The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit. This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks. The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the victim's iPhone remotely. All they need is the iPhone's MAC address or network-port ID. And since obtaining the MAC address of a connec...

Forget fingerprint authentication, retinal scanning or advanced facial recognition that has recently been implemented by Apple in its iPhone X—researchers developed a new authentication system that doesn't require any of your interaction, as simply being near your device is more than enough. A group of computer scientists at the University of Buffalo, New York, have developed a new cardiac-scan authentication system that uses your heart's shape and size as a unique biometric to identify and authenticate you. Dubbed Cardiac Scan , the new authentication system makes use of low-level Doppler radar to wirelessly and continuously map out the dimensions of your beating heart, granting you access to your device so long as you're near it. In simple words, your office device should be able to recognise that it is you sitting in front of the computer, and sign you in without any password or interaction, and automatically should log you out if you step away from your compute...

Popular instant messaging app WhatsApp has already been struggling for its existence in China ever since July when Chinese government blocked its users from sending photos and videos over the app. Now, it appears that China has largely blocked Facebook-owned WhatsApp in its latest step to tighten censorship as the country prepares for a major Communist Party gathering next month. Yes, WhatsApp no longer works in the country at all. China has a long history of blocking and limiting access to web services, especially social networks and Western-owned sites through its Great Firewall . The service currently blocks some 171 out of the world's leading websites, including Wikipedia, Twitter, Facebook, Instagram, and many Google services in mainland China. And now, it is WhatsApp. Although it's unclear how long the messaging app may remain inaccessible in the country, according to Symbolic Software, a Paris-based research firm that monitors WhatsApp's situation in Chi...

Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned. Publicly disclosed last year in October, Dirty COW was present in a section of the Linux kernel—a part of virtually every Linux distribution, including Red Hat, Debian, and Ubuntu—for years and was actively exploited in the wild. The vulnerability allows an unprivileged local attacker to gain root access through a race condition issue, gain access to read-only root-owned executable files, and permit remote attacks. However, security researchers from Trend Micro published a blog post on Monday disclosing that the privilege escalation vulnerability (CVE-2016-5195), known as Dirty COW, has now been actively exploited by a malware sample of ZNIU, detected as AndroidOS_ZNIU. This is the first time we have seen a malware sample to contain an exploit for the vulnerability designed...

Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. "I discovered a flaw where malicious non-privileged code (or apps) could programmatically access th...

Another day, another data breach. This time one of the world's "big four" accountancy firms has fallen victim to a sophisticated cyber attack. Global tax and auditing firm Deloitte has confirmed the company had suffered a cyber attack that resulted in the theft of confidential information, including the private emails and documents of some of its clients. Deloitte is one of the largest private accounting firms in the U.S. which offers tax, auditing, operations consulting, cybersecurity advisory, and merger and acquisition assistance services to large banks, government agencies and large Fortune 500 multinationals, among others. The global accountancy firm said Monday that its system had been accessed via an email platform from October last year through this past March and that "very few" of its clients had been affected, the Guardian reports . The firm discovered the cyber attack in March, but it believes the unknown attackers may have had access to i...

Another day, another news about a data breach, though this is something disconcerting. Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor ...

Botnets, like Mirai , that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New research conducted by Russian security firm Doctor Web has revealed that a Linux Trojan, dubbed Linux.ProxyM that cybercriminals use to ensure their online anonymity has recently been updated to add mas spam sending capabilities to earn money. The Linux.ProxyM Linux Trojan, initially discovered by the security firm in February this year, runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots in order to hide from malware researchers. Linux.ProxyM can operate on almost all Linux device, including routers, set-top boxes, and other equipment having the following architectures: x86, MIPS, PowerPC, MIPSEL, ARM, Motorola 68000, Superh and SPARC. ...

Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate? Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy. FinSpy is a highly secret surveillance tool that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies across the world. The spyware has extensive spying capabilities on an infected computer, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types with a keylogger, intercepting Skype calls, and exfiltration of files. In order to get into a target's machine, FinFisher usually uses various attack vectors, including spear phishing, manual installat...

This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading." EDGAR , short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year. The database lists millions of filings on corporate disclosures—ranging from quarterly earnings to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or manipulating...

The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported , researchers assured users that there's no second stage malware used in the massive attack and affected users can simply update their version in order to get rid of the malicious software. However, during the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names. Affected Technology Firms  According to a predefined list mentioned in the configuration of the C2 server, the attack was designed to find computer...

Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets. The security firm also says it has evidence that APT33 works on behalf of Iran's government. FireEye researchers have spotted cyber attacks aimed by APT33 since at least May 2016 and found that the group has successfully targeted aviation sector—both military and commercial—as well as organisations in the energy sector with a link to petrochemical. The APT33 victims include a U.S. firm in the aerospace sector, a Saudi Arabian business conglomerate with avi...