Tech News | Breaking Cybersecurity News | The Hacker News

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance ( GASA ) and DNS Research Federation ( DNS RF ) to combat online scams . The initiative, which has been codenamed the Global Signal Exchange ( GSE ), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create more visibility into the facilitators of cybercrime. "By joining forces and establishing a centralized platform, GSE aims to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms and services," Google said in a blog post shared with The Hacker News. "The goal is to create a user-friendly, efficient solution that operates at an internet-scale, and is accessible to qualifying organizations, with GASA and the DNS Research Federation managing access." The tech giant said it has sh...

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps, and file managers. The program, which was first launched in Singapore earlier this February, has already blocked nearly 900,000 high-risk installations in the Southeast Asian nation, the tech giant said. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud," Eugene Liderman, director of mobile security strategy at Google, said . It works by examining the permissions declared by a third-party app in real-time and checking for permissions that are typically abused by...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API ( DPAPI ) which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said . "However, the DPAPI does not protect against malicious applications able to execute code as the logged in user – which info-stealers take advantage of." App-bound encryption is an improvement over DPAPI in that it interweaves an app's identity (i.e., Chrome in this case) into encrypted data to prevent another app on the system from accessing it when decryption is attempted. "Because the app-bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app," Harris said. "Now, th...

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act ( DMA ). "This binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalized but equivalent version of Meta's social networks," the Commission said . It also noted that companies in gatekeeper roles must seek users' permission to combine their personal data between designated core platform services and other services (e.g., advertising), and that users who refuse to opt in should have access to a less personalized but equivalent alternative. On top of that, Meta's approach does not allow us...

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier  CVE-2024-4947 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type confusion vulnerabilities  arise when a program attempts to access a resource with an incompatible type. It can have  serious impacts  as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the third zero-day that Google has patched within a week after  CVE-2024-4671  and  CVE-2024-4761 . As is typically the case, no additional details about the attacks are available and have been withheld to prevent further exploitation. "Google is aware that ...

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account while secretly affiliating himself with PRC-based companies in the AI industry," the DoJ  said . The defendant is said to have pilfered from Google over 500 confidential files containing artificial intelligence (AI) trade secrets with the goal of passing them on to two unnamed Chinese companies looking to gain an edge in the ongoing AI race. "While Linwei Ding was employed as a software engineer at Google, he was secretly working to enrich himself and two companies based in the People's Republic of China," sa...

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year and it [is] not a failure of the [antivirus] engine itself," the company  said  in a blog post. "This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues." The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was. The issue began to  gain   attention  as the year 2022 kicked in, causing the servers to no longer deliver email messages while throwing the following erro...

After exposing private tweets , plaintext passwords , and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today. Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes—though the company said it was 'unintentional.' In a blog post, the company said an 'error' in its 'Tailored Audiences and Partner Audiences advertising system' inadvertently used the information provided by users for security reasons to run targeted ads based on the advertisers' own marketing lists. "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," Twitter said in a blog po...

When automobiles giant like Nissan, Toyota and Tesla are focusing on self-driving smart cars, Chinese researchers have taken the future of automotive car driving technology to the level that's beyond your imaginations. Chinese researchers have built what they claim is the World's First Mind-Controlled Car — that uses nothing but human's brain power to drive. Isn't that sound like a piece of some Sci-Fi movies? But it's true. World's First Mind-Controlled Car The team of researchers from Nankai University, in the north-east port city of Tianjin, has designed a brain signal-reading headgear instrument that allows a driver to: Drive forward Drive backwards Come to a Stop Both Lock and Unlock the vehicle ...all without using his/her hands or feet. The team has spent almost two years bringing the mind-controlled car to the reality. How Does the Mind-Controlled Car Work? Watch in Action Zhang Zhao , one of the project's r...

Facebook is planning to offer you the popular Snapchat feature in its Messenger app – ' Self-Destructing' Messages . Yes, Facebook is testing a new feature within its Messenger app that will allow its users to send self-destructing messages. Some Facebook users in France have spotted this new feature in the Messenger app that lets them send messages that only last for an hour. How to Turn ON the Feature? Users can turn on the self-destructing message feature within Messenger through an hourglass icon on the top-right corner of the conversation. The icon, when tapped, sets the messages to self-destruct after an hour of sending it. Tapping the hourglass icon again will turn off the feature, with everything going back to normal. Here's what Facebook says about the feature: "We're excited to announce the latest in an engaging line of optional product features geared towards making Messenger the best way to communicate with the people that ...

Forget about Superman's X-rays vision, you can now see through walls using WI-FI device only. Scientists at MIT's Computer Science and Artificial Intelligence Lab ( CSAIL ) have developed a device that uses WiFi signals to effectively see through walls and other obstacles, and identify which persons are standing behind it. Dubbed RF Capture , the new system is enhanced version of their previous methods of capturing movements across a house – technology used by mothers to see their baby's breathing and firefighters to determine if there are survivors in a burning building. How Does RF Capture Work? The working of RF Capture is actually quite simple and relatively straightforward. RF-Capture works by transmitting wireless signals that, upon hitting a person standing behind a wall, are reflected off various body parts and then back to the device for analysis to piece together the whole image of people. RF-Capture transmits radio waves that pass thro...

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them (ICYMI). Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use Radio-waves to control our Smartphones from 16 feet away and How did the NSA break Trillions of Encrypted connections. Also, some of last week's news included USB Killer v2.0 and a real-life Thor-like Hammer . I recommend you to read the entire news (just click ' Read More ' because there's some valuable advice in there as well). Here's the list: 1. Google OnHub Router Runs on Chrome OS; Here's How to Root it Google OnHub Router runs Chrome operating system, the same Linux-based OS that powers Google Chromebook laptops and desktops. Google OnHub is a modern wireless router designed by Google and TP-Link. It operates networks on both t...

Microsoft's Windows 10 , the latest version of Windows Operating System, has been creating waves since it rolled out, and reached to 110 million devices within just 2 months. If you are a long-time Windows user, you may remember a trick called, ' God Mode '. God Mode is an inbuilt, but hidden feature of Windows that provides additional customization options for the operating system. With Windows 10, all the Settings of the operating system are kept under Settings App, and categorized between System, Devices, Network & Internet, Personalization, Update & Security, Privacy and more. Enabling God Mode, also known as 'Windows Master Control Panel Shortcut ', in Windows 10 essentially unlocks a backdoor of the OS to access 260+ additional settings from a single folder. How to Enable God Mode in Windows 10? Follow the steps given below to enable the God Mode in your Windows 10: Create a new folder on your Windows desktop (New > Folder) and save it with th...

Whenever you go to Buy any Electronic Gadget — Phone, Tablet, Laptop, Watch — the most important specification isn't its processor speed or its camera quality. It's how long the device's battery backup is. Imagine easy access to such batteries that provide more battery power after charging it once, do not give up in less time and have a life of many years. To achieve this, the researchers at Massachusetts Institute of Technology (MIT) and Samsung , have developed a new material that could potentially revolutionize the Battery industry. Researchers have solved all these Battery issues with just one weird practical approach, called Solid-State Electrolytes . Today the cells we depend on contain Liquid-State Electrolyte , the researchers thought of replacing the one with a Solid form of electrolyte. Solid-State Electrolytes could simultaneously address the greatest challenges associated with improving lithium-ion batteries (LIB) , with the possibility to increas...

When a pet dies, or your friend's family member passed away, clicking the 'Like ' button to express your sympathy doesn't feel comfortable. Here a user feels a need of something to express their sadness, disagreement, anger, or something other than 'Like': Facebook should have an empathetic " Dislike " button - or something similar. Is Facebook really thinking about adding a dislike button? The short answer is " YES ." Soon your wish is about to come true. During a question and answer ( Q&A ) session on Tuesday, Facebook CEO Mark Zuckerberg said that the Facebook ' dislike ' button is on the way. "People have asked about the 'dislike' button for many years," Zuckerberg told the audience at Facebook's Menlo Park office. " Today is a special day because today is the day I can say we are working on it and shipping it." Zuck — 'Not every moment is a good moment' Di...

Smartphones in our pockets are exponentially smaller and more powerful that they don't realize the need to carry laptops with us everywhere. Now imagine if a small mouse meets the need of the entire PC? Not just imagination, it has been proved and done by the engineers at a Polish startup. Poland-based Przemysław Strzelczyk and a team of software developers working on a new concept have created what they believe is the future of desktop computing — a mouse that's also a PC. Called " Mouse-Box ", a wireless gadget that packs a 1.4 GHz quad-core ARM processor, a micro-HDMI port, WiFi up to 802.11n, accelerometer, gyroscope, two USB 3.0 ports and 128 GB storage space into a mouse. The only extra hardware needed is a monitor. Mouse Box comes with the same amount of storage as a high-end iPhone 6 Plus , but we know that nobody will be able to work for long with so little storage. The storage capacity can't be physically expanded, but can be extended with the use of clou...

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun...

Opera releases monthly data generated by its users. In November 2010, Opera reported significant increases in unique users, pages viewed, and data consumed via its Mini browser. Around 80 million people used the Opera Mini browser in November, viewing 44.6 billion pages. According to Opera, its server-side compression reduced 6.3 petabytes of data. Year-over-year, Opera Mini's page views grew by 103.1%. The number of unique users increased by 28.4%, with the average user viewing 422 web pages per month. Each user consumed about 10MB of data, with the average web page size being just 2KB. In 2009, Facebook was the most visited mobile site, according to Opera. This year, Google regained the top spot globally. The top 10 websites globally, as ranked by Opera, are: Google Facebook Vkontakte.ru YouTube Odnoklassniki.ru Yandex.ru Yahoo My.opera Mail.ru Getjar In the U.S., the top 10 websites are more familiar: Google Facebook YouTube Wikipedia Yahoo My.opera Accuwe...

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts requested by an application to be rendered when they shouldn't have. Upon discovering the bug, we immediately began work to fix it. It's now been resolved, and these posts can no longer be made. We're not aware of any cases in which the bug was used maliciously." A representative from Sendible stated that they had discussed the issue with Facebook over the phone. Facebook acknowledged the problem but could not reproduce it on their end. "They've agreed to patch the issue by the end of the day. In the meantime, we've agreed to remove the feature on Sendible that allows fans of Facebook pages to automate posts." Several Facebook Pages, including those of large...

Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani's work developing what's known as a "carpet bomb" attack, the security researcher said in an interview Monday. "I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else." That turned out to be the wrong assessment. Soon after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X. Nobody has shown how to do this on the Mac OS X version of Safari, but Dhanjani still thinks Apple should fix the issue on both platforms. In a carpet bomb attack, the victim visits a malicious website,...