The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A 20 year old critical subtle integer overflow vulnerability has been discovered in Lempel-Ziv-Oberhumer (LZO), an extremely efficient data compression algorithm that focuses on decompression speed, which is almost five times faster than zlib and bzip compression algorithms. Lempel-Ziv-Oberhumer (LZO) was developed in 1994 by Markus Oberhumer and currently it is one of the most popular and widespread compression algorithm used in the Linux kernel , some Samsung Android mobile devices, other embedded devices and several open-source libraries including OpenVPN, MPlayer2, Libav, FFmpeg. 20 YEAR OLD VULNERABILITY IN LZO ALGORITHM Don A. Bailey, founder and CEO of Lab Mouse Security, who disclosed the technical details of the buffer overrun vulnerability in LZO/LZ4 algorithm, explains that if an attacker carefully craft a piece of compressed data that would run malicious code when the software attempted to decompress it. According to advisory, if buffers of 16MB or more ...

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi...

This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event's security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year's World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil. The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea , standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance camera...

Security researchers have uncovered a new Stuxnet like malware, named as " Havex ", which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm , which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even can shut down a country's power grid with a single keystroke. According to security firm F-Secure who first discovered it as Backdoor:W32/Havex.A. , it is a generic remote access Trojan ( RAT ) and has recently been used to carry out industrial espionage against a number of companies in Europe that use or develop industrial applications and machines. SMARTY PANTS, TROJANIZED INSTALLERS To accomplish this, besides traditional infection methods such as exploit kits and spam emails,...

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, ...