The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you think that the patches delivered through Windows update can not be laced with malware, think again. Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ' Context ' have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise. What is WSUS in Windows? Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates. Intercepting WSUS to Inject Malware into Corporate Networks By def...

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in Firefox's PDF Viewer and the JavaScript context in order to inject a script capable of searching sensitive files on user's local file systems . Mozilla versions of Firefox that do not contain the PDF Viewer, such as Firefox for Android, are not affected by the " Same origin violation and local file stealing via PDF reader " vulnerability. The exploit does not execute any arbitrary code but injects a JavaScript payload into the local file context, allowing the script to search for and upload potentially user's sensitive local files. All an attacker need to do is load the page with this exploit and sit back and relax. The exploit will silently steal files in t...

Gone are the days when you had to wait in a queue to get your Bank passbook updated. With the implementation of automated machines in Banks, it's now a game of seconds to update your passbook yourself. Bank Passbook is a copy of the customer's account in the books of the bank which includes client's current account balance and transaction details (deposits and withdrawals). But, Are these Automated Machines holding your Financial Information Hack-Proof? Last year, Major Indian Banks rolled out a barcode based passbook printers called ' Swayam ' which can be operated by customers themselves. 17-year-old Indian bug hunter, Indrajeet Bhuyan , found that the barcode technology used by more than 3000 Indian Banking Branches, including State Bank of India , UCO Bank and Canara Bank , is vulnerable to information disclosure. To use Swayam, the s elf-service passbook printing machine , the customers need just to feed their passbook into the machine, which will read the barcod...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

At its Build developers conference in April this year, Microsoft announced " Project Islandwood " - the " Windows Bridge for iOS " that lets iOS and Android developers port their apps to Windows. Microsoft finally made another surprise move on Thursday by open sourcing an early version of its toolkit for iOS to help iOS developers move their apps more easily to Windows 10. The source code for an early preview of " Windows Bridge for iOS " is now available on GitHub under the MIT open-source license. By releasing the preview of iOS Bridge, Microsoft wants the open-source community to contribute code, comments, testing, vulnerability reports, before the company launch the final version later this fall. iOS Toolkit for Building Windows 10 Apps The iOS Bridge enables developers to create apps that work with both Windows 8.1 and Windows 10 operating systems. Currently, Microsoft only targets the standard X86 and X64 processor archi...

Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the 'entangling' or 'superpositioning' which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be 'up' and 'down' at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today's modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min...

Over a year ago I wrote an article on The Hacker News that warned of serious security concerns created by the iPhone and Android's Fingerprint authentication . Till now hackers were impersonated simply by lifting prints off the side of a phone and gaining unauthorized access to user's phone and thus data. However, security researchers have now discovered four new ways to attack Android devices to extract user fingerprints remotely without letting the user know about it. The attack, which the researchers dubbed the " Fingerprint Sensor Spying attack ," could be used by hackers to " remotely harvest fingerprints in a large scale, " Yulong Zhang, one of the researchers told ZDNet. Remotely Hacking Android Fingerprints FireEye researchers Tao Wei and Yulong Zhang presented their research in a talk titled, Fingerprints on Mobile Devices: Abusing and Leaking , at the Black Hat conference in Las Vegas on Wednesday, where they outlined new wa...

Remember the previously demonstrated technique to Hack into air-gapped computers using Heat waves? What if the same was possible to hack computers to steal data using Sound waves ? Imagine, If a remote hacker could steal classified information from a targeted computer without having to physically and Internet access to it. A team of security researchers has demonstrated exactly the same by developing a new hacking technique called Funtenna that uses sound and radio waves to siphon data from computers even without Internet access. According to a lead researcher Ang Cui of Red Balloon Security, the Funtenna radio signal hack has the potential to turn Internet-connected devices (printer, washing machine and air conditioner) – popularly known as the Internet of Things – into bugs that can transmit data out of a network using sound waves that can not be heard by a human ear. How Funtenna Works? The attacker only needs to install malware on a target's devic...

ICANN (Internet Corporation for Assigned Names and Numbers) – the organisation responsible for allocating domain names and IP addresses for the Internet – has been hacked , potentially compromising its customers' names, email addresses, hashed passwords, and more. The US-administered non-profit corporation admitted on Wednesday that its server security was breached within the past week and that… …an " unauthorised person " gained access to usernames , email addresses , and encrypted passwords for profile accounts on ICANN.org public website. The organisation believes that the leaked information includes harmless information such as user preferences, public biographies, interests, newsletters, and subscriptions. Less than ten months ago, ICANN was hacked  by a hacker who gained access to its internal system following a spear phishing attack in November last year. Employees were tricked into handing over their credentials after receiving malicious emails...

So you finally upgraded your system to Windows 10 and became one those 70 Million users. No doubt, Windows 10 is the Windows best version released by Microsoft, but you need to know that it does not offer much privacy by default. Windows 10 is making many headlines these days, even it made me to write two detailed articles about Windows 10's most controversial options, i.e. Windows Wi-Fi sense and Windows 10 stealing users' Bandwidth to deliver updates. I noticed over 35 more privacy issues that come enabled by default in Windows 10, which has permission to send your vast amount of data back to Microsoft. While Installation, a click through " Express Settings " allows Windows 10 operating system to gather up your contacts, text and touch input, calendar details, and a lot more, including: Location Data Biometrics and Handwriting data Advertisement and its Tracking Code Apps access to your personal information Windows Defender and Sample subm...

Internet of Things (IoT) with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and putting them all together on a standardised network is a common Internet of Things (IoT) practice. Is Internet of Things Secure? In my previous articles, I gave you a glance of the most vulnerable smart cities that are increasingly adopting devices connected to the Internet in an attempt to add convenience and ease to daily activities. By 2020, there will be more than 45 Billion Internet-connected devices that will transform the way we live and work. The bottom line: As the number of IoT enabled systems increases, the complexity of handling them increases; leading to an introduction of new risk and vulnerabilities associated with them. Security of Internet of...

Poor Android users are facing a terrible, horrible, and awful week. Few days ago, Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use. The report follows another significant Stagefright vulnerability that was revealed by separate researchers, who warned that nearly 950 Million Android phones can be hijacked by sending a simple text message or via malicious Android app or specially crafted web pages. EXPLOIT TO TRAP ANDROID DEVICES IN ENDLESS REBOOTS Now, the security researchers have discovered a dangerous security bug in the Android operating system that they claim can "brick" your phone, making it unresponsive and completely useless. The new vulnerability, CVE-2015-3823 , can be exploited by potential hackers to cause your Android device to endless Reboot, and is similar to the Stagefright bug in that the flaw exists in the 'media...

If you think Apple's Mac computers are much more secure than Windows-powered systems, you need to think again. This isn't true, and security researchers have finally proved it. Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automatically between MacBooks, without any need for them to be networked. Dubbed Thunderstrike 2 , the new proof-of-concept firmware attack is inspired by previously developed proof-of-concept firmware called Thunderstrike. Thunderstrike Attack , developed by security engineer Trammell Hudson, actually took advantage of a vulnerability in Thunderbolt Option ROM that could be used to infect Apple Extensible Firmware Interface (EFI) by allocating a malicious code into the boot ROM of an Apple computer through infected Thunderbolt devices. Thunderstrike 2 Spreads Remotely Although the original Thunderstrike required an attacker to have physical access to your Mac computer to wor...