The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an advanced security solution from the list below who are unhappy with it and up for renewal in 2019 - can try Cynet for free  here. If they decide to switch to Cynet – they will be reimbursed for the remaining contract with the previous security vendor. The Cynet offer is relevant to companies that have at least 300 endpoints and are currently customers of any of the following solutions: Crowdstrike / Carbon Black / Darktrace / Cylance / Symantec / Fire Eye Endpoint Protection / SentinelOne / Cybereason / CISCO AMP / Trend Micro Apex / Palo Alto Networks Traps. What makes Cynet s...

Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software. A new document published by Microsoft on Monday, a day before this month's Patch Tuesday, says just like Windows "automatically installs updates to keep your device secure and running at peak efficiency," the OS will now run another automatic process to uninstall problematic updates. From now on, if you receive the following notification on your device, that means your Windows 10 computer has recently been recovered from a startup failure,first sighted by Windows Latest blog . "We removed some recently installed updates...

One of the most important software companies NGINX , which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks , in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log into your applications at work. NGINX powers over half of the busiest websites in the world. Majority of sites on the Internet today, including The Hacker News, and hundreds of thousands apps, like Instagram, Pinterest, Netflix, and Airbnb are hosted on web servers running NGINX. NGINX web server is the third most widely used servers in the world—behind only Microsoft and Apache, and ahead of Google. In short, the internet as we know it today would not exist without NGINX. F5 Acquires NGINX to Bridge NetOps and DevOps F5 Networks is the industry leader in cloud and security application...

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab. New Phishing Attack Mimics Mobile Browser Animation and Design As you can see in the video, a malicious website that looks like Airbnb pro...

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure actions, workflows, and scheduled tasks, in order to perform some operations on large-scale servers. For example, you can set instructions (if this, then that) on Stackstorm platform to automatically upload network packet files to a cloud-based network analyze service, like CloudShark, in events when your security software detects an intrusion or malicious activity in the network. Since StackStorm executes actions—which can be anything, from the HTTP request to an arbitrary command—on remote servers or services that developers integrate for automated tasks, the pl...

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in. However, the FBI believes that the miscreants likely used a "password spraying" attack where the attackers guessed weak passwords to gain an early foothold in the company's network in order to launch more extensive attacks. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent...

You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability, assigned as CVE-2019-5786 , affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux. Without revealing technical details of the vulnerability, the Chrome security team only says the issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks. What's more worrisome? Google warned that this zero-day RCE vulnerability is actively being exploited in the wild by attackers to target Chrome users. "Access to bug details and links may be kept restricted until a majo...

Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs. However, unfortunately, most companies either don't collect the right telemetry or even when they do, it's practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that. Backstory solves this problem by allowing organizations to privately upload and store their petabytes of "internal security telemetry" on Google cloud platform and leverage machine learning and da...

Security researchers have finally, with "high confidence," linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter , the cyber espionage campaign targeting government, defense, nuclear, energy, and financial organizations around the world was initially uncovered in December 2018 by security researchers at McAfee. At that time, even after finding numerous technical links to the North Korean Lazarus hacking group , researchers were not able to immediately attribute the campaign due to a potential for false flags. Researchers Analysed Sharpshooter's Command Server Now, according to a press release shared with The Hacker News, a recent analysis of the seized code and command...

Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel allows an attacker to manipulate filesystem images without informing the operating system. The flaw could eventually allow an attacker or a malicious program to bypass the copy-on-write (COW) functionality to cause unexpected changes in the memory shared between processes, leading to memory corruption attacks. Copy-On-Write, also referred to as COW, is a resource-management optimization strategy used in computer programming. In general, if any process (destination) requires a file or data that is already in the memory but created by another process (source), both processes can share the ...

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background. ...

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share video, music, files, and apps across various devices. With more than 500 million users, the SHAREit Android app was found vulnerable to a file transfer application's authentication bypass flaw and an arbitrary file download vulnerability, according to a blog post RedForce researchers shared with The Hacker News. The vulnerabilities were initially discovered over a year back in December 2017 and fixed in March 2018, but the researchers decided not to disclose their details until Monday "given the impact of the vulnerability, its big attack surface and ease of exploitation." ...

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds by plugging-in a malicious hot plug device—such as an external network card, mouse, keyboard, printer, storage, and graphics card—into Thunderbolt 3 port or the latest USB-C port . The DMA-based attacks are possible because Thunderbolt port allows connected peripherals to bypass operating system security policies and directly read/write system memory that contains sensitive information including your passwords, banking logins, private files, and browser activity. That means, simply plugging in an infected device, created using tools like Interception , can manipulate the contents o...

It's not just the critical Drupal vulnerability that is being exploited by in the wild  cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week. A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability disclosed by Check Point in the UNACEV2.dll library of WinRAR that could allow a maliciously-crafted ACE archive file to execute arbitrary code on a targeted system. WinRAR is a popular Windows file compression application with 500 million users worldwide, but a critical "Absolute Path Traversal" bug (CVE-2018-20250) in its old third-party library, called UNACEV2.DLL, could allow attackers to extract a compressed executable file from the ACE archive to one of the Windows Startup folders, where the file would automatically run on the next reboot. To successfully exploit the...

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that could allow attackers to hack affected websites. Despite releasing no technical details of the security vulnerability, the proof-of-concept (PoC) exploit code for the vulnerability was made publicly available on the Internet just two days after the Drupal security team rolled out the patched version of its software. Now, security researchers at data center security vendor Imperva discovered a series of attacks—that began just a day after the exploit code went public—against its customers' websites using an exploit that leverages the CVE-2019-6340 security flaw. The attacks or...

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android's built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday. FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices. FIDO2 protocol is a combination of W3C's WebAuthn API that allows developers to integrate FIDO aut...

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, " Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information, " the new attacks could allow remote attackers to bypass security protections implemented in 4G and 5G, re-enabling IMSI catching devices like " Stingrays " to intercept users' phone calls and track their location. Here below, we have described all the three attacks, how they work, what are their impacts, and why you should be concerned about these attacks. ToRPEDO Attack — Location Verification, DoS, Inject Fake Alerts Short for "TRacking via Paging mEssage DistributiOn," TorPEDO is the most concerning attack that leverages paging protocol, allowing remote attackers to verify a victim device's location, inject fabricated paging mess...

Every app installed on your smartphone with permission to access location service "can" continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the history of your precise location. If you are not aware, there is a setting called "Location History" in your Facebook app that comes enabled by default, allowing the company to track your every movement even when you are not using the social media app. So, every time you turn ON location service/GPS setting on your smartphone, let's say for using Uber app or Google Maps, Facebook starts tracking your location. Users can manually turn Facebook's Location History option OFF from the app settings to completely prevent Facebook from collecting your location data, even when the app is in use. However, unf...