The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

T-Mobile devices having a default Wi-Fi Calling feature that keeps you connected in areas with little or no coverage using Wi-Fi connection. But according to new finding by students Jethro Beekman and Christopher Thompson from University of California Berkeley, that this feature lets millions of Android users vulnerable to Man-in-the-Middle attack . The simplest way to become a man-in-the-middle would be for the attacker to be on the same open wireless network as the victim, such as at a coffee shop or other public space. In a technical analysis of the exploit, The flaw could potentially allow hackers to access and modify calls and messages made by T-Mobile users on certain Android smartphones. Beekman and Thompson informed T-Mobile, a division of Deutsche Telekom, of the flaw in December and on March 18 T-Mobile was able to resolve the issue for all affected phone models. T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that encry...

Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack  but the country's Communications Commission has revealed that the hacking originated from a Chinese IP address. Symantec Security team analyze the code used in the cyber attacks against South Korea and they discovered an additional component used in this attack that is capable of wiping Linux machines.  The malware, which it called Jokra, contains a module for wiping remote Linux machines. ' The included module checks Windows 7 and Windows XP computers for an application called mRemote, an open source, multi-protocol remote connections manager. ' Symantec said. McAfee also published an analysis of the attack code, which wrote over a computer's master boot record, which is the first sector of the computer's hard drive that the computer checks before ...

The US government is claiming that authorities do not need court warrants to affix GPS devices to vehicles to monitor their every move. t's been more than a year since a Supreme Court decision established that affixing a GPS tracking device to a vehicle constitutes a search under the constitution. The decision, United States vs. Jones , throws out the drug-related conviction of nightclub owner Antoine Jones. The GPS locator was installed the day after the warrant expired and while the vehicle was outside of the department's jurisdiction, and DC police tracked Jones for nearly a month after installation before arresting him. " Requiring a warrant and probable cause before officers may attach a GPS device to a vehicle, which is inherently mobile and may no longer be at the location observed when the warrant is obtained, would seriously impede the government's ability to investigate drug trafficking, terrorism, and other crimes. Law enforcement officers co...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for its author. Dubbed as ' Trojan.Yontoo.1 ', Attackers have provided a number of alternative ways to spread the threat. The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator. When victim visits the site, the dialogue only imitates the traditional plate and specially designed by hackers to enter a potential victim of misleading. After pressing the « Install the plug-in » victim is redirected to the site to download malware. When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube. after the user presses ' Continue ', instead of the promis...

Computer networks at major South Korean banks and top TV broadcasters crashed simultaneously Wednesday, during a Massive cyber attack. South Korean police investigating reports from several major broadcasters and banks. least three broadcasters KBS, MBC and YTN and the Shinhan and Nonghyu banks reported that their computer networks had been crached. The state-run Korea Information Security Agency said that Screens went blank at 2 p.m. and more than seven hours later some systems were still down.  The take down was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches. The Associated Press says: " The latest network para...