The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Do you own a Hewlett-Packard (HP) laptop? Yes? Just stop whatever you are doing and listen carefully: Your HP laptop may be silently recording everything you are typing on your keyboard. While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes. In general, Keylogger is a program that records every keystroke by monitoring every key you have pressed on your keyboard. Usually, malware and trojans use this ability to steal your account information, credit card numbers, passwords, and other private data. HP computers come with Audio Chips developed by Conexant, a manufacturer of integrated circuits, who also develops drivers for its audio chips. Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the software to communicate with the hardware. Depending upon the computer model, HP also embeds some code i...

The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit (NHTCU), dedicated team within the Dutch National Police Agency aims to investigate advanced forms of cyber crimes, carried out investigation and found that the phone brand "PGPsafe" was selling customized BlackBerry and Android smartphones with the secure PGP-encrypted network to the "possible criminal end users." PGP (Pretty Good Privacy) is an open source end-to-end encryption standard that can be used to cryptographically sign emails, documents, files, or entire disk partitions in order to protect them from being spied on. Selling custom security-focused encrypted phones does not involve any crime itself, but Dutch police have discovered evidence, which indicates over the years such phones had been sold to organized criminals involved in ...

Millions of Android smartphones are at serious risk of "screen hijack" vulnerability that allows hackers to steal your passwords, bank details, as well as helps ransomware apps extort money from victims. The worse thing is that Google says it won't be patched until the release of 'Android O' version, which is scheduled for release in the 3rd quarter this year. And the worse, worse, worse thing is that millions of users are still waiting for Android N update from their device manufacturers (OEMs), which apparently means that majority of smartphone users will continue to be victimized by ransomware, adware and banking Trojans for at least next one year. According to CheckPoint security researchers, who discovered this critical flaw, the problem originates due to a new permission called " SYSTEM_ALERT_WINDOW ," which allows apps to overlap on a device's screen and top of other apps. This is the same feature that lets Facebook Messenger float...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak , that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing "Vault 7" dump — thousands of documents and files leaked by Wikileaks, claiming to detail hacking tools and tactics of the U.S. Central Intelligence Agency (CIA). As previously reported , the vulnerability (CVE-2017-3881) resides in the Cluster Management Protocol (CMP) — which uses Telnet or SSH to deliver signals and commands on internal networks — in Cisco IOS and Cisco IOS XE Software. The vulnerability can be exploited remotely by sending "malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections," researchers say. The company warned users on April 10 that an exploit targeting...

As part of this month's Patch Tuesday, Microsoft has released security patches for a total of 55 vulnerabilities across its products, including fixes for four zero-day vulnerabilities being exploited in the wild. Just yesterday, Microsoft released an emergency out-of-band update separately to patch a remote execution bug ( CVE-2017-0290 ) in Microsoft's Antivirus Engine that comes enabled by default on Windows 7, 8.1, RT, 10 and Server 2016 operating systems. The vulnerability, reported by Google Project Zero researchers, could allow an attacker to take over your Windows PC with just an email, which you haven't even opened yet. May 2017 Patch Tuesday — Out of 55 vulnerabilities, 17 have been rated as critical and affect the company's main operating systems, along with other products like Office, Edge, Internet Explorer, and the malware protection engine used in most of the Microsoft's anti-malware products. Sysadmins all over the world should prioriti...

President Donald Trump has abruptly fired James Comey, the director of the Federal Bureau of Investigation (FBI) who was leading an investigation into alleged links between Trump and Russia. The White House announced on Tuesday that Comey was fired on the "clear recommendation" of Deputy Attorney General Rod Rosenstein and Attorney General Jeff Sessions, citing the reason that he was no longer able to lead the bureau effectively. "While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgment of the Department of Justice that you are not able to effectively lead the Bureau," Trump wrote in a termination letter to Comey. Later a memo from the US deputy attorney general Rod Rosenstein explained that Comey was fired as director of the FBI over mishandling of the inquiry into Hillary Clinton's emails, including his decision to close this investigation without prosecution ....

Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory." Natalie Silvanovich also published a  proof-of-concept (PoC) exploit code that fits in a single tweet. The reported RCE vulnerability , according to the duo, could work against default installations with "wormable" ability – capability to replicate itself on an infected computer and then spread to other PCs automatically. According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft ...

Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or urgently patch a vulnerability – you know what I am talking about. All of these issues have been with us basically forever. Recently, the list of complex tasks extended to getting cloud infrastructure connected to the rest of the network, and secure access for mobile users. There seems to be a change coming to this key part of IT, a silver lining if you will. We decided to take a look at one solution to this problem – the Cato Cloud from Cato Networks. Founded in 2015, Cato Networks provides a software-defined and cloud-based secure enterprise network that connects all locations, people and data to the Cato Cloud – a single, global, and secure network. Cato promises to simplify netwo...

Update (Monday, May 08, 2017):  Microsoft has released an emergency security update to patch below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine (MMPE) that affects Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 operating systems. Google Project Zero's security researchers have discovered another critical remote code execution (RCE) vulnerability in Microsoft's Windows operating system, claiming that it is something truly bad. Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory. This is crazy bad. Report on the way." Ormandy did not provide any further details of the Windows RCE bug, as Google gives a 90-day security disclosure deadline to all software vendors to patch their products and disclose it to the public. This means the details of the new RC...

If you have recently downloaded the popular open source video transcoder app HandBrake on your Mac, there are chances that your computer is infected with a notorious Remote Access Trojan (RAT). The HandBrake team issued a security alert on Saturday, warning Mac users that one of its mirror servers to download the software has been compromised by hackers. In case you aren't aware, HandBrake is an open source video transcoder app that allows Mac users to convert multimedia files from one format to another. According to the HandBrake team, an unknown hacker or group of hackers compromised the download mirror server (download.handbrake.fr) and then replaced the Mac version of the HandBrake client (HandBrake-1.0.7.dmg) with a malicious version infected with a new variant of Proton . Originally discovered in February on a Russian underground hacking forum, Proton is a Mac-based remote access trojan that gives attackers root access privileges to the infected system. The af...

Wikileaks has published a new batch of the Vault 7 leak , detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA. This latest batch is the 7th release in the whistleblowing organization's 'Vault 7' series. Dubbed Archimedes , the newly released CIA tool, dumped on Friday, purportedly used to attack computers inside a Local Area Network (LAN). According to the leaked documents, this MitM tool was previously named 'Fulcrum' but later was renamed to 'Archimedes' with several improvements on the previous version, like providing a way to "gracefully shutting down the tool on demand," and adding "support for a new HTTP injection method based on using a hidden iFrame." The leaked documents describe Archimede...

Earlier this week Intel announced a critical escalation of privilege bug that affects its remote management features shipping with Intel Server chipsets for past 7 years, which, if exploited, would allow a remote attacker to take control of vulnerable PCs, laptops, or servers. The vulnerability, labeled CVE-2017-5689 , affects Intel remote management technologies, including Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software, versions 6 through 11.6. The flaw was originally discovered by Maksim Malyutin, a member of Embedi research team, in mid-February, who then responsibly disclosed it to the Intel security team. My previous article , published earlier this week, was based on the partial information shared by Maksim to The Hacker News, as the reported Intel AMT vulnerability was highly critical and can be exploited remotely, Embedi held technical details until most sysadmins update their systems with a ...