The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. According to multiple sources in local Bulgarian media , an unknown hacker earlier this week emailed them download links to 11GB of stolen data which included taxpayer's personal identifiable numbers, addresses, and financial data. In a brief statement released Monday, the National Revenue Agency (NRA) of Bulgaria said the stolen data originates from the country's tax reporting service. The NRA also indicated that the Ministry of the Interior and the State Agency for National Security (SANS) have started taking an assessment of the potential vulnerability in NRA's systems that attackers might have exploited to breach into its databases. It appears that until now, the hacker, who claimed to be a Russian man, has only released 57 out of a total of 110 c...

Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core architecture and also due to its low market share, and also many of them don't even have a wide range of functionalities. In recent years, even after the disclosure of severe critical vulnerabilities in various flavors of Linux operating systems and software, cybercriminals failed to leverage most of them in their attacks. Instead, a large number of malware targeting Linux ecosystem is primarily focused on cryptocurrency mining attacks for financial gain and creating DDoS botnets by hijacking vulnerable servers. However, researchers at security firm Intezer Labs recently d...

Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side channels. Now, a separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission. Abusing Android Accelerometer to Capture Loudspeaker Data Dubbed Spearphone , the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions. An ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are and how they can be best addressed. Apart from actually securing the organization – and losing some sleep over it – this individual has another equally important task: to communicate the security risk, needs, and status to the company's management. After all, the level of security rises in direct proportion to the amount of invested resources, and management people are the ones who decide and allocate them. Since management people are not typically cybersecurity savvy, engaging them can be challenging – one must find the balance between high-level explanations, a direct c...

If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. Dubbed " Media File Jacking ," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device. WhatsApp and Telegram allow users to choose if they want to save all incoming multimedia files on internal or external storage of their device. However, WhatsApp for Android by default automatically stores media files in the external storage, while Telegram for Android uses internal storage to store users files that are not accessible to any othe...

The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web server on users' computers, just like Zoom for macOS. The controversial local web server that has been designed to offer an automatic click-to-join feature was found vulnerable to remote command injection attacks through 3rd-party websites. Security researcher Jonathan Leitschuh initially provided a proof-of-concept demonstrating how the vulnerable web server  could eventually allow attackers to turn on users laptop's webcam and microphone remotely. The flaw was later escalated to remote code execution attack by another security researcher, Karan Lyons , who has now published a new v...

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme . By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data. However, Apple offers some methods that facilitate sending and receiving very limited data between applications. One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like facetime:// , whatsapp:// , fb-messenger:// . For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication. In the background, that e-commerce app actually triggers the URL Sch...

Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions. Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities. Some vulnerabilities have recently been patched , some are still under the process of being fixed, and many others most likely do exist, but haven't been found just yet. Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete contr...

The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control over your Apple's Mac computer remotely. Reportedly, the cloud-based Zoom meeting platform for macOS has also been found vulnerable to another severe flaw (CVE-2019-13567) that could allow remote attackers to execute arbitrary code on a targeted system just by convincing users into visiting an innocent looking web-page. As explained in our previous report by Swati Khandelwal, the Zoom conferencing app contained a critical vulnerability ( CVE-2019-13450 ) that resides in the way its click-to-join feature is implemented, which automatically turns on users' webcam when they visit an in...

After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal . The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook to gain explicit consent from users to share their personal data. The FTC launched an investigation into the social media giant last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around  87 million Facebook users without their explicit consent. Now, according to a new report published by the Wall Street Journal, the FTC commissioners this week finally voted to approve a $5 billion settlement, with three Republicans voting to approve the deal and two Democrats against it. Facebook anticipated the fine to between $3 billion...

Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That's definitely a 'NO,' which is why there's a reactive approach in place to save organisations from the aftermath of take downs, and with proper cybersecurity practices, one can reduce the chances of becoming a victim. To do that, organizations should follow specific cybersecurity frameworks that will assist them in redefining and reinforcing their IT security and staying vigilant against cyber attacks. In this article, we'll understand what is cybersecurity framework, why they are mandatory for organizations, and what are their types, strategies, benefits, and implementation in detail. What is a Cybersecurity Framework? Cybersecurity framew...

Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers silently replaced installed legitimate apps with their malicious versions on nearly 25 million mobile phones. Now the important question here is how they're doing it and why? According to researchers at Check Point, attackers are distributing a new kind of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and available through widely used third-party app stores. Dubbed Agent Smith , the malware takes advantage of multiple Android vulnerabilities, such as the  Janus flaw and the Man-in-the-Disk flaw , and injects malic...