The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It has only been a few days since the launch of Apple's brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken. That didn't take long. Right? Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his Twitter account to show off the world that the new iPhone 7 has been jailbroken. The image posted by Tedesco on Wednesday clearly shows an iPhone 7 running both iOS 10.0.1 as well as the Cydia app store, which allows jailbreakers to install apps and other software that Apple does not officially support. Unfortunately, Tedesco has not publically released the exploit, nor he has provided much information about it. So, right now, it is hard to say if and when he will release the iPhone 7 jailbreak to the public. It is also not clear whether the exploit is an untethered jailbreak. The untethered jailbreak is a jailbreak where your device doesn't require any reboot every ti...

Hey! Wait! Wait! Wait! Don't plug in that USB stick into your laptop. It could infect your computer with malware and viruses. Australia's Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people's letterboxes in the Melbourne suburb of Pakenham. It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers. The warning, published on the official website of the Victoria Police, one of Australia's state police departments, reads: "Members of the public are allegedly finding unmarked USB drives in their letterboxes. Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues [malware]. The USB drives are belie...

In past few months, Microsoft opened the source code of a lot of its projects, convincing people that the company loves Linux . But a new report shows that Microsoft is not really a big supporter of Linux. Microsoft has banned Linux on some Windows 10 powered Signature Edition PCs, which provides the cleanest Windows experience on the market. Signature Edition PCs are different from other systems because it is carefully and meticulously configured by Microsoft to run Windows 10 with no bloatware, paid promotional web shortcuts, or other pre-installed apps, for providing better performance. But besides bloatware and other pre-installed apps, Microsoft won't allow you to install Linux (or any operating system) on it. This news is not a rumor as a Reddit user BaronHK reported that he found it impossible to install Linux on the Signature Edition Lenovo Yoga 900 ISK2 UltraBook because Microsoft has locked the SSD in a proprietary RAID mode that can only be read by Window...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Are you good at hiding your feelings? No issues, your Wi-Fi router may soon be able to tell how you feel, even if you have a good poker face. A team of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a device that can measure human inner emotional states using wireless signals. Dubbed EQ-Radio , the new device measures heartbeat, and breath to determine whether a person is happy, excited, sad, or angry. Using EQ-Radio, which emits and captures reflected radio frequency (RF) waves, the team bounced waves off a person's body to measure subtle changes in breathing patterns and heart rates. This data was then run through a bunch of algorithms and a machine-learning process programmed to match a person's behavior to how they acted previously, categorizing the person's emotion as one of the four emotional states: Pleasure, Joy, Anger and Sadness. The impressive part about the technique: EQ-Radio doesn't r...

It's a Fact! No matter how smart the criminals are, they always leave some trace behind. Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets. Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting criminals? Yeah it's true — "A picture is worth a thousand words." Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken. EXIF, stands for " Exchangeable Image File Format ," may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it's creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken. If a criminal, let's say a...

Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control. Hackers can remotely hijack your car and even control its brakes from 12 miles away. Car hacking is a hot topic. Today many automobiles companies have been offering vehicles with the majority of functions electronically controlled, from instrument cluster to steering, brakes, and accelerator. These auto-control electronic systems not only improve your driving experience but at the same time also increase the risk of getting hacked. The most recent car hacking has been performed on Tesla Model S by a team of security researchers from Keen Security Lab, demonstrating how they were able to hijack the Tesla car by exploiting multiple flaws in the latest models running the most recent software. The team said the hacks worked on multiple models of Tesla and believed they would work across all marques. "We have discovered multiple security vulnerabilities and suc...

Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself " The Shadow Brokers ." Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. A hacking exploit, dubbed ExtraBacon , leveraged a zero-day vulnerability (CVE-2016-6366) resided in the Simple Network Management Protocol (SNMP) code of Cisco ASA software that could allow remote attackers to cause a reload of the affected system or execute malicious code. Now Cisco has found another zero-day exploit , dubbed "Benigncertain," which targets PIX firewalls. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products. But,...

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel...

British citizen and alleged hacker Lauri Love will be extradited to the United States to face allegations of hacking into United States government computer systems, a UK judge ruled on Friday. Love, 31, is currently facing up to 99 years in prison for allegedly hacking into the FBI, the US Army, the US Missile Defence Agency, the National Aeronautics and Space Administration (NASA), and New York's Federal Reserve Bank during 2012 and 2013. US Prosecutors claim that Love was allegedly involved in #OpLastResort , an online protest linked with the Anonymous collective following the persecution and untimely death of activist Aaron Swartz, who committed suicide in 2013 while under federal charges for data theft. Speaking at Westminster Magistrates' Court in London, District Judge Nina Tempia said : "I'll be extraditing Mr. Love, by which I mean I'll be passing the case to the Secretary of State." Tempia said Love could appeal against the court decisi...

Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100. Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million . Cheap Method to Unlock iPhone 5C Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C. Dubbed NAND Mirroring , the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March, ...