The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

When it comes to Android apps, even the simplest app could greatly compromise your privacy and security. Injecting malicious JavaScript into Android applications has drawn an increased attention from the hacking community as its market share spikes. According to security researcher Jeremy S. from Singapore, a critical vulnerability in the Feedly app left millions of android app users vulnerable to the JavaScript infections. Feedly is a very popular app available for iOS and Android devices, also integrated into hundreds of other third party apps, which offers its users to browse the content of their favourite blogs, magazines, websites and more at one place via RSS feed subscriptions. According to Google Play Store, more than 5 Million users have installed Feedly app into their Android devices. In a blogpost , the researcher reported that Feedly is vulnerable to JavaScript injection attack, which is originally referred as 'cross-site scripting' or XSS vulnerability, allows...

In the mid of last year a Group of Russian Hackers were accused for allegedly infiltrating the computer networks of more than a dozen major American and international corporations and stole 160 million credit card and debit card numbers over the course of seven years, which were then resold to third parties buyers. WANTED IN U.S AND RUSSIA A Rotterdam court in Netherlands ruled that simultaneous requests from the U.S. and Russia for the extradition of the Russian hacker  Vladimir Drinkman  were admissible,  who is accused of being involved to lead the largest data theft case ever prosecuted in the U.S history, Bloomberg report . But it's not yet clear why Russia demands Drinkman 's extradition, "It's now up to the minister of justice to decide on the extradition, and to decide which country." court ruled. The investigators identified that the defendants have been infiltrating computer networks across the globe since at least 2007, including firms in New...

Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the " Heartbleed " security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions of an organization's internal network. The incident is the result of attacks leveraging the OpenSSL Heartbleed vulnerabilities, which resides in the OpenSSL's heartbeat functionality, if enabled would return 64KB of random memory in plaintext to any client or server requesting for a connection. The vulnerability infected almost two-third of internet web servers, including the popular websites. Recently, there has been an arrest of a Canadian teen of stealing usernames, credentials, session IDs and other da...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent ...

The growing threat of cyber-attacks and network hacking has reached the satellite-space sector, posing a growing challenge to the satellite operators. Because the satellite system are the critical components for the Nation to a modern military, they have become an attractive target of cyber attacks . A security firm uncovered a number of critical vulnerabilities, including hardcoded credentials, undocumented and insecure protocols, and backdoors in the widely used satellite communications (SATCOM) terminals, which are often used by the military , government and industrial sectors. By exploiting these vulnerabilities an attacker could intercept, manipulate, block communications, and in some circumstances, could remotely take control of the physical devices used in the mission-critical satellite communication (SATCOM). Once the attacker gained the access of the physical devices used to communicate with satellites orbiting in space, he can completely disrupt military ope...

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricte...

Have you ever been somewhere and urgently you need a file stored in your home computer ? This is very common situation that most of us deal with, but now rather returning home and get it, Google has offered a better solution for this problem. Google – one of the most innovative tech companies on the planet, famous for providing new technologies to make every job easy for its users, has released Google's Chrome Remote Desktop service today for your Android Smartphones to remotely control your PC anytime, from anywhere. Google's Chrome Remote Desktop app for Android provides an easier and secure interaction of your computer with your Android Smartphones. So, using this app you can control your desktop system or PC remotely from anywhere using your Android Smartphone, provided your Mac, Windows or Linux system has Chrome Remote Desktop app installed and running. Google first introduced this service in 2011, which allowed users of Chrome OS or Chrome browser to remotel...

A teenager has been arrested by the Canadian police in relation to the infamous malicious breach on the country's taxpayer system using one of the most critical internet flaws, Heartbleed . Heartbleed bug , that made headlines over past two weeks and every websites around the world flooded with its articles. Every informational website, Media and Security researchers are talking about Heartbleed, probably the biggest Internet vulnerability in recent history. According to the Royal Canadian Mounted Police (RCMP), a 19-year-old ' Stephen Arthuro Solis-Reyes ' of London, Ontario, is charged with the unauthorized access of the computer and criminal mischief in relation to the data breach of taxpayer's private information from the Canada Revenue Agency (CRA) website. " The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible ," Assistant Commissioner Gilles Michaud said in...

The Keen Team – a mysterious group of Chinese hackers who hacked Apple's Safari Mac OS X Mavericks system in just 20 seconds and Windows 8.1. Adobe Flash in only 15 seconds during Pwn2Own Hacking Competition this year, are no more mysterious as the team revealed its members identity. In an interview with a Chinese newspaper on this 13 April, the key member of the Keen team and co-founder as well as chief operating officer of the team's Shanghai-based parent company, Lv Yiping said half of his team members are the top scoring students in the national college entrance examination, half of them are majored in mathematics, and half are from Microsoft. He also added that the team's eight core members are the top hackers in the country. The Kean team is the first Chinese hackers group to have won the prestigious title at the world hacking contest held in Vancouver this year in March. Back in 2013, they also took part in the Mobile Pwn2Own contest held in Tokyo and succe...

iBanking is nothing but a mobile banking Trojan app which impersonates itself as a so-called ' Security App ' for Android devices and distributed through HTML injection attacks on banking sites, in order to deceive its victims. Recently, its source code has been leaked online through an underground forum that gave the opportunities to a larger number of cyber criminals to launch attacks using this kind of ready-made mobile malware. The malicious iBanking app installed on victims' phone has capabilities to spy on user's communications. The bot allows an attacker to spoof SMS, redirect calls to any pre-defined phone number, capture audio using the device's microphone and steal other confidential data like call history log and the phone book contacts. According to new report from ESET security researchers, now this iBanking Trojan ( Android/Spy.Agent.AF ) is targeting Facebook users by tricking them to download a malware application. The malware uses ...

It's time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced . From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user. Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashin...

If you are using WhatsApp to chit-chat with your friends or relatives, then you should be careful about sharing your location with them using WhatsApp 'Location Share' feature. No doubt, WhatsApp communication between your phone and company's server is now encrypted with SSL, which means whatever you are sharing with your friends, is secured from the man-in-the-middle attacks . But the extremely popular instant messaging service for Smartphones that delivers more than 1 billion messages per day has another serious security issue. According to Researchers at UNH Cyber Forensics Research & Education Group , WhatsApp location sharing service could expose your location to hackers or Spy Agencies. While sharing the location on WhatsApp users need to first locate themselves on Google Map within the app window, as shown:  Once selected, WhatsApp fetches the location and thumbnail (an image) from the Google Map service to share it as the message icon, but unfortunatel...