The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Nearly a decade-long cyber espionage group that targeted a variety of Eastern European governments and security-related organizations including the North Atlantic Treaty Organization (NATO) has been exposed by a security research firm. The US intelligence firm FireEye released its latest Advanced Persistent Threat ( APT ) report on Tuesday which said that the cyber attacks targeting various organisations would be of the interest to Russia, and " may be " sponsored by the Russian government. The Report entitled " APT28: A Window Into Russia's Cyber Espionage Operations " published by FireEye has " evidence of long-standing, focused operations that indicate a government sponsor - specifically, a government based in Moscow. " " Despite rumours of the Russian government's alleged involvement in high-profile government and military cyber attacks, there has been little hard evidence of any link to cyber espionage, " Dan McWhort...

The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw. GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS. When a recursive directory fetch over FTP server as the target, it would let an attacker " create arbitrary files, directories or symbolic links " due to a symlink flaw. IMPACT OF SYMLINK ATTACK " It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP ," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment . A remote unauthentica...

China's number one — and the world's 3rd largest — smartphone manufacturer, Xiaomi , which is trying to make inroads into India's booming mobile phone market, was found secretly sending users' personal data , including IMEI numbers, phone numbers and text messages to the web servers back to Beijing in China. INDIA AND TAIWAN vs XIAOMI This issue raised higher concerns across many countries, proactively in India, Singapore and Taiwan. The Indian Air Force (IAF) — among the largest in the world — warned its employees and their belongings that their private information was being shipped over to servers in China, and asked them to avoid using Xiaomi smartphones due to security risk. Taiwanese Government underlined similar concerns before Xiaomi's launch in India. Xiaomi is facing an investigation in Taiwan for alleged cyber security threat, as a result of which last month the Taiwanese government decided to ban the company due to several privacy controversies. When i...

If you own a Sony smartphone either the Android 4.4.2 or 4.4.4 KitKat firmware then inadvertently you may be transmitting your data back to the servers in China, even if you haven't installed any application. Quite surprising but it's true. I know many of you haven't expected such practices from a Japanese company, but reports popping up at several forums suggest that some new Sony Xperia handsets seem to contain the Baidu spyware . MYSTERIOUS BAIDU SPYWARE About a month ago, a group of community users of Sony smartphone detected the presence of a strange folder, named " Baidu ", mysteriously appeared from among those present in various versions of Android for these handsets. The creepy part is that the folder is created automatically without the owners permission and there is no way of deleting it. Even if someone tries to remove it, it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing, neither does starting t...

The Nation's largest telecom operator ' Verizon Wireless ' is tracking its customers' mobile internet traffic by adding a token to Web requests traveling over its network, in order to facilitate targeted advertising even if a user has opted out of their Customer Proprietary Network Information (CPNI) options. The Precision Market Insights division of Verizon is collecting users' data from more than two years with the launch of the Unique Identifier Token Header (UIDH) under its Relevant Mobile Advertising program. The company also expanded its program to cover all Verizon Wireless subscribers. UIDH TRACKS CUSTOMERS' EVERY MOVE ON WEB When consumers visit certain websites or mobile apps, The Verizon network is adding cookie-like X-UIDH header tokens to Web requests traveling over its network with a unique value/identifier for every particular mobile device. This Verizon's solution is called the PrecisionID , which is being used to create a d...