The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The United States Justice Department has charged three Chinese nationals for allegedly hacking Moody's Analytics economist, German electronics manufacturer Siemens, and GPS maker Trimble, and stealing gigabytes of sensitive data and trade secrets. According to an indictment unsealed Monday in federal court in Pittsburgh, Pennsylvania, the three men worked for a Chinese cybersecurity company, Guangzhou Bo Yu Information Technology Company Limited ( Boyusec ), previously linked to China's Ministry of State Security. Earlier this year, security researchers also linked Boyusec to one of the active Chinese government-sponsored espionage groups, called Advanced Persistent Threat 3 (or APT3 ), which is also known as Gothic Panda, UPS Team, Buckeye, and TG-0110. In 2013, APT3 allegedly stole the blueprints for ASIO's new Canberra building using a piece of malware that was uploaded to an ASIO employee's laptop. According to the indictment, the three Chinese nationals...

In a coordinated International cyber operation, law enforcement agencies have seized over 20,520 website domains for illegally selling counterfeit products, including luxury products, sportswear, electronics, pharmaceuticals and online piracy on e-commerce platforms and social networks. Counterfeiting is a form of trademark infringement that involves the manufacturing and/or distribution of fake lookalike branded products with a primary purpose to confuse or dupe consumers into buying them. The operation, dubbed " In Our Sites (Project TransAtlantic VIII) ," was conducted by Europol in association with the Interpol, the US National Intellectual Property Rights Coordination Centre (NIPRCC), FBI, Department of Justice (DOJ), and law enforcement authorities from 27 European Member States. Counterfeit goods are a huge business, as the International Trademark Association suggested that around $460 billion worth of counterfeit goods were bought and sold last year alone. ...

Image Credit: Pixelbay Blockchain startups are cropping up left and right aiming to disrupt existing services and business models. These range from the trivial to potentially game-changing solutions that can revolutionize the internet as we know it. Among those that promise to change the world, most are attempting to reconstruct the entire internet infrastructure into something that is decentralized, secure, scalable, and tokenized. There are also those that aim to solve the most significant problems plaguing the digital world, particularly potentially costly and tedious security issues. We do not lack for dangers, ranging from data breaches to denial-of-service attacks, and other hacks. For the most part, there are capable SaaS and software-defined services that are capable enough in addressing the threats that involve malware and DDoS. However, blockchains offer much much more. The plague of DDoS Distributed denial-of-service or DDoS attacks involve a malicious hacke...

If you think a website whose value is more than $500 billion does not have any vulnerability in it, then you are wrong. Pouya Darabi, an Iranian web developer, discovered and reported a critical yet straightforward vulnerability in Facebook earlier this month that could have allowed anyone to delete any photo from the social media platform. The vulnerability resides in Facebook's new Poll feature, launched by the social media giant earlier this month, for posting polls that include images and GIF animations. Darabi analyzed the feature and found that when creating a new poll, anyone can easily replace the image ID (or gif URL) in the request sent to the Facebook server with the image ID of any photo on the social media network. Now, after sending the request with another user image ID (uploaded by someone else), that photo would appear in the poll. "Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[...

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex banking trojan , Trickbot banking trojan , Locky ransomwar e, and Jaff ransomware , has now started spreading a new version of Scarab ransomware. According to F-Secure , Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns. Scarab ransomware is a relatively new ransomware family that was initially spotted by ID Ransomware creator Michael Gillespie in June this year. Massive Email Campaign Spreads Scarab Ransomware According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at ...

A security researcher has discovered and publicly disclosed two critical vulnerabilities in the popular Internet mail message transfer agent Exim , one of which could allow a remote attacker to execute malicious code on the targeted server. Exim is an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is responsible for routing, delivering and receiving email messages. The first vulnerability, identified as CVE-2017-16943 , is a use-after-free bug which could be exploited to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands. "To trigger this bug, BDAT command is necessary to perform an allocation by raising an error," the researcher said. "Through our research, we confirm that this vulnerability can be exploited to remote code execution if the binary is not compiled with PIE." The researcher ( mehqq_ ) has also published a Proof-of-Concept (PoC) ...

Only after a few days of Uber admitting last year's data breach of 57 million customers , the popular image sharing site disclosed that it had suffered a major data breach in 2014 that compromised email addresses and passwords of 1.7 million user accounts. In a blog post published on Friday, Imgur claimed that the company had been notified of a three-year-old data breach on November 23 when a security researcher emailed the company after being sent the stolen data. Imgur Chief Operating Officer (COO) then alerted the company's founder and the Vice President of Engineering to the issue before began working to validate that the data belonged to Imgur users. After completing the data validation, the company confirmed Friday morning that the 2014 data breach impacted approximately 1.7 million Imgur user accounts (a small fraction of its 150 million user base) and that the compromised information included only email addresses and passwords. Since Imgur has never asked fo...

Earlier this month a cybersecurity researcher shared details of a security loophole with The Hacker News that affects all versions of Microsoft Office, allowing malicious actors to create and spread macro-based self-replicating malware. Macro-based self-replicating malware, which basically allows a macro to write more macros, is not new among hackers, but to prevent such threats, Microsoft has already introduced a security mechanism in MS Office that by default limits this functionality. Lino Antonio Buono, an Italian security researcher who works at InTheCyber , reported a simple technique (detailed below) that could allow anyone to bypass the security control put in place by Microsoft and create self-replicating malware hidden behind innocent-looking MS Word documents. What's Worse? Microsoft refused to consider this issue a security loophole when contacted by the researcher in October this year, saying it's a feature intended to work this way only—just like MS Offic...

Security researchers have discovered a potentially dangerous vulnerability in the firmware of various Hewlett Packard (HP) enterprise printer models that could be abused by attackers to run arbitrary code on affected printer models remotely. The vulnerability (CVE-2017-2750), rated as high in severity with 8.1 CVSS scale, is due to insufficiently validating parts of Dynamic Link Libraries (DLL) that allows for the potential execution of arbitrary code remotely on affected 54 printer models. The security flaw affects 54 printer models ranging from HP LaserJet Enterprise, LaserJet Managed, PageWide Enterprise and OfficeJet Enterprise printers. This remote code execution (RCE) vulnerability was discovered by researchers at FoxGlove Security when they were analyzing the security of HP's MFP-586 printer (currently sold for $2,000) and HP LaserJet Enterprise M553 printers (sold for $500). According to a technical write-up posted by FoxGlove on Monday, researchers were able to...

How many times it has happened to you when you look for something online and the next moment you find its advertisement on almost every other web page or social media site you visit? Web-tracking is not new. Most of the websites log its users' online activities, but a recent study from Princeton University has suggested that hundreds of sites record your every move online, including your searches, scrolling behavior, keystrokes and every movement. Researchers from Princeton University's Centre for Information Technology Policy (CITP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking technique to track every move of their users. Dubbed " Session Replay ," the technique is used even by most popular websites, including The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, and WordPress, to record every single movement a visitor does while navigating a web page,...

Uber is in headlines once again—this time for concealing last year's data breach that exposed personal data of 57 million customers and drivers. On Tuesday, Uber announced that the company suffered a massive data breach in October 2016 that exposed names, e-mail addresses and phone numbers of 57 million Uber riders and drivers along with driver license numbers of around 600,000 drivers. However, instead of disclosing the breach, the company paid $100,000 in ransom to the two hackers who had access to the data in exchange for keeping the incident secret and deleting the information, according to a report published by Bloomberg. Uber said none of its own systems were breached, rather two individuals outside the company inappropriately accessed and downloaded 57 million Uber riders' and drivers' data that was stored on a third-party cloud-based service. The cyberattack exposed the names and driver license numbers of some 600,000 drivers in the United States, and t...

Do you own an Android smartphone? If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google. Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)—even when location services are entirely disabled, according to an investigation conducted by Quartz. This location-sharing practice doesn't want your Android smartphone to use any app, or turn on location services, or even have a SIM card inserted. All it wants is to have your Android device to be connected to the Internet. The investigation revealed that Android smartphones have been collecting the addresses of nearby cellular towers, and this data could be used for " Cell Tower Triangulation "—a technique widely used to identify the location of a phone/device using data from three or more nearby cell towers. Each time your Android device come...