacomm TSS and th

Today Google has publicly revealed its new initiative called " Project Zero, " a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet. A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise  Project Zero is a dedicated team of top security researchers, who have been hired by Google to finding the most severe security flaws in software around the world and fixing them. PROTECT ZERO vs ZERO-DAY Project Zero gets its name from the term " zero-day ," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies. " Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. " Chris Evans said , who was leading Google's Chrome security team and now will lead Pro

Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days.  Yahoo has changed its bug bounty policies following a deluge of negative feedback in the wake of the news that ethical hackers were rewarded with $12.50 in gift vouchers for security flaw discoveries. The company unveiled a new program to reward reporters who shed light on bugs and vulnerabilities classified as new, unique and/or high risk issues. Starting October 31, 2013, individuals and firms who report bugs will be rewarded with anything between $150-$15,000. " The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue ," Director of security, Ramses Martinez, announced . Yahoo denied that its new program was a response to the criticism, saying it was already working on a new bug bounty system before the furore. Martinez begins by labelling himself as the &q

Today more and more companies are looking for external security researchers to help identify vulnerabilities and weaknesses in their applications through Bug Bounty Programs. While companies like Facebook and Google are paying out hundreds of dollars to researchers for reporting security vulnerabilities, But according to Yahoo! Your email's security worth only $12.50 ! Yahoo is not having very good run in the reputation department when it comes to user security. Researchers at High-Tech Bridge found a few bugs, and were not exactly impressed with Yahoo's reward. They pointed out cross-site scripting (XSS) flaws affecting two Yahoo domains and in return they received $12.50 bounties for each vulnerability they found. This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate T-shirts, cups, pens and other accessories. This isn't exactly a great reward for spending time reporting security vulnerabilities

Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS IVonline from

Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence. Mazurczyk, Maciej Karaś and Krzysztof Szczypiorski analysed Skype data traffic during calls and discovered that there is a way in Skype silence, where rather than sending no data between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech. So by taking advantage of this they hijacks these silence packets and then inject encrypted message data into some of them. The Skype receiver on other end will always simply ignores the secret-message data, but it can be decoded back to receive that secret message. Team decide to present this at Steganography conference  by creating a POC tool called SkypeHide that will be able to hijacks some of the silenc

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the

Samsung which is currently believed to the highest Smartphones Seller in the World is now providing a Remote tracking solution in all its smartphones to Track the lost phone with the name " Samsung Dive ". The Service is based on the Architecture which primarily acquires precise location of the smart phone using it GPS and other subsidiary location acquisition techniques. The Service is basically meant to be used by the users to track their phone in case of theft or lost phone. Security Researcher Jiten Jain discovered that this GPS based location tracking service provided by manufacturer (Samsung) is also vulnerable to Theft and Malwares. To use this inbuilt tracking Service, User has to simply create an account with Samsung (www.samsungdive.com). Users than have to enable remote services to track device and wipe data remotely. The permission can be disabled or modified only by the Samsung account holder after logging in and cannot be disabled by anyone else. 

Researchers found Apache Server-Status Enabled on some popular site like php.net , cisco, nba.com, Cloudflare, Metacafe, Ford, yellow.com, and others. For backgorund, there is  a Module mod_status in   Apache server which allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. Basically,  mod_status provides information on your apache server activity and performance. The main security risk of using this module is only Information disclosure which includes infomation such as Server uptime, Individual request-response statistics and CPU usage of the working processes, Current HTTP requests, client IP addresses, requested paths, processed virtual hosts. , that could give a potential attacker information about how to attack the web server. Few popular brands showing their status online, discovered by  Daniel Cid from Sucuri : https://php.net/server-statu

16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code. On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available. Generally Firefox offers 16 power