The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in exchange for the decryption keys use to unlock the files. The ransomware attack on the Baltimore City Hall took place on Tuesday morning and infected the city's technology systems with an unknown ransomware virus, which according to government officials, is apparently spreading throughout their network. According to new Baltimore Mayor Bernard C. Jack Young, Baltimore City's critical public safety systems, such as 911, 311, emergency medical services and the fire department, are operational and not affected by the ransomware attack. Young also says the city technology officials are ...

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing. News of the hack comes just hours after Zhao tweeted that Binance has "to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours." According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that's connected to the Internet), which contained about 2% of the company's total BTC holdings, and withdraw stolen Bitcoins ...

The saying that there are two types of organizations, those that have gotten breached and those who have but just don't know it yet, has never been more relevant, making the sound incident response a required capability in any organization's security stack. To assist in this critical mission, Cynet is launching a free IR tool offering, applicable to both IR service providers in need of a powerful, free incident response platform , and to organizations that either suspect security incidents and want to get immediate visibility into what happened, or that know they have a breach and need to respond immediately. The Cynet Free IR tool offering for IR providers can be accessed here . The Cynet Free IR tool offering for organizations can be accessed here . Incident response is about getting two things done as fast as possible: accurately knowing breach scope and impact; ensuring that all malicious presence and activity are eliminated. Cynet introduces unmatched speed and effi...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Yes, you heard me right. Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer. No, that doesn't mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house custom built Linux kernel later this year starting with the Windows 10 Insider builds. Microsoft announced the move in a blog post while unveiling Windows Subsystem for Linux version 2.0 (or WSL 2 ) that will feature "dramatic file system performance increases" and support more Linux apps like Docker. So, to support this entirely new architecture for the WSL 2, Windows 10 will have its own Linux kernel. Although this is not the first time Microsoft has shipped a Linux kernel as the company has already shipped its own custom Linux kernel on Azure Sphere  last year, this is the first time a Linux kernel is shipped with Windows. Unlike Windows Subsystem for Linux version...

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them. According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye , was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017. Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States. Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [ 1 , 2 ] Buckeye hacking group to an information security company, called Boyusec, who is working on beh...

Wyzant —an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing "certain personal identification information" for its customers. The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals an unknown attacker was able to gain access to one of its databases on April 27, which the company identified a week after the security incident. The stolen personal identification information for affected customers includes their first name, last name, email address, zip code, and, for certain customers, their Facebook profile image as well who log-in to the platform using Facebook. Wyzant also explicitly made it clear that the stolen data did not include any password, payment information, or record of its customers' activity on the Wyzant platform, and that no other than the above-mentione...

The Israel Defense Force (IDF) claims to have neutralized an "attempted" cyber attack by launching airstrikes on a building in Gaza Strip from where it says the attack was originated. As shown in a video tweeted by IDF, the building in the Gaza Strip, which Israeli fighter drones have now destroyed, was reportedly the headquarters for Palestinian Hamas military intelligence, from where a cyber unit of hackers was allegedly trying to penetrate Israel's cyberspace. "We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed," said the Israeli Defence Forces on Twitter. However, the Israel Defense Force has not shared any information about the attempted cyber attack by the Hamas group, saying it would reveal the country's cyber capabilities. According to Judah Ari Gross of Times of Israel , ...

Europol announced the shut down of two prolific dark web marketplaces— Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the world's second largest dark marketplace with more than a million users and 5,400 vendors. Besides this, the operation involving Europol , Dutch police and the FBI also led to the arrests of two major suppliers of narcotics via the Wall Street Market site in Los Angeles, the United States. According to the Europol, the police officers seized the computers used to run the illegal market place, along with more than €550 000 (£472,000 or $621,000) in cash, more than €1 Million in Bitcoin and Monero cryptocurrencies, expensive cars, and other evidence. In a press release published today, Eu...

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting...

Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time. Google's Location History feature, if enabled, allows the company to track locations that you have visited, while Web and App Activity tracks websites you have visited and apps you have used. Until now, Google allowed you to either altogether disable the Location History and Web and App Activity feature or manually delete all or part of that data, providing no controls for regular deletion so that users can manage their data efficiently. However, an AP investigation last year revealed that even if you turn off the Location History feature in all your accounts, Google services on Android and iPhone devices continue to trac...

WikiLeaks founder Julian Assange has been sentenced to 50 weeks—for almost a year—in prison by a London court for breaching his bail conditions in 2012 and taking refuge in the Ecuadorian embassy for nearly 7 years. The 47-year-old Assange was arrested last month by London's Metropolitan Police Service after the Ecuadorian government suddenly withdrew his political asylum . Within hours of his arrest, Assange was convicted at Westminster Magistrates' Court of skipping bail in June 2012 after an extradition order to Sweden over claims of sexual assault and rape allegations made by two women. Although Sweden dropped its preliminary investigation into the rape accusation against Julian Assange in 2017, Assange chose not to leave the Ecuadorian Embassy due to fears of extradition to the United States. In the Southwark Crown Court today Judge Deborah Taylor gave Assange a sentence close to the maximum of a year in custody, saying it was hard to "envisage a more ser...

In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS's Cybersecurity and Infrastructure Security Agency (CISA) this week issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address "critical" rated vulnerabilities within 15 days and "high" severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA's weekly Cyber Hygiene vulnerability scanning, rather than it was the firs...

Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed " Sodinokibi ." Last weekend, The Hacker News learned about a critical deserialization remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization. To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on...

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile. When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you. However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user. The research was conducted by a team of researchers from Ruhr University Bochum and ...

An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million. Electrum has been facing cyber attacks since December last year when a team of cybercriminals exploited a weakness in the Electrum infrastructure to trick wallet users into downloading the malicious versions of the software. In brief, the attackers added some malicious servers to the Electrum peer network which were designed to purposely display an error to legitimate Electrum wallet apps, urging them to download a malicious wallet software update from an unofficial GitHub repository. The phishing attack eventually allowed attackers to steal wallet funds (almost 250 Bitcoins that equals to about $937,000 at the time) and take full control over the infected systems. To counter this, the developers behind Electrum...

A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates. The massive database which is hosted on a Microsoft cloud server also contains coded information noted in "numerical values," which the researchers believe correlates to homeowners' gender, marital status, income bracket, status, and dwelling type. Fortunately, the unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households. The researchers verified the accuracy of some data in the cache, but they did not download the ...

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach reportedly exposed sensitive information for nearly 190,000 Hub users (that's less than 5 percent of total users), including usernames and hashed passwords for a small percentage of the affected users, as well as Github and Bitbucket tokens for Docker repositories. Docker Hub started notifying affected users via emails informing them about the security incident and asking them to change their passwords for Docker Hub, as well as any online account using the same password. "On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon ...

Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users' privacy. This week, Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company's mishandling of its users' data . New York Attorney General to Investigate Facebook Email Collection Scandal New York Attorney General is opening an investigation into Facebook's unauthorized collection of the email contacts of more than 1.5 million users during site registration without their permission. Earlier this month, Facebook was caught practicing the worst ever user-verification mechanism...

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called " Plugin Vulnerabilities "—that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once again dropped details  and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin. To be clear, the reported unpatched vulnerability doesn't reside in the WordPress core or WooCommerce plugin itself. Instead, the vulnerability exists in a plugin , called WooCommerce Checkout Manager , that extends the functionality of WooCommerce by allowing eCommerce sites to customize forms on their checkout pages and is currently being used by more than 60,000 websites. The vulnerability in question is an "arbitrary file upload" issue that can be exploi...