The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Bought a brand new Android Smartphone? Don't expect it to be a clean slate. A new report claims that some rogue retailers are selling brand-new Android smartphones loaded with pre-installed software. Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi , Huawei and Lenovo — that have pre-installed spyware in the firmware. G Data is a German security firm that disclosed last year the Star N9500 Smartphone's capability to spy on users, thereby comprising their personal data and conversations without any restrictions and users knowledge. Removal of Spyware Not Possible The pre-installed spyware, disguised in popular Android apps such as Facebook and Google Drive , can not be removed without unlocking the phone since it resides inside the phone's firmware. "Over the past year, we have seen a significant [growth] in devices that are equipped with firmware-level [m...

Widely popular AppLock for Android by DoMobile Ltd. is claimed to be vulnerable to hackers. Having an applock for iPhone or Android device is useful. It is suitable for security and keeping people out of your business. But when it comes to how to password protect apps on Android? How to put passwords on apps? — the one app that comes to mind is AppLock. What is AppLock? AppLock is a lightweight Android app that enables users to apply a lock on almost any type of file or app on their devices, preventing access to your locked apps and private data without a password. The most basic functionality of the security feature is to lock your Android apps so that nobody can access or uninstall them, but applock can hide pictures and videos, and even contacts and individual messages. For example, if you have an app lock on WhatsApp, one of your friends borrow your phone to play games cannot get into your WhatsApp app without a password you have set for the locked app. App Lock si...

Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet . The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers. Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5 . Mac Keychain Flaw Now, security researchers from anti-malware firm MalwareBytes spotted t...

In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM) . These attacks resulted in 21 million current and former Federal government employees' information being stolen. After months of investigation, the FBI's Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the attack. One of the more effective tools discovered is named ' FF-RAT '. FF-RAT evades endpoint detection through stealth tactics, including the ability to download DLLs remotely and execute them in memory only. Hackers use RATs to gain unlimited access to infected endpoints. Once the victim's access privilege is acquired, it is then used for malware deployment, command and control (C&C) server communication, and data exfiltration. Most Advanced Persistent Threat (APT) attacks also take advantage of RAT functionality for bypassing strong authentication, reconnaissance, spreading...

No plan to install Windows 10 due to Microsoft's controversial data mining and privacy invasions within the operating system? Well, Windows 7 and Windows 8 OS users should also be worried as Windows 10 spying is now headed their way too… Microsoft has been caught installing latest updates onto Windows 7 and Windows 8 computers that effectively introduce the same data collecting and user behavior tracking features used in Windows 10. Under the new updates, the operating systems indiscriminately upload data to Microsoft's servers, which might be a major privacy concern for many users. Creepy Updates The updates in question are: KB3068708 – This update introduces the Diagnostics and Telemetry tracking service to existing devices. KB3022345 (replaced by KB3068708 ) – This update adds the Diagnostics and Telemetry tracking service to in-market devices. KB3075249 – This update adds telemetry points to the User Account Control (UAC) feature in order to collect data on ele...