The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: data security

Android 11 — 5 New Security and Privacy Features You Need to Know

Android 11 — 5 New Security and Privacy Features You Need to Know

September 18, 2020Anchit Sharma
After a long wait and months of beta testing, Google last week finally released Android 11 , the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy. Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being distributed through the Play Store, over-claim of permissions by apps, and privacy leakages. Though most of such issues can be avoided as long as users take advantage of already available features and a little common sense, most users are still not aware of or following basic security practices. According to Google's latest announcement, the latest Android 11 OS includes a few new built-in measures designed to keep users' data secure by default, increase transparency, and offer better control. Instead of diving deep into smaller or more extensive changes, we have summarized some critica
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

August 25, 2020Ravie Lakshmanan
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk , Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server. The malicious iOS SDK has been named "SourMint" by Snyk researchers. "The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive in
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

August 20, 2020Mohit Kumar
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report , the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with Experian to investigate the breach—disclosed that the attacker had reportedly stolen data of 24 million South Africans and 793,749 business entities. Notably, according to the company, the suspected attacker behind this breach had already been identified, and the stolen data of its customers had successfully been deleted from his/her computing devices. "We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual's hardware being impounded and the misappropriated data being
Experts Reported Security Bug in IBM's Db2 Data Management Software

Experts Reported Security Bug in IBM's Db2 Data Management Software

August 20, 2020Ravie Lakshmanan
Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw ( CVE-2020-4414 ), which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms , is caused by improper usage shared memory, thereby granting a bad actor to perform unauthorized actions on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service, according to Trustwave SpiderLabs security and research team, which discovered the issue. "Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility," SpiderLabs's Martin Rakhmanov said. "This allows any local users read and write access to that memory area. In turn, this allows accessing critic
Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

May 01, 2020Ravie Lakshmanan
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues , rated with CVSS score 10. "The vulnerabilities, allocated CVE IDs CVE-2020-11651 and CVE-2020-11652 , are of two different classes," the cybersecurity firm said . "One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e., parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server." The researchers warned that the flaws could be exploited in the wild imm
Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

April 21, 2020Swati Khandelwal
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware

COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware

April 20, 2020Ravie Lakshmanan
A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word documents as droppers to deploy a previously unknown Python-based RAT dubbed "PoetRAT" due to various references to sonnets by English playwright William Shakespeare. "The RAT has all the standard features of this kind of malware, providing full control of the compromised system to the operation," said Cisco Talos in an analysis published last week. According to the researchers, the malware specifically targets supervisory control and data acquisition (SCADA) systems in the energy industry, such as wind turbine systems, whose identities are currently not known. The development is the latest in a surge in cyberattacks exploiting the ongoing coronavirus pandemi
Why SaaS opens the door to so many cyber threats (and how to make it safer)

Why SaaS opens the door to so many cyber threats (and how to make it safer)

April 17, 2020The Hacker News
Cloud services have become increasingly important to many companies' daily operations, and the rapid adoption of web apps has allowed businesses to continue operating with limited productivity hiccups, even as global coronavirus restrictions have forced much of the world to work from home. But at the same time, even major corporations have fallen prey to hackers. How can you maintain the integrity of your IT resources and data while still taking advantage of the benefits of software as a service (SaaS)? While cybersecurity is a broad and complicated topic, let's consider a hypothetical SaaS scenario and examine some of the risks. Imagine that one of your employees is writing a sensitive report. It could have financial or medical data in it. It could have information on a revolutionary new design. Whatever it is, the report needs to be kept confidential. What would happen if your employee writes the report in Google Docs? Let's assume that this decision wasn&
Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

March 05, 2020Swati Khandelwal
If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees. Although the telecom company did not disclose how the breach happened, when it happened, and exactly how many employees and users were affected, it did confirm that the leaked information on its users doesn't contain financial information like credit card and Social Security numbers. What type of information was accessed? The exposed data of an undisclosed number of affected users incl
Google Advises Android Developers to Encrypt App Data On Device

Google Advises Android Developers to Encrypt App Data On Device

February 26, 2020Ravie Lakshmanan
Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement security library available as part of its Jetpack software suite. The open-sourced Jetpack Security (aka JetSec) library lets Android app developers easily read and write encrypted files by following best security practices , including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens. To give a bit of context, Android offers developers two different ways to save app data. The first one is app-specific storage, also known as internal storage, where the files are stored in a sandboxed folder meant for a specific app's use and inaccessible to other apps on the same
Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

August 30, 2019Swati Khandelwal
If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of 'My Account' service users. Though for using free versions of any Foxit PDF software doesn't require users to sign up with an account, the membership is mandatory for customers who want to access "software trial downloads, order histories, product registration information, and troubleshooting and support information." According to a blog post published today by Foxit, unknown third-parties gained unauthorized access to its data systems recently and accessed its "My Account" registered users' data, including their email addresses, passwords, users' n
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

July 13, 2019Swati Khandelwal
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal . The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook to gain explicit consent from users to share their personal data. The FTC launched an investigation into the social media giant last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around  87 million Facebook users without their explicit consent. Now, according to a new report published by the Wall Street Journal, the FTC commissioners this week finally voted to approve a $5 billion settlement, with three Republicans voting to approve the deal and two Democrats against it. Facebook anticipated the fine to between $3 billion and
Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

June 26, 2019Swati Khandelwal
Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault , the new OneDrive folder can only be accessed with an additional step of identity verification, such as your fingerprint, face, PIN, or a two-factor authentication code sent to you via email or SMS. The Personal Vault folder will appear next to other folders in the OneDrive app like your Documents and Pictures, but it will be locked and prompt you for an additional code each time you try to access them via the web, PC, or mobile devices, thus keeping them more secure in the event when someone gains access to your account or your device. Microsoft suggests this new protected area in OneDrive would be useful for users to store more sensitive and personal files like copies of passport, tax, car or home documents, identification cards,
MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

June 20, 2019Swati Khandelwal
At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced Field Level Encryption (FLE), which will be available in the upcoming MongoDB 4.2 release, is an end-to-end encryption feature that encrypts and decrypts sensitive users' data on the client-side, preventing hackers from accessing plaintext data even if the database instance left exposed online or the server itself gets compromised. Almost every website, app, and service on the Internet today usually encrypt (particularly "hashing") only users' passwords before storing them into the databases, but unfortunately left other sensitive information unencrypted, including users' online activity data and their personal information. Moreover, even if there is an encryption
Core Elastic Stack Security Features Now Available For Free Users As Well

Core Elastic Stack Security Features Now Available For Free Users As Well

May 21, 2019Wang Wei
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time. In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet. Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually. The core security features—like encrypted communication, role-based access control, authentication realms—in p
Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed

Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed

May 17, 2019Swati Khandelwal
Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its production version. Founded by Jeff Atwood and Joel Spolsky in 2008, Stack Overflow is the flagship site of the Stack Exchange Network. With 10 million registered users and over 50 million unique visitors every month, Stack Overflow is very popular among professional and enthusiast programmers. In an older version of the announcement published by Mary Ferguson, VP of Engineering at Stack Overflow, the company confirmed the breach but said it did not find any evidence that hackers accessed customers' accounts or any user data. However, the updated announcement now says that after
Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

April 12, 2019Wang Wei
Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that store the personal data of its citizens. Roskomnadzor – also known as the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications – is Russian telecommunications watchdog that runs a huge blacklist of websites banned in Russia. Though the social media platforms had one month to reply, they choose not to disclose this information, as a result of which Moscow's Tagansky District Court imposed 3,000 rubles fine on Twitter last week and the same on Facebook today. The fine is the minimum that Russian courts can impose on companies for violatin
Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

April 01, 2019Wang Wei
In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More than half of the known cases of massive data breaches over the past year originated from unsecured database servers that were accessible to anyone without any password. Since the database of an organization contains its most valuable and easily exploitable data, cybercriminals have also started paying closer attention to find other insecure entry points. Though the problems with unprotected databases are no news and are widely discussed on the Internet, I want cybersecurity community and industry experts to pay some attention to thousands of unsafe Kibana instances that are exposed on the Internet, posing a huge risk to many companies. Kibana is an open-source analytics and visualiz
Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

March 17, 2019Swati Khandelwal
A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of popular websites from companies which, according to him, probably had no idea that they were compromised. The hacker last month made three rounds of stolen accounts up for sale on the popular dark web market called Dream Market, posting details of 620 million accounts stolen from 16 websites in the first round, 127 million records from 8 sites in the second, and 92 million from 8 websites in the third. Although while releasing the third round Gnosticplayers told The Hacker News that it would be his last batch of the stolen database, the hacker released the fourth round containing nearl
Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

March 11, 2019Swati Khandelwal
Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in. However, the FBI believes that the miscreants likely used a "password spraying" attack where the attackers guessed weak passwords to gain an early foothold in the company's network in order to launch more extensive attacks. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.