The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: cyber security

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

August 21, 2019Swati Khandelwal
Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million during a string of ATM cash withdrawals over a span of several days. According to a new report Singapore-based cybersecurity firm Group-IB shared with The Hacker News, the hacking group has significantly expanded their geography in recent months, increased the frequency of their attack campaigns, as well as enhanced its arsenal. The report also describes the evolution of the Silence hacking group from "young and highly motivated hackers" to one of the most sophisticated advanced persistent threat (APT) group that is now posing threats to bank
Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

August 16, 2019Swati Khandelwal
If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems. One of the two vulnerabilities, tracked as CVE-2019-9848 , that LibreOffice attempted to patch just last month was a code execution flaw that affected LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice. This flaw allows an attacker to craft a malicious document that can silently execute arbitrary python commands without displaying any warning to a targeted user. Apparently, the patch for this vulnerability was insufficient, as The Hacker News also reported late last month , which allowed two separate secu
Canon DSLR Cameras Can Be Hacked With Ransomware Remotely

Canon DSLR Cameras Can Be Hacked With Ransomware Remotely

August 12, 2019Mohit Kumar
The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage until victims pay a ransom. Yes, you heard me right. Security researcher Eyal Itkin discovered several security vulnerabilities in the firmware of Canon cameras that can be exploited over both USB and WiFi, allowing attackers to compromise and take over the camera and its features. According to a security advisory  released  by Canon, the reported security flaws affect Canon EOS-series digital SLR and mirrorless cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5X Mark II. "Imagine how would you respond if attackers inject ransomware into both your computer and the c
Apple will now pay hackers up to $1 million for reporting vulnerabilities

Apple will now pay hackers up to $1 million for reporting vulnerabilities

August 09, 2019Mohit Kumar
Apple has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday. One of the most attractive updates is… Apple has enormously increased the maximum reward for its bug bounty program from $200,000 to $1 million—that's by far the biggest bug bounty offered by any major tech company for reporting vulnerabilities in its products. The $1 million payouts will be rewarded for a severe deadly exploit—a zero-click kernel code execution vulnerability that enables complete, persistent control of a device's kernel. Less severe exploits will qualify for smaller payouts. What's more? From now onwards, Apple's bug bounty program is not just applicable for finding security vulnerabilities in the iOS mobile operating system, but also covers all of its operating systems, including macOS , watchOS, tvOS, iPadOS, and iCloud. Since its inception around three years ago, Apple
Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

August 01, 2019Mohit Kumar
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. It's believed to be the first payout on a ' False Claims Act ' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws. According to the court documents seen by The Hacker News, Glenn and one of his colleagues discovered multiple vulnerabilities in Cisco Video Surveillance Manager (VSM) suite in September 2008 and tried to report them to the company in October 2008. Cisco Video Surveillance Manager (VSM) suite allows customers to manage multiple video cameras at different
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

July 30, 2019Swati Khandelwal
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account. The FBI Arrested the Alleged Hacker The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data. Thompson appeared in U.S. District Court o
Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

July 24, 2019Wang Wei
A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to create custom automated spreadsheets for various Siemens projects related to the power generation industry. However, according to the United States Justice Department ( DoJ ), Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date. Logic Bomb is a piece of computer code intentionally inserted into software or system to carry out specific operations like crash or malfunction after certain conditions are met, or an amount of time has expire
Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully

Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully

July 19, 2019Mohit Kumar
If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet services. The root certificate in question, labeled as " trusted certificate " or " national security certificate ," if installed, allows ISPs to intercept and monitor users' encrypted HTTPS and TLS connections, helping the government spy on its citizens and censor content. In other words, the government is essentially launching a "man in the middle" attack on every resident of the country. But how installing a "root certificate" allow ISPs to decrypt HTTPS connection? For those unaware, your device and web browsers automatically trust digi
New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

July 17, 2019Swati Khandelwal
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side channels. Now, a separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission. Abusing Android Accelerometer to Capture Loudspeaker Data Dubbed Spearphone , the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions. An
Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

July 09, 2019Mohit Kumar
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, helping programmers write and maintain their JavaScript code more efficiently. Liran Tal, a developer advocate at open-source security platform Snyk, recently published details and proof-of-concept exploit of a high-severity prototype pollution security vulnerability that affects all versions of lodash, including the latest version 4.17.11. The vulnerability, assigned as CVE-2019-10744 , potentially affects a large number of frontend projects due to the popularity of lodash that is being downloaded at a rate of more than 80 million times per month. Prototype pollution is a vulnerability t
Cynet Launches Free Offering For Incident Response Service Providers

Cynet Launches Free Offering For Incident Response Service Providers

July 09, 2019The Hacker News
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team to enterprises with a fully equipped SOC. The hands of the incident response service providers are extremely busy, and the need from their side to scale while maintaining top quality has never been greater. To address this need, Cynet offers IR service providers to collect data, analyze, investigate and remediate threats on their customers' environments with Cynet 360 platform for free, introducing unmatched speed and reliability into their operations. Any incident responder can now simply sign up to Cynet and immediately get free access to the platform. "Cynet tackles the incident response play at its most fundamental core – speed," said Eyal Gruner, co-fo
Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

July 09, 2019Swati Khandelwal
If you use Zoom video conferencing software on your Mac computer—then beware—any website you're visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attacker can still activate your webcam. Zoom is one of the most popular cloud-based meeting platforms that provide video, audio, and screen sharing options to users, allowing them to host webinars, teach online courses, conduct online training, or join virtual meetings online. In a Medium post published today, cybersecurity researcher Jonathan Leitschuh disclosed details of an unpatched critical security vulnerability (CVE-2019-13450) in the Zoom client app for Apple Mac computers, which if combined with a separate flaw, could allow attackers to execute arbitrary code on the targeted systems remotely. Jonathan responsibly reported the security vulnerability to the affected company ov
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

June 21, 2019Swati Khandelwal
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities , besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks. With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms. Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874 , the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN
Gain the Trust of Your Business Customers With SOC 2 Compliance

Gain the Trust of Your Business Customers With SOC 2 Compliance

June 19, 2019The Hacker News
In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which organisation A provides services to organization B, it’s imperative for the latter to be absolutely sure that the former handles its data in the most secure way. While there’s no one-size-fits-all in cybersecurity, there are various frameworks that provide robust guidelines for organizations to see if the security controls in place indeed address their needs. NIST cybersecurity framework is a good example of such guidelines. There are industry specific standards, such as HIPPA for healthcare and PCI-DSS for credit card processing. However, in recent years, SOC 2 is gaining momentum in the US as a general standard for all organizations that store or process data for consumers and busi
New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

June 19, 2019Mohit Kumar
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud, which is popular across both, cloud environment and conventional environments. The reported vulnerability is a deserialization issue via XMLDecoder in Oracle WebLogic Server Web Services that could allow unauthorized remote attackers to execute arbitrary code on the targeted servers and take control over them. "This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," the advisor
Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

June 19, 2019Mohit Kumar
Important Update [21 June 2019] — Mozilla on Thursday released another update Firefox version 67.0.4 to patch a second zero-day vulnerability. If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild. Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them. The vulnerability, identified as CVE-2019-11707 , affects anyone who uses Firefox on desktop (Windows, macOS, and Linux) — whereas, Firefox for Android, iOS, and Amazon Fire TV are not affected. According to an advisory , the flaw has been labeled as a type confusion vulnerability in Firefox that can result in an exploitable cras
5 Keys to Improve Your Cybersecurity

5 Keys to Improve Your Cybersecurity

June 18, 2019The Hacker News
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat. Cybersecurity isn't easy, and there is no magic solution, but there are a handful of things you can do that will greatly reduce your exposure to risk and significantly improve your security posture. The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through. Challenges of Cybersecurity Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solution
Critical Flaw Reported in Popular Evernote Extension for Chrome Users

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

June 13, 2019Swati Khandelwal
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome browser. Discovered by Guardio, the vulnerability ( CVE-2019-12592 ) resided in the ways Evernote Web Clipper extension interacts with websites, iframes and inject scripts, eventually breaking the browser's same-origin policy (SOP) and domain-isolation mechanisms. According to researchers, the vulnerability could allow an attacker-controlled website to execute arbitrary code on the browser in the context of other domains on behalf of users, leading to a Universal Cross-site Scripting (UXSS or Universal XSS) issue. "A full exploit that would allow loading a remote hacker contr
When Time is of the Essence – Testing Controls Against the Latest Threats Faster

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

June 12, 2019The Hacker News
A new threat has hit head the headlines ( Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint security have all been updated with the latest threats' indicators of compromise (IoCs) usually published by AV companies who detect the malware binaries first. Option 2 – Create a 'carbon copy' of your network and run the threat's binary on that copy. While safe, IT and security teams may be unaware of certain variations from the real deal. So while the attack simulation is running against an 'ideal' copy, your real network may have undergone inadvertent changes, such as a firewall running in monitoring mode, a patch not being installed on time, and other unintent
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.