The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yes, you heard me right. Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer. No, that doesn't mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house custom built Linux kernel later this year starting with the Windows 10 Insider builds. Microsoft announced the move in a blog post while unveiling Windows Subsystem for Linux version 2.0 (or WSL 2 ) that will feature "dramatic file system performance increases" and support more Linux apps like Docker. So, to support this entirely new architecture for the WSL 2, Windows 10 will have its own Linux kernel. Although this is not the first time Microsoft has shipped a Linux kernel as the company has already shipped its own custom Linux kernel on Azure Sphere  last year, this is the first time a Linux kernel is shipped with Windows. Unlike Windows Subsystem for Linux version...

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them. According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye , was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017. Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States. Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [ 1 , 2 ] Buckeye hacking group to an information security company, called Boyusec, who is working on beh...

Wyzant —an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing "certain personal identification information" for its customers. The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals an unknown attacker was able to gain access to one of its databases on April 27, which the company identified a week after the security incident. The stolen personal identification information for affected customers includes their first name, last name, email address, zip code, and, for certain customers, their Facebook profile image as well who log-in to the platform using Facebook. Wyzant also explicitly made it clear that the stolen data did not include any password, payment information, or record of its customers' activity on the Wyzant platform, and that no other than the above-mentione...

The Israel Defense Force (IDF) claims to have neutralized an "attempted" cyber attack by launching airstrikes on a building in Gaza Strip from where it says the attack was originated. As shown in a video tweeted by IDF, the building in the Gaza Strip, which Israeli fighter drones have now destroyed, was reportedly the headquarters for Palestinian Hamas military intelligence, from where a cyber unit of hackers was allegedly trying to penetrate Israel's cyberspace. "We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed," said the Israeli Defence Forces on Twitter. However, the Israel Defense Force has not shared any information about the attempted cyber attack by the Hamas group, saying it would reveal the country's cyber capabilities. According to Judah Ari Gross of Times of Israel , ...

Europol announced the shut down of two prolific dark web marketplaces— Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the world's second largest dark marketplace with more than a million users and 5,400 vendors. Besides this, the operation involving Europol , Dutch police and the FBI also led to the arrests of two major suppliers of narcotics via the Wall Street Market site in Los Angeles, the United States. According to the Europol, the police officers seized the computers used to run the illegal market place, along with more than €550 000 (£472,000 or $621,000) in cash, more than €1 Million in Bitcoin and Monero cryptocurrencies, expensive cars, and other evidence. In a press release published today, Eu...

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting...

Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time. Google's Location History feature, if enabled, allows the company to track locations that you have visited, while Web and App Activity tracks websites you have visited and apps you have used. Until now, Google allowed you to either altogether disable the Location History and Web and App Activity feature or manually delete all or part of that data, providing no controls for regular deletion so that users can manage their data efficiently. However, an AP investigation last year revealed that even if you turn off the Location History feature in all your accounts, Google services on Android and iPhone devices continue to trac...

WikiLeaks founder Julian Assange has been sentenced to 50 weeks—for almost a year—in prison by a London court for breaching his bail conditions in 2012 and taking refuge in the Ecuadorian embassy for nearly 7 years. The 47-year-old Assange was arrested last month by London's Metropolitan Police Service after the Ecuadorian government suddenly withdrew his political asylum . Within hours of his arrest, Assange was convicted at Westminster Magistrates' Court of skipping bail in June 2012 after an extradition order to Sweden over claims of sexual assault and rape allegations made by two women. Although Sweden dropped its preliminary investigation into the rape accusation against Julian Assange in 2017, Assange chose not to leave the Ecuadorian Embassy due to fears of extradition to the United States. In the Southwark Crown Court today Judge Deborah Taylor gave Assange a sentence close to the maximum of a year in custody, saying it was hard to "envisage a more ser...

In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS's Cybersecurity and Infrastructure Security Agency (CISA) this week issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address "critical" rated vulnerabilities within 15 days and "high" severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA's weekly Cyber Hygiene vulnerability scanning, rather than it was the firs...

Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed " Sodinokibi ." Last weekend, The Hacker News learned about a critical deserialization remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization. To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on...

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile. When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you. However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user. The research was conducted by a team of researchers from Ruhr University Bochum and ...

An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million. Electrum has been facing cyber attacks since December last year when a team of cybercriminals exploited a weakness in the Electrum infrastructure to trick wallet users into downloading the malicious versions of the software. In brief, the attackers added some malicious servers to the Electrum peer network which were designed to purposely display an error to legitimate Electrum wallet apps, urging them to download a malicious wallet software update from an unofficial GitHub repository. The phishing attack eventually allowed attackers to steal wallet funds (almost 250 Bitcoins that equals to about $937,000 at the time) and take full control over the infected systems. To counter this, the developers behind Electrum...