The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage. Over the past three decades, many high profile hacking incidents—like hacking the US presidential elections , targeting a country with NotPetya ransomware , causing blackout in Ukrainian capital Kiev , and Pentagon breach—have been attributed to Russian hacking groups, including Fancy Bear  (Sofacy), Turla ,  Cozy Bear ,  Sandworm Team  and Berserk Bear. Besides continuously expanding its cyberwar capabilities, the ecosystem of Russian APT groups has also grown into a very complex structure, making it harder to understand who's who in Russian cyber espionage. Now to illustrate the big ...

Many organizations regard Endpoint Detection and Response (EDR) as their main protection against breaches. EDR, as a category, emerged in 2012 and was rapidly acknowledged as the best answer to the numerous threats that legacy AV unsuccessfully struggled to overcome – exploits, zero-day malware and fileless attacks are prominent examples. While there is no dispute on EDR's efficiency against a significant portion of today's advanced threats, a new breed of "next-generation EDR" solutions are now available ( learn more here ) which on top of featuring all EDR capabilities, go beyond this to protect against prominent attack vectors that EDR does not cover such as those involving users and networks. "Many people unknowingly mix two different things – endpoint protection and breach protection," explained Eyal Gruner, co-Founder of Cynet (a next-generation EDR solution). "It's perfectly true that many attacks start at the endpoint and involve mali...

It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the way Microsoft's scripting engine handles objects in memory in Internet Explorer. The vulnerability is a memory-corruption issue that could allow a remote attacker to hijack a Windows PC just by convincing the user into viewing a specially crafted, booby-trapped web-page hosted online, when using Internet Explorer. "An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affec...

Two widely used Adblocker Google Chrome extensions , posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, they also pose huge threats to both your privacy and security. Being the most over-sighted weakest link in the browser security model, extensions sit between the browser application and the Internet — from where they look for the websites you visit and subsequently can intercept, modify, and block any requests, based on the functionalities they have been designed for. Apart from the extensions which are purposely created with malicious intent , in recent years we have also seen some of the most popular legitimate Chrome and Firefox extensions g...

Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most severe of which could allow remote hackers to take control of an affected system. Google has decided to keep details of all four vulnerabilities secret for a few more days in order to prevent hackers from exploiting them and give users enough time to install the Chrome update. For now, Chrome security team has only revealed that all four vulnerabilities are use-after-free issues in different components of the web browser, as mentioned below, the critical of which could lead to remote code execution attacks. The use-after-free vulnerability is a class of memory corruption issue that allows corruption or modificat...

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured Elasticsearch server by security firm vpnMentor, which made the discovery during its large-scale mapping project. For a country with a population of over 16 million people, the breach exposed details of almost every Ecuadorian citizen, including President Lenín Moreno as well as WikiLeaks CEO Julian Assange , who was given political asylum in the country in 2012. The unsecured Elasticsearch server, which was based in Miami and owned by Ecuadorian company Novaestrat, contained 18GB cache of data appeared to have come from a variety of sources including government registries, an automot...

Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer viruses that is now infecting over 90,000 machines each month around the world. Though the campaigns that are hacking computers with the Smominru botnet have not been designed to go after targets with any specific interest, the latest report from Guardicore Labs researchers shed light on the nature of the victims and the attack infrastructure. According to the researchers, just last month, more than 4,900 networks were infected by the worm without any discrimination, and many of these networks had dozens of internal machines infected. Infected networks include US-based higher-educ...

A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other content management platforms. Discovered by security researcher and pentester Manuel Garcia Cardenas , the vulnerability claims to be a cross-site request forgery (CSRF) flaw, also known as XSRF, a well-known attack wherein attackers trick authenticated users into executing an unwanted action. Identified as CVE-2019-12922 , the flaw has been given a medium rating because of its limited scope that only allows an attacker to delete any server configured in the setup page of a phpMyAdmin panel on a victim's server. To be noted, it's not something you should not be much worried abo...

The United States government today filed a lawsuit against Edward Snowden , a former contractor for the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country and leaked top-secret information about NSA's global and domestic surveillance activities. And you would be more surprised to know the reason for this lawsuit—No, Snowden has not been sued for leaking NSA secrets, instead for publishing a book without submitting it to the agencies for pre-publication review. In his latest book, titled " Permanent Record " and released today on September 17th, Edward Snowden for the first time revealed the story of his life, including how he helped the agency to built that surveillance system. Permanent Record also details about the aftermath of Snowden decision to disclose hundreds of thousands of sensitive documents exposing the United States mass surveillance programs to the world. According to a press release U.S. Department of J...

"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you're exposing all your events and business activities on the Internet accessible to anyone. At the time of writing, there are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links, security researcher Avinash Jain told The Hacker News. Avinash Jain , a security researcher from India working in an e-commerce company, Grofers, who previously found vulnerabilities in other platforms like NASA, Google, Jira, and Yahoo. "I was able...

The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc. Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router —a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances. In its latest study titled " SOHOpelessly Broken 2.0 ," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) de...

Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature on which millions of people today rely to escape the awkwardness of mistakenly sending messages / pictures / videos to the wrong person. As the name indicates, the ' Delete for Everyone ' feature is intended to unsend mistakenly sent inappropriate messages—including text, photos and videos—from the recipient's phone, or from the phones of all members of a group. In the case of WhatsApp, the feature is only available within 1 hour, 8 minutes, and 16 seconds of sending a message you want to delete, which is fine and a fair use case. However, it tur...