The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to protect their organizations against the threats that bypass AV and firewall. Added to this is another challenge in that most organizations are limited in the resources they can invest in security. Many are left reliant on a single product on top of their security stack. Common practice in organizational security circles as they attempt to remain secure is to upgrade endpoint protection with EPP\EDR or a Network Analytic tool. But as we all know, what's common is not necessarily what's best. How can an organization ensure it remains secure, especially with all that is at stake? ...

An Iran-linked cyber-espionage group that has been found targeting critical infrastructure , energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday. Widely known as APT33 , which Symantec calls Elfin , the cyber-espionage group has been active since as early as late 2015 and targeted a wide range of organizations, including government, research, chemical, engineering, manufacturing, consulting, finance, and telecommunications in the Middle East and other parts of the world. Symantec started monitoring Elfin's attacks since the beginning of 2016 and found that the group has launched a heavily targeted campaign against multiple organizations with 42% most recent attacks observed against Saudi Arabia and 34% against the United States. Elfin targeted a total of 18 American organizations in the engineering, chemical, research, energy consultancy, finance, IT and healthcar...

Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications. Since almost all Facebook-owned apps by default use security mechanisms such as Certificate Pinning to ensure integrity and confidentiality of the traffic, it makes it harder for white hat hackers and security researchers to intercept and analyze network traffic to find server-side security vulnerabilities. For those unaware, Certificate Pinning is a security mechanism designed to prevent users of an application from being a victim of network-based attacks by automatically rejecting the whole connection from sites that offer bogus SSL certificates. Dubbed " Whitehat Settings ," the new option now lets researchers easily bypass Certificate Pinning on the Facebook-owned mobile apps by: Disabling Facebook's TLS 1.3 support Enabling proxy for Platform API requests ...

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide. According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a "hidden" feature that allows the company to anytime download new libraries and modules from its servers and install them on users' mobile devices. Pushing Malicious UC Browser Plug-ins Using MiTM Attack What's worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS proto...

Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system. According to the advisory , just opening a maliciously crafted web content using any vulnerable WebKit-based application could allow remote attackers to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device. Among the WebKit vulnerabilities include a consistency issue (CVE-2019-6222) that allows malicious websites to potentially access an iOS device microphone without the "microphone-in-use" indicator being shown. A similar vulnerability (CVE-2019-8566) has been patched in Apple's Replay...

Remember the CCleaner hack ? CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017. Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS. A group of state-sponsored hackers last year managed to hijack ASUS Live automatic software update server between June and November 2018 and pushed malicious updates to install backdoors on over one million Windows computers worldwide. According to cybersecurity researchers from Russian firm Kaspersky Lab , who discovered the attack and dubbed it Operation ShadowHammer , Asus was informed about the ongoing supply chain attack on Jan 31, 2019. After analyzing over 200 samples of the malicious updates, researchers learned that hackers did not want to target all users, instead only a specific list of users identified by their uniq...

Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data stored on them. Unfortunately, to cover these bases, one would typically have to spend at least $30 per month. However, here we have great news for millions of The Hacker News readers. Cybersecurity companies partnered with THN Deal Store have exclusively launched a new subscription package called — The Vault — that slashes the price for top security apps everyone needs to use. At just $9.99 monthly subscription, you can now get licenses for four award-winning cybersecurity apps: Dashlane Password Manager Panda Antivirus Software Degoo Online Backup — 2TB of Secure Cloud Storage NordVPN — One of the best VPN service providers in 2019 ...

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients' chests) that gives a patient's heart an electric shock (often called a countershock) to re-establish a normal heartbeat. While the device has been designed to prevent sudden death, several implanted cardiac defibrillators made by one of the world's largest medical device companies Medtronic have been found vulnerable to two serious vulnerabilities. Discovered by researchers from security firm Clever Security, the vulnerabilities could allow threat actors with knowledge of medical devices to intercept and potentially impact the functionality of these life-saving devices. "Successful exploitation of these vulnerabilities ...

Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple's macOS operating system as well—and to more platforms soon, like Linux. As a result, the technology giant renamed its Windows Defender Advanced Threat Protection (ATP) to Microsoft Defender Advanced Threat Protection (ATP) in an attempt to minimize name-confusion and reflect the cross-platform nature of the software suite. But wait, does your Macbook need antivirus protection? Of course! For all those wondering if Mac even gets viruses—macOS is generally more secure than Windows, but in recent years cybercriminals have started paying attention to the Mac platform, making it a new target for viruses, Trojans, spyware, adware, ransomware, backdoors, and other nefarious applications. Moreover, hackers have been successful many ti...

Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database. Though the social media company did not mention exactly what component or application on its website had the programmatic error that caused the issue, it did reveal that the company discovered the security blunder in January this year during a routine security check. In a blog post published today, Facebook's vice president of engineering Pedro Canahuati said an internal investigation of the incident found no evidence of any Facebook employee abusing those passwords. "To be clear, t...

Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep . Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently. Magecart made headlines last year after attackers conducted several high-profile cyber attacks against major international companies including British Airways , Ticketmaster , and Newegg . Magecart hackers use a digital payment card skimmer, a few lines of malicious Javascript code they insert into the checkout page of hacked websites and designed to captured payment information of customers in real time and then send it to a remote attacker-controlled server. Earlier this year, Magecart attackers also compromised nearly 277 e-commerce websites in a supply-chain attack by inserting its...

The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of its software, the developers of PuTTY earlier this week released the latest version 0.71 for Windows and Unix operating systems. According to an advisory available on its website, all previous versions of the PuTTY software have been found vulnerable to multiple security vulnerabilities that could allow a malicious server or a compromised server to hijack client's system in different ways. Here below I have listed all 8 vulnerabilities with brief information that PuTTY 0.71 has patched: 1) Authentication Prompt Spoofing — Since PuTTY doesn't have a way to indicate whether a piec...