Tech News | Breaking Cybersecurity News | The Hacker News

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act ( DMA ). "This binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalized but equivalent version of Meta's social networks," the Commission said . It also noted that companies in gatekeeper roles must seek users' permission to combine their personal data between designated core platform services and other services (e.g., advertising), and that users who refuse to opt in should have access to a less personalized but equivalent alternative. On top of that, Meta's approach does not allow us

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier  CVE-2024-4947 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type confusion vulnerabilities  arise when a program attempts to access a resource with an incompatible type. It can have  serious impacts  as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the third zero-day that Google has patched within a week after  CVE-2024-4671  and  CVE-2024-4761 . As is typically the case, no additional details about the attacks are available and have been withheld to prevent further exploitation. "Google is aware that an exploit for CVE-2024-4947 exists in the wild," the company  said .

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account while secretly affiliating himself with PRC-based companies in the AI industry," the DoJ  said . The defendant is said to have pilfered from Google over 500 confidential files containing artificial intelligence (AI) trade secrets with the goal of passing them on to two unnamed Chinese companies looking to gain an edge in the ongoing AI race. "While Linwei Ding was employed as a software engineer at Google, he was secretly working to enrich himself and two companies based in the People's Republic of China," sa

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year and it [is] not a failure of the [antivirus] engine itself," the company  said  in a blog post. "This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues." The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was. The issue began to  gain   attention  as the year 2022 kicked in, causing the servers to no longer deliver email messages while throwing the following erro

After exposing private tweets , plaintext passwords , and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today. Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes—though the company said it was 'unintentional.' In a blog post, the company said an 'error' in its 'Tailored Audiences and Partner Audiences advertising system' inadvertently used the information provided by users for security reasons to run targeted ads based on the advertisers' own marketing lists. "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," Twitter said in a blog po

When automobiles giant like Nissan, Toyota and Tesla are focusing on self-driving smart cars, Chinese researchers have taken the future of automotive car driving technology to the level that's beyond your imaginations. Chinese researchers have built what they claim is the World's First Mind-Controlled Car — that uses nothing but human's brain power to drive. Isn't that sound like a piece of some Sci-Fi movies? But it's true. World's First Mind-Controlled Car The team of researchers from Nankai University, in the north-east port city of Tianjin, has designed a brain signal-reading headgear instrument that allows a driver to: Drive forward Drive backwards Come to a Stop Both Lock and Unlock the vehicle ...all without using his/her hands or feet. The team has spent almost two years bringing the mind-controlled car to the reality. How Does the Mind-Controlled Car Work? Watch in Action Zhang Zhao , one of the project's r

Facebook is planning to offer you the popular Snapchat feature in its Messenger app – ' Self-Destructing' Messages . Yes, Facebook is testing a new feature within its Messenger app that will allow its users to send self-destructing messages. Some Facebook users in France have spotted this new feature in the Messenger app that lets them send messages that only last for an hour. How to Turn ON the Feature? Users can turn on the self-destructing message feature within Messenger through an hourglass icon on the top-right corner of the conversation. The icon, when tapped, sets the messages to self-destruct after an hour of sending it. Tapping the hourglass icon again will turn off the feature, with everything going back to normal. Here's what Facebook says about the feature: "We're excited to announce the latest in an engaging line of optional product features geared towards making Messenger the best way to communicate with the people that

Forget about Superman's X-rays vision, you can now see through walls using WI-FI device only. Scientists at MIT's Computer Science and Artificial Intelligence Lab ( CSAIL ) have developed a device that uses WiFi signals to effectively see through walls and other obstacles, and identify which persons are standing behind it. Dubbed RF Capture , the new system is enhanced version of their previous methods of capturing movements across a house – technology used by mothers to see their baby's breathing and firefighters to determine if there are survivors in a burning building. How Does RF Capture Work? The working of RF Capture is actually quite simple and relatively straightforward. RF-Capture works by transmitting wireless signals that, upon hitting a person standing behind a wall, are reflected off various body parts and then back to the device for analysis to piece together the whole image of people. RF-Capture transmits radio waves that pass thro

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them (ICYMI). Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use Radio-waves to control our Smartphones from 16 feet away and How did the NSA break Trillions of Encrypted connections. Also, some of last week's news included USB Killer v2.0 and a real-life Thor-like Hammer . I recommend you to read the entire news (just click ' Read More ' because there's some valuable advice in there as well). Here's the list: 1. Google OnHub Router Runs on Chrome OS; Here's How to Root it Google OnHub Router runs Chrome operating system, the same Linux-based OS that powers Google Chromebook laptops and desktops. Google OnHub is a modern wireless router designed by Google and TP-Link. It operates networks on both t

Microsoft's Windows 10 , the latest version of Windows Operating System, has been creating waves since it rolled out, and reached to 110 million devices within just 2 months. If you are a long-time Windows user, you may remember a trick called, ' God Mode '. God Mode is an inbuilt, but hidden feature of Windows that provides additional customization options for the operating system. With Windows 10, all the Settings of the operating system are kept under Settings App, and categorized between System, Devices, Network & Internet, Personalization, Update & Security, Privacy and more. Enabling God Mode, also known as 'Windows Master Control Panel Shortcut ', in Windows 10 essentially unlocks a backdoor of the OS to access 260+ additional settings from a single folder. How to Enable God Mode in Windows 10? Follow the steps given below to enable the God Mode in your Windows 10: Create a new folder on your Windows desktop (New > Folder) and save it with th

Whenever you go to Buy any Electronic Gadget — Phone, Tablet, Laptop, Watch — the most important specification isn't its processor speed or its camera quality. It's how long the device's battery backup is. Imagine easy access to such batteries that provide more battery power after charging it once, do not give up in less time and have a life of many years. To achieve this, the researchers at Massachusetts Institute of Technology (MIT) and Samsung , have developed a new material that could potentially revolutionize the Battery industry. Researchers have solved all these Battery issues with just one weird practical approach, called Solid-State Electrolytes . Today the cells we depend on contain Liquid-State Electrolyte , the researchers thought of replacing the one with a Solid form of electrolyte. Solid-State Electrolytes could simultaneously address the greatest challenges associated with improving lithium-ion batteries (LIB) , with the possibility to increas

When a pet dies, or your friend's family member passed away, clicking the 'Like ' button to express your sympathy doesn't feel comfortable. Here a user feels a need of something to express their sadness, disagreement, anger, or something other than 'Like': Facebook should have an empathetic " Dislike " button - or something similar. Is Facebook really thinking about adding a dislike button? The short answer is " YES ." Soon your wish is about to come true. During a question and answer ( Q&A ) session on Tuesday, Facebook CEO Mark Zuckerberg said that the Facebook ' dislike ' button is on the way. "People have asked about the 'dislike' button for many years," Zuckerberg told the audience at Facebook's Menlo Park office. " Today is a special day because today is the day I can say we are working on it and shipping it." Zuck — 'Not every moment is a good moment' Di

Smartphones in our pockets are exponentially smaller and more powerful that they don't realize the need to carry laptops with us everywhere. Now imagine if a small mouse meets the need of the entire PC? Not just imagination, it has been proved and done by the engineers at a Polish startup. Poland-based Przemysław Strzelczyk and a team of software developers working on a new concept have created what they believe is the future of desktop computing — a mouse that's also a PC. Called " Mouse-Box ", a wireless gadget that packs a 1.4 GHz quad-core ARM processor, a micro-HDMI port, WiFi up to 802.11n, accelerometer, gyroscope, two USB 3.0 ports and 128 GB storage space into a mouse. The only extra hardware needed is a monitor. Mouse Box comes with the same amount of storage as a high-end iPhone 6 Plus , but we know that nobody will be able to work for long with so little storage. The storage capacity can't be physically expanded, but can be extended with the use of clou

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun

Opera releases monthly data generated by its users. In November 2010, Opera reported significant increases in unique users, pages viewed, and data consumed via its Mini browser. Around 80 million people used the Opera Mini browser in November, viewing 44.6 billion pages. According to Opera, its server-side compression reduced 6.3 petabytes of data. Year-over-year, Opera Mini's page views grew by 103.1%. The number of unique users increased by 28.4%, with the average user viewing 422 web pages per month. Each user consumed about 10MB of data, with the average web page size being just 2KB. In 2009, Facebook was the most visited mobile site, according to Opera. This year, Google regained the top spot globally. The top 10 websites globally, as ranked by Opera, are: Google Facebook Vkontakte.ru YouTube Odnoklassniki.ru Yandex.ru Yahoo My.opera Mail.ru Getjar In the U.S., the top 10 websites are more familiar: Google Facebook YouTube Wikipedia Yahoo My.opera Accuwe

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts requested by an application to be rendered when they shouldn't have. Upon discovering the bug, we immediately began work to fix it. It's now been resolved, and these posts can no longer be made. We're not aware of any cases in which the bug was used maliciously." A representative from Sendible stated that they had discussed the issue with Facebook over the phone. Facebook acknowledged the problem but could not reproduce it on their end. "They've agreed to patch the issue by the end of the day. In the meantime, we've agreed to remove the feature on Sendible that allows fans of Facebook pages to automate posts." Several Facebook Pages, including those of large

Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani's work developing what's known as a "carpet bomb" attack, the security researcher said in an interview Monday. "I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else." That turned out to be the wrong assessment. Soon after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X. Nobody has shown how to do this on the Mac OS X version of Safari, but Dhanjani still thinks Apple should fix the issue on both platforms. In a carpet bomb attack, the victim visits a malicious website, which then starts downloading unau