The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical vulnerability has been discovered in PHPMailer , which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Discovered by Polish security researcher Dawid Golunski of Legal Hackers , the critical vulnerability ( CVE-2016-10033 ) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. "To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today. Golunski respo...

A bittersweet Christmas and New Year for users and fans of the most popular custom Android ROM, Cyanogen OS. Cyanogen that tried and failed to kill Google's Android operating system is now shutting down the custom services that it provides to phones that run its Cyanogen OS as we know it and the "nightly builds" of said OS on December 31st. Cyanogen came with an ambition to build better versions of the Android operating system than those created by Google itself, but following some technical and potential legal issues, the startup has decided to quit. The planned shutdown of Cyanogen was officially announced late Friday through a very brief blog post made by the company, saying "as part of the ongoing consolidation of Cyanogen," it's shutting down all services and nightly builds on December 31. "The open source project and source code will remain available for anyone who wants to build CyanogenMod personally," the blog reads. What ...

Bad news for gamers! It's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what happens on every Christmas holidays. On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the PlayStation Network and Xbox Live offline for many gamers by launching massive DDoS attacks against the gaming networks. This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks. Calling itself R.I.U. Star Patrol , the hacking group, posted a video on YouTube , announcing that they're planning to take down Sony's PSN and Microsoft's Xbox Live on Christmas Day by launching coordinated DDoS attacks. "We do it because w...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

You might have also seen a viral video of the assassination of the Russian ambassador to Turkey that quickly spread through the Internet worldwide. Russian Ambassador Andrei Karlov was shot dead by an off-duty police officer in Ankara on December 19 when the ambassador was giving a speech at an art gallery. The shooter managed to pretend himself as his official bodyguard and later shot to death by Turkish special forces. After this shocking incident, Apple has been asked to help unlock an iPhone 4S recovered from the shooter, which could again spark up battle similar to the one between Apple and the FBI earlier this year. Turkish and Russian authorities have asked Apple to help them bypass the PIN code on an iPhone 4S, which, the authorities believe, could assist them to investigate killer's links to various terrorist organizations. Apple is expected to refuse the request, but according to MacReports and other local media, the Russian government is reportedly sending...

Here's the Raspberry Pi's Christmas treat for tech community! The Raspberry Pi Foundation has released an experimental version of its lightweight Linux-based Debian operating system called PIXEL OS that can run on most standard desktop computers ships with Windows and Mac OS X without the need of a Raspberry Pi. Initially launched in September this year, the PIXEL operating system, stands for "Pi Improved Xwindows Environment, Lightweight," was originally designed to work with Raspberry Pi to turn it into a fully-functional PC. However, Raspberry Pi has now released a version of PIXEL that comes preloaded with a variety of popular tools and can be installed directly on PCs and Mac computers, so you do not have to buy a Raspberry Pi to use PIXEL anymore. "There is a massive installed base of PC and Mac hardware out there, which can run x86 Debian just fine. Could we do something for the owners of those machines?" Raspberry Pi founder Eben Upton s...

Quantum Computers – Boon or Bane? Quantum computers can perform operations much more quickly and efficiently even with the use of less energy than conventional computers, but that's bad news for encryption — a process which scrambles data according to a massively complex mathematical code. In theory, quantum computers can break almost all the existing encryption algorithms used on the Internet today due to their immense computing power. Quantum computers are not just in theories; they're becoming a reality. With countries like China that holds the top two position in the world's most powerful supercomputers (Sunway TaihuLight and Tianhe-2), followed by the United States' Titan, the day is not far when Quantum computers will work on an industrial scale. Although it's hard to move quantum computing to an industrial scale, it has become a matter of concern for the United States' National Institute of Standards and Technology (NIST) over the fact that...

Google announced a Developers Preview of " Android Things " — an Android-based operating system platform for smart devices and Internet of Things (IoT) products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with. As the Developers page of Android Things says: " If you can build an app, you can build a device ." The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers. Android Things is a rebranded version Google Brillo , an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. Unlike Brillo, development on Android Things can be achieved with " the same developer tools as stan...

The same group of hackers that caused the power outage across several regions in Ukraine last Christmas holidays might have once again shut down power supply in northern Ukraine during the weekend. According to Ukrainian energy provider Ukrenergo, a cyber attack on Kyiv's power grid may have caused the power outages in the country on Saturday, December 17, near midnight. The blackout affected the northern part of Kiev, the country's capital, and surrounding areas, Ukrenergo Director Vsevolod Kovalchuk explained in a post on Facebook. Shortly after the incident, Ukrenergo engineers switched to manual mode and started restoring power in approximately 30 minutes in an effort to deal with the cyber attack. Power was fully restored after just an hour and fifteen minutes of the blackout. According to Kovalchuk, the one responsible for the weekend outage could be an "external interference through data network," however, the company's cybersecurity experts a...

The biggest advertising fraud ever! A group of hackers is making between $3 Million to $5 Million per day from United States brands and media companies in the biggest digital ad fraud ever discovered. Online fraud-prevention firm White Ops uncovered this new Ad fraud campaign, dubbed " Methbot ," that automatically generates more than 300 Million fraudulent video ad impressions every day. The cyber criminal gang, dubbed AFT13, has developed Methbot robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions. The hackers, allegedly based in Russia, registered more than 6,000 domains and 250,267 distinct URLs impersonating brand and names of high-profile websites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post, and selling fake video ad slots. Cyber criminals behind Methbot are using servers hosted in Texas and Amsterdam to power more than 570,000 bots with forged IP addresses, mostly belong...

Next time when you hear an announcement in the flight, " Ladies and gentlemen, this is your captain speaking… ," the chances are that the announcement is coming from a hacker controlling your flight. Dangerous vulnerabilities in an in-flight entertainment system used by the leading airlines, including Emirates, United, American Airlines, Virgin, and Qatar, could let hackers hijack several flight systems and even take control of the plane. According to security researchers from IOActive , the security vulnerabilities resides in the Panasonic Avionics In-Flight Entertainment (IFE) system used in planes run by 13 major airlines, providing a gateway for hackers which is absolutely terrifying. The security holes could be exploited by hackers that could allow them to spoof flight information like map routes, speed statistics, and altitude values, and steal credit card information. IOActive's Ruben Santamarta managed to "hijack" in-flight displays to change info...

Ransomware has risen dramatically since last few years, so rapidly that it might have already hit you or someone you know. With hundred of thousands of ransomware variants emerging every day, it is quite difficult for traditional signature-based antivirus tools to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection, then what else can we do? The solution is RansomFree . Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action. RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2. Instead of regularly updated malware signatures to fight the bad programs, RansomFree uses "behavioral and proprietary deception" techniques to detect ne...

Next time when you see an advertisement of your favorite pair of shoes on any website, even if it is legitimate, just DO NOT CLICK ON IT. …Because that advertising could infect you in such a way that not just your system, but every device connected to your network would get affected. A few days ago, we reported about a new exploit kit, dubbed Stegano , that hides malicious code in the pixels of banner advertisements rotating on several high profile news websites. Now, researchers have discovered that attackers are targeting online users with an exploit kit called DNSChanger that is being distributed via advertisements that hide malicious code in image data. Remember DNSChanger? Yes, the same malware that infected millions of computers across the world in 2012. DNSChanger works by changing DNS server entries in infected computers to point to malicious servers under the control of the attackers, rather than the DNS servers provided by any ISP or organization. So, wheneve...