The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets. The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0. The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them. Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack. " The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user, " researchers say. Researchers say they discovered vulnerable analytics packages in at lea...

You might be aware of Microsoft and Canonical's partnership to integrate " Bash on Ubuntu on Windows 10 ," which is typically a non-graphical Ubuntu running over Windows Subsystem for Linux . Windows 10 doesn't officially support graphical Linux desktop applications. But, now we have noticed a very interesting ticket titled "Run Any Desktop Environment in WSL" raised at Github  repository, in which a user who goes by name Guerra24 has managed to run the graphical version of Ubuntu Linux, i.e. Ubuntu Unity on Windows 10. It's not " Microsoft Linux ." BASH or Bourne Again Shell is capable of handling advanced command line functionalities. Microsoft has provided support for Bash on Windows 10 as an expansion of its command-line tool family, so don't get confused. The Bash on Windows 10 feature is designed only for developers who want to run Linux terminal utilities without any OS dependencies. However, this feature downloads and installs...

Nintendo's new location-based augmented reality game Pokémon GO has been making rounds since its launch just a few days ago. People are so excited to catch 'em all that brought Nintendo's market-value gains to $7.5 Billion (£5.8 Billion) in just two days – the highest surge since 1983. Due to the huge interest surrounding Pokémon GO, even hackers are using the game's popularity to distribute malicious versions of Pokémon GO that could install DroidJack malware on Android phones, allowing them to compromise user's devices completely. However, the latest threat is related to the privacy concerns raised about the iOS version of the official Pokémon GO app. Pokémon GO – A Huge Security Risk Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad. Ye...

" Pokémon Go " has become the hottest iPhone and Android game to hit the market in forever with enormous popularity and massive social impact. The app has taken the world by storm since its launch this week. Nintendo's new location-based augmented reality game allows players to catch Pokémon in the real life using their device's camera and is currently only officially available in the United States, New Zealand, UK and Australia. On an average, users are spending twice the amount of time engaged with the new Pokémon Go app than on apps like Snapchat. In fact Pokémon Go is experiencing massive server overload in just few days of launch. Due to the huge interest surrounding Pokémon Go, many gaming and tutorial websites have offered tutorials recommending users to download the APK from a non-Google Play link. In order to download the APK, users are required to " side-load " the malicious app by modifying their Android core security settings, allowing...

Twitter account of another high profile has been hacked! This time, it's Twitter CEO Jack Dorsey. OurMine claimed responsibility for the hack, which was spotted after the group managed to post some benign video clips. The team also tweeted at 2:50 AM ET today saying " Hey, its OurMine,we are testing your security, " with a link to their website that promotes and sells its own "services" for which it has already made $16,500. Although the tweets posted by the group did not contain any harmful content, both the tweet and linked to a short Vine video clip have immediately been removed. Ourmine is the same group of hackers from Saudi Arabia that previously compromised some social media accounts of other CEOs including: Google's CEO Sundar Pichai Facebook's CEO Mark Zuckerberg Twitter's ex-CEO Dick Costolo Facebook-owned virtual reality company Oculus CEO Brendan Iribe Since all tweets posted to Dorsey's account came through Vine, ...

Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a " dark day for Russia ." The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested. The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years. Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government. "Putin ...

Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed " Secret Conversations ," will allow Messenger users to send and receive messages in a way that no one, including the FBI with a warrant, hackers and not even Facebook itself, can intercept them. But, this new feature will currently be available only to a small number of users for testing. So if you are one of those lucky users, you will be able to send end-to-end encrypted Secret Conversations through your Messenger app. Rest of the Messenger users will get Secret Conversations feature later this summer or in early fall, the company wrote in a Facebook newsroom post published today. Sounds exciting, right? But, there's a catch: Your conversations on Messenger will not be end-to-end encrypted by default, like what WhatsApp and Apple are offering. Instead, Facebook will require ...

The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s...

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your smartwatch or fitness tracker is not as secure as you think – and it could be used to steal your ATM PIN code. The risk lies in the motion sensors used by these wearable devices. The sensors also collect information about your hand movements among other data, making it possible for "attackers to reproduce the trajectories" of your hand and "recover secret key entries." In the paper, titled " Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN," computer scientists from the Stevens Institute of Technology and Binghamton University used a computer algorithm that can guess your password and PIN with about 80% success rate on the first attempt, and ...

The Internet of things or connected devices are the next big concerns, as more Internet connectivity means more access points which mean more opportunities for hackers. When it comes to the threat to Internet of Things, Car Hacking is a hot topic. Since many automobiles companies are offering cars that run mostly on the drive-by-wire system, a majority of functions are electronically controlled, like instrument cluster, steering, brakes, and accelerator. No doubt these auto-control systems in vehicles improve your driving experience, but at the same time increase the risk of getting hacked. Recently, security researcher Benjamin Kunz Mejri  have disclosed zero-day vulnerabilities that reside the official BMW web domain and ConnectedDrive portal and the worst part: the vulnerabilities remain unpatched and open for hackers. Benjamin from Vulnerability-Labs has discovered both the vulnerabilities. The first one is a VIN ( Vehicle Identification Number ) session vulner...