The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird , being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a "simple yet powerful" technique that allows attackers to inject malicious code into a legitimate process before its main thread starts, and thereby avoids detection by Windows hook engines used by most anti-malware products. The Early Bird code injection technique "loads the malicious code in a very early stage of thread initialization, before many security products place their hooks—which allows the malware to perform its malicious actions without being detected," the researchers said. The technique is similar to the AtomBombing code injection technique that does not rely on easy-to-detect API calls, allowing malware to inject code into processes in a manner that no a...

Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time. According to a new study, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates. In other words, most smartphone manufacturers including big players like Samsung, Xiaomi, OnePlus, Sony, HTC, LG, and Huawei are not delivering you every critical security patch they're supposed to, a study by Karsten Nohl and Jakob Lell of German security firm Security Research Labs (SRL) revealed. Nohl and Lell examined the firmware of 1,200 smartphones from over a dozen vendors, for every Android patch released last year, and found that many devices have a "patch gap," leaving parts of the Android ecosystem exposed to hackers. "Sometimes these guys just change the date without installing any patches. Probably for m...

Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have now shown how fluctuations in the current flow "propagated through the power lines" could be used to covertly steal highly sensitive data. Sound something like a James Bond movie? Well, the same group of researchers has previously demonstrated various out-of-band communication methods to steal data from a compromised air-gapped computer via light , sound , heat , electromagnetic , magnetic and ultrasonic waves . Air-gapped computers are those that are isolated from the Internet and local networks and therefore, are believed to be the most secure devices that are difficult to infiltrate or exfiltrate data. "As a part of the targeted attack, the adve...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month —almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction. The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections. A remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server. Since Microsoft Outlook a...

Can you get hacked just by clicking on a malicious link or opening a website? — YES . Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website. Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker. All these five vulnerabilities in Windows Microsoft Graphics were dis...

Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal , the company today launched a bounty program to reward users for reporting "data abuse" on its platform. The move comes as Facebook CEO Mark Zuckerberg prepares to testify before Congress this week amid scrutiny over the data sharing controversy surrounding Cambridge Analytica, a political consultancy firm that obtained and misused data on potentially 87 million of its users . Through its new " Data Abuse Bounty " program, Facebook would ask users to help the social media giant find app developers misusing data, Facebook announced Tuesday. Similar to its existing bug bounty program, the Data Abuse Bounty program will reward a sum of money to anyone who reports valid events of data collection that violate Facebook's revamped data policies . "This program is complemen...

A serious vulnerability has been exposed in "emergency alert systems" that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms. The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes and terrorist attacks. False alarms can create panic and chaos across the city, as witnessed in Dallas last year , when 156 emergency sirens were turned on for about two hours, waking up residents and sparking fears of a disaster. Dubbed " SirenJack Attack ," the vulnerability discovered by a researcher at Bastille security firm affects warning sirens manufactured by Boston-based ATI Systems, which are being used across major towns and cities, as well as Universities, military facilities, and industrial sites. According to Balint Seeber, director of threat research at...

Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information. The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached. Facebook stores details of almost every action you have taken and interaction you have engaged in on its platform. What many Facebook users are unaware of, though, is that you can easily download and see all the information Facebook has collected from you in just a few minutes. Here's how to find out what data Facebook has collected over time, including all your past posts, messages, photos, videos and more. Here's how to Download Your Facebook Data: First, sign into Facebook (on a desktop browser, not your mobile). Then, click the drop-down arrow on the top right, and click on "Settings." This will take you to facebook.com/settings, where you will find your "General Account Set...

A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide range of client/server and mainframe operating systems, switches, databases, and keep them safe from external attackers, as well as malicious insiders. Discovered by German cybersecurity firm RedTeam Pentesting GmbH, the vulnerability affects one of such Enterprise Password Vault apps designed by CyberArk—a password management and security tool that manages sensitive passwords and controls privileged accounts. The vulnerability (CVE-2018-9843) resides in CyberArk Password Vault Web Access, a .NET web application created by the company to help its customers access their accounts remotely. ...

Since last week, a new hacking group, calling itself ' JHT ,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—" Do not mess with our elections " with an American flag (in ASCII art). MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches in Iran, though a majority of them were already restored. The hacking group is reportedly targeting vulnerable installations of Cisco Smart Install Client, a legacy plug-and-play utility designed to help administrators configure and deploy Cisco equipments remotely, which is enabled by default on Cisco IOS and IOS XE switches and runs over TCP port 4786. Some researchers believe the attack involves a recently disclosed remote code execution vulnerability ( CVE-2018-0171 ) in Cisco Smart Install Client that could allow attackers to take full control of the network ...

A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media authentication into an application. With over 2000 enterprise customers and managing 42 million logins every day and billions of login per month, Auth0 is one of the biggest identity platforms. While pentesting an application back in September 2017, researchers from security firm Cinta Infinita discovered a flaw ( CVE-2018-6873 ) in Auth0's Legacy Lock API , which resides due to improper validation of the JSON Web Tokens (JWT) audience parameter. Researchers successfully exploited this issue to bypass login authentication using a simple cross-site request forgery (CSRF/XSRF) attack against the...

Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports . Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business advice to entrepreneurs and help them create right business plans. Unknown attackers managed to hack the website ( https://liiketoimintasuunnitelma.com ) and stole over 130,000 users' login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash. Right after knowing of the breach on 3rd April, the company took down the affected website, which is currently showing "under maintenance" notice with a press release about the incident on its homepage. "We are very sorry for all the people who have been subjected to crime a...