The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Windows 10 users don't have to wait much longer for the support of latest WPA3 Wi-Fi security standard , a new blog post from Microsoft apparently revealed. The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to hack WiFi password . WPA3 was officially launched earlier this year, but the new WiFi security standard won't arrive overnight. Most device manufacturers could take months to get their new routers and networking devices certified by the Wi-Fi Alliance to support WPA3. Meanwhile, technology providers have already started working on software and firmware updates to support the new WPA3 standard, including Microsoft. WPA3-Personal (SAE) Support in Windows 10 Though Microsoft hasn't yet officially announced WPA3 support for its Windows 10 operating system, new APIs introduced in the newly released Windows 10 SDK Preview build 18272 , as ma...

A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson , a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service, the Sony PlayStation network , and Valve Software's Steam, between December 2013 and January 2014, by flooding them with enough internet traffic. Thompson then typically used the Twitter account the @DerpTrolling handle to announce his attacks, subsequently posting screenshots or other photos of the server being unavailable after launching DDoS attacks. The attacks usually took down game servers and related computers of the victim companies for at least a few hours at a time, causing at least $95,000 in damages to the gaming companies around the world. "Denial-of...

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by the security firm Check Point to the DJI security team in March this year, the popular China-based drone manufacturing company fixed the issue after almost six months in September. The account takeover attack takes advantage of a total of three vulnerabilities in the DJI infrastructure, including a Secure Cookie bug in the DJI identification process, a cross-site scripting (XSS) flaw in its Forum and a SSL Pinning issue in its mobile app. The first vulnerability, i.e. not having the "secure" and "httponly" cookie flag enabled, allowed attackers to steal login cookies of a user b...

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along with the launch of a number of new tools and features at its Android Dev Summit 2018 , Google has also launched the a new API, called "In-app Updates," which aims to help developers ensure that users are running the latest and greatest version of their app. "We've heard that you'd like more controls to ensure that users are running the latest and greatest version of your app. To address this, we're launching an In-app Updates API," Google said . How Does Android's New In-app Updates API Work? It should be noted that the Android's new In-app Updates API doesn't force or lock out users from the app if they chose not to update it. In...

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform StatCounter . However, after analyzing the code, the researchers found that hackers managed to compromise StatCounter and successfully replaced its tracking script with malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange. Like Google Analytics, StatCounter is also an old, but popular real-time web analytics platform reportedly being used by more than two million websites and generates stats on over 10 billion page views per month. Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange Though the malicious code was also inject...

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox —a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine. The vulnerability occurs due to memory corruption issues and affects Intel PRO / 1000 MT Desktop (82540EM) network card (E1000) when the network mode is set to NAT (Network Address Translation). The flaw is independent of the type of operating system being used by the virtual and host machines because it resides in a shared code base. VirtualBox Zero-Day Exploit and Demo Video Released Sergey Zelenyuk published Wednesday a detailed technical explanation of the zero-day flaw on GitHub, which affects all current versions (5.2.20 and prior) of VirtualBox software and is present on the default Virtual Machine (VM) configuration. According to Zelenyuk, t...

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the unpatched websites. WooCommerce is one the most popular eCommerce plugins for WordPress that helps websites to upgrade their standard blog to a powerful online store. WooCommerce powers nearly 35% of e-stores on the internet, with more than 4 million installations. Exploiting WooCommerce File-Deletion and WordPress Design Flaws The attack demonstrated in the following video takes advantage of the way WordPress handles user privileges and WooCommerce file deletion vulnerability, allowing an account with "Shop Manager" role to eventually reset administrator accounts' pass...

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the password for the disk. The researchers—Carlo Meijer and Bernard van Gastel—at Radboud University in the Netherlands reverse engineered the firmware several SSDs that offer hardware full-disk encryption to identify several issues and detailed their findings in a new paper ( PDF ) published Monday. "The analysis uncovers a pattern of critical issues across vendors. For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys," the researchers say. The duo successfully tested their...

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre , TLBleed , and Foreshadow . Discovered by a team of security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel's Hyper-Threading technology, the company's implementation of Simultaneous MultiThreading (SMT). Simultaneous MultiThreading is a performance feature that works by splitting up each physical core of a processor into virtual cores, known as threads, allowing each core to...

Joshua Adam Schulte , a 30-year-old former CIA computer programmer who was indicted over four months ago  for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of interfering with his case pleading and subjecting him to "cruel and unusual punishment" in pre-trial detention. "The shit-filled showers where you leave dirtier than when you entered; the flooding of the tiers and cages with ice-cold water; the constant blast of cold air as we are exposed to extreme cold without blankets or long-sleeve shirts; the uncontrollable lights that are always on as we are sleep deprived...No human being should ever have to experience this torture," Schulte wrote. Schulte, who once designed hacking tools and malware for both the CIA and ...

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit , the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices. Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products. Armis is the same security firm that last year discovered BlueBorne , a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audi...

Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," Apple explained in the guide [ PDF ]. The tech giant furt...

It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone. Jose Rodriguez , a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today. To demonstrate the bug, Rodriguez shared a video with The Hacker News, as shown below, describing how the new iPhone hack works, which is relatively simple to perform than his previous passcode bypass findings. Instead, the issue resides in a new feature, called Group FaceTime , introduced by Apple with iOS 12.1, which makes it easy for users to video chat with more people than ever before—maximum 32 people. How Does the New iPhone Passcode Bypass Attack Work? Unlike his previous passcode bypass hacks, the new method w...

Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent. With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to run on any device running Windows 10, including desktop PC, Xbox, IoT, Surface Hub, and Mixed-reality headset. UWP apps have the ability to access certain API, files like pictures, music, or devices like camera and microphone, by declaring required permissions in their package manifest (configuration) file. By default, UWP apps have access to directories, where the app is installed on the users' system and where the app can store data (local, roaming and temporary folders). However, to access other files on a system, including sensitive resources, Microsoft offers several types of capabilities that an applicati...

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the ' Online Video ' option in Word documents, a feature that allows users to embedded an online video with a link to YouTube, as shown. When a user adds an online video link to an MS Word document, the Online Video feature automatically generates an HTML embed script, which is executed when the thumbnail inside the document is clicked by the viewer. Researchers decided to go public with their findings three months after Microsoft refused to acknowledge the reported issue as a security vulnerability. How Does the New MS Word Attack Works? Since the Word Doc files (.docx) are actually zip packages of its media and configuration files, it can easily be opened and edited. Acco...

Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal , WhatsApp , and Telegram , are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of the metadata information that reveals who sent the message to whom and when. The new feature, dubbed " Sealed Sender ," announced by Signal is going to further reduce the amount of information that is accessible to the company itself. However, you should note that Signal never stores metadata or logs of information on its users like who sends messages to each other and when, but the new feature would protect the sender's identity in case the communication is somehow intercepted. How Does the Signal's Sealed Sender Feature Protect Metadata? According to a blog post ...

Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area. Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers. The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system. That's why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an att...

It's been quite a year for the open source platforms. Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion , and now IBM has just announced the biggest open-source business deal ever. IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion. Red Hat, known for its Red Hat Enterprise Linux (RHEL) operating system, is a leading software company that offers open-source software products to the enterprise community. Even Oracle uses Red Hat's source code for its Oracle Linux product. Red Hat's last year revenue was $2.4 billion, and this year the company has earned $2.9 billion. But if Red Hat products are open source and updates are free, you might be wondering how does the company earn. Red Hat was one of the first companies who found a successful way to make money from free open-source software. It offers consul...

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays. According to a blog post published by software security engineer Narendra Shinde , Xorg X server doesn't correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root. The flaw, tracked as CVE-2018-14665 , was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or vi...