The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu...

Sit Tight on your seats, because you're gonna get a Shock. Microsoft has developed an Operating System powered by LINUX. Close your mouth first. It's True! Microsoft has built its own Linux-based operating system called Azure Cloud Switch (ACS ) and believe me, under Satya Nadella, Microsoft has become more open than ever. According to the announcement made through an official blog post on Microsoft website, Azure Cloud Switch (ACS) describes as "cross-platform modular operating system for data center networking built on Linux." or Simply, " Commodity switch software stack for data center networks". The Purpose of developing Linux-based Azure Cloud Switch (ACS) operating system at Microsoft is to make it simpler to control the hardware from multiple vendors ( such as Switches ) that powers their cloud-based services. And here's the Kicker: "Running on Linux, ACS [Azure Cloud Switch] is able to make use of its vibrant eco...

Ever registered on StarBucks website? Change your passwords now! If you are one of those Millions Starbucks customers who have registered their accounts and credit card details on StarBucks website, then your banking details are vulnerable to hackers. An Independent Security Researcher, Mohamed M. Fouad from Egypt, has found three critical vulnerabilities on StarBucks website that could have allowed attackers to take over your account in just one click. The vulnerabilities include: Remote Code Execution Remote File Inclusion lead to Phishing Attacks CSRF (Cross Site Request Forgery) Stealing Credit Cards Details In case of Remote File Inclusion flaw, an attacker can inject a file from any location into the target page, which includes as a source code for parsing and execution, allowing attacker to perform: Remote Code Execution on the company's web server Remote Code Execution on the client-side, potentially allowing attacker to perform othe...

Whenever you go to Buy any Electronic Gadget — Phone, Tablet, Laptop, Watch — the most important specification isn't its processor speed or its camera quality. It's how long the device's battery backup is. Imagine easy access to such batteries that provide more battery power after charging it once, do not give up in less time and have a life of many years. To achieve this, the researchers at Massachusetts Institute of Technology (MIT) and Samsung , have developed a new material that could potentially revolutionize the Battery industry. Researchers have solved all these Battery issues with just one weird practical approach, called Solid-State Electrolytes . Today the cells we depend on contain Liquid-State Electrolyte , the researchers thought of replacing the one with a Solid form of electrolyte. Solid-State Electrolytes could simultaneously address the greatest challenges associated with improving lithium-ion batteries (LIB) , with the possibility to increas...

A Critical vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software , used by hundreds of thousands of prominent software organizations, could potentially expose details of their non-public security vulnerabilities to the Hackers. So it's time for developers and organizations that use Bugzilla open source bug tracking system to upgrade to the latest patched versions – namely 5.0.1, 4.4.10, or 4.2.15 . Bugzilla is a vulnerability database used by Mozilla as well as many open-source projects and private organizations. Besides patched flaws, these databases also contain sensitive information related to unpatched vulnerabilities reported to organizations. Unfortunately, the researchers at security firm PerimeterX have discovered a vulnerability ( CVE-2015-4499 ) in Bugzilla's email-based permissions process that allowed them to gain high-level permissions on Bugzilla. As a result, it is potentially possible for an attacker to easily access u...

iOS 9 is out, and it's time to update your iPhone or iPad to the latest version of Apple's mobile operating system. The new iOS is better, faster, and more efficient than its predecessors, with a number of new features and improvements including enhanced multitasking for iPad, Proactive Assistant Siri, new Low Power mode, Transit directions in Maps and many more. You need to download iOS 9 right away. But, after installing it on your iOS device, you should immediately change these security settings to protect your privacy. Besides various new features, iOS 9 also comes with a handful of security and privacy improvements. So, before doing anything like loading new apps, customizing your phone, or syncing your data, you need to check these settings – and if necessary, changed. 1. Locking the Door Boost iOS 9 Security by Setting a Longer 6-digit Passcode When you set up an iOS device, you are asked to create a passcode to encrypt your entire iPho...

The Existing Infrastructure used by Financial institutions like Banks is Archaic, Slow, and Costly, with hardly any innovation in the past three decades. Nine of the World's renowned Banks, including JPMorgan , Royal Bank of Scotland , Goldman Sachs and Barclays , are collaborating with New York-based financial tech firm R3 to create a new framework based on Bitcoin's Blockchain. Yes, they are back in the game yet again, but this time officially! Blockchain — the public and decentralized ledger technology that underpins all Bitcoin transactions has been now recognized as " the future for financial services infrastructure ". The blockchain technology is a way of keeping records by listing the owner's name with all the previous and present transaction the client was involved. It is a public ledger where a list of all the transactions ever executed is maintained. The Banks are planning to develop and implement Blockchain-like Technology where distributed/shared ...

Mandiant , a FireEye sister concern has been involved in researches related to cyber defense. In their recent findings, a backdoor malware named SYNful Knock identified as the one compromising the principles of Cisco routers with features such as... ...Having an everlasting effect, i.e. Serious Persistence. What?- The malicious program is implanted in the router illicitly through the device's firmware (regardless of the vendor). The goal is achieved by modifying the router's firmware image, which exists even after the device gets a reboot. How?- installing SYNful Knock in Cisco 1841 router, Cisco 2811 router, and Cisco 3825 router. Affected areas- 14 instances in 4 countries including India, Mexico, Ukraine, and the Philippines. Impact- the backdoor is backed up with such abilities that can compromise the availability of other hosts and access to sensitive data in an organization. " The theoretical nature of router-focused attacks created a minds...

Recently, Microsoft issued an Emergency patch for a zero-day vulnerability in Internet Explorer that is being exploited to deploy Korplug malware on vulnerable PCs. Korplug , a known variant of PlugX , is a Trojan that creates a backdoor used for information stealing on infected computers. In one of the most publicized cases, an evangelical church in Hong Kong was compromised to deliver the malware. Attackers were able to breach the church's website and inject a malicious iFrame overlay designed to look like the site itself. The iFrame was then used to redirect visitors to a site hosting the IE exploit . Once users land on the website, they are served a java.html which installs Korplug on their computers. To defend against Korplug, system administrators, and security engineers should educate users of corporate assets about these types of hacking techniques. In many cases, organizations are breached because of the lack of internal education around how to ident...

With the launch of iOS 9, Apple gave us an ultimate reason to upgrade our Apple devices to its new operating system. The latest iOS 9 includes a security update for a nasty bug that could be exploited to take full control of your iPhone or Macs, forcing most of the Apple users to download the latest update. Australian security researcher Mark Dowd has disclosed a serious vulnerability in AirDrop , Apple's over-the-air file sharing service built into iOS and Mac OS X. How the Attack Works? The vulnerability allows anyone within the range of an AirDrop user to silently install a malicious app on a target Apple device by sending an AirDrop file which involves rebooting of the target device. An attacker can exploit this critical bug even if the victim rejects the incoming file sent over AirDrop. After rebooting takes place, the malicious app gains access to Springboard, Apple's software to manage iOS home screen, allowing the app to fool the victim's iP...

The Secret Messages are often designed to be destroyed without a trace. In Spy thriller movie " Mission Impossible ", every time Tom Cruise receives a secret message, the last words state - " This Tape message will self-destruct in 5 seconds "...and BOOM ! There's a sudden explosion, and smoke comes out of the device; containing sensitive information few seconds ago. This Self-destructing thing has become a reality now. Palo Alto Research Center Incorporated (PARC) a Xerox company, involved in R&D in IT and hardware has under Defense Advanced Research Projects Agency's (DARPA'S) Vanishing Programmable Resources (VAPR) achieved success in developing Self-Destructing computer chips capable of destruction in 10 seconds. The phenomenon is quite familiar….isn't it? Now, with DARPA's initiative this is soon going to become a reality intended mainly for the military personnel. With the idea of- "Protection of data that once existed." PARC showcased thi...

A Security researcher and hacker, named John Gordon , has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M). Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices. However, a vulnerability could now allow anyone to take your Android smartphone ( 5.0 build LMY48I ) with locked screen, perform a " MAGIC TRICK " and as a result crash the user interface (UI) for the password screen and gain access to your device. The vulnerability, assigned CVE-2015-3860 , has been dubbed as " Elevation of Privilege Vulnerability in Lockscreen ". How the Attack Works? The secret behind the researcher's "MAGIC TRICK" is as follows: Get the device and open the Emergency dialer screen. Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously til...