The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Does Adobe Flash , the standard that animated the early Web, needs to Die? Unfortunately, Yes. Despite Adobe's best efforts, Flash is not safe anymore for Internet security, as a recent zero-day Flash exploit has been identified. Just Yesterday Adobe released its monthly patch update that addressed a total of 69 critical vulnerabilities in Reader, Acrobat, including 13 critical patches for Flash Player. Now today, Security researchers have disclosed a new zero-day vulnerability in fully patched versions of Adobe Flash, which is currently being exploited in the wild by a Russian state-sponsored hacking groups, named " Pawn Storm ". NO Patch For Latest Flash Exploit That means, even users with an entirely up-to-date installation ( versions 19.0.0.185 and 19.0.0.207 ) of the Flash software are also vulnerable to the latest zero-day exploit. Luckily, for the time being, this exploit is only being used against Government agencies and several foreign affairs...

If you have watched the most recent Avengers movie, then you would be aware of a scene where all the superheroes Iron Man, War Machine, Hawkeye, and Captain America take turns to lift Thor's hammer but fail. Someone has an explanation, Why? Inspired by Thor's legendary hammer Mjolnir that is not liftable by anyone except Thor, an electrical engineer has built a real-life Mjolnir that only he can pick up. Electrical engineer Allen Pan , who also runs the Sufficiently Advanced YouTube channel, created a giant hammer that only he can lift, so long as the hammer is on a metal surface. To make his hammer immovable, Pan made use of: A capacitive touch sensor ( fingerprint sensor ) attached to the handle An Arduino Pro Mini and a solid state relay, which serves as a switching device. A microwave oven transformer electromagnet that uses electricity to produce a very strong magnetic field. The electromagnet creates a very strong magnetic field, strong enough ...

OK, Google is Listening… and Recording too. Google is not just listening to your searches, but the search engine is also recording and storing every single voice search you make. Google is incredibly accurate at understanding your voice. The company secretly stores its users' searches from its voice-activated assistant Google's Voice Search and search feature Google Now to turn up relevant advertisements as well as improve the feature. But what many of you do not realize is that after every voice searches you made, Google makes a recording of it and stores it in a remote part of your account. Listen to Your Own Voice Recorded by Google However, it's no surprise to know that Google is recording our voice because it's nothing new, but it made me really scary when I heard myself so cleared. Don't believe me? Listen to your own voice recording by visiting your " Voice & Audio Activity " page in the Google Dashboard and you...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Microsoft has rolled out six security updates this Patch Tuesday , out of which three are considered to be " critical, " while the rest are marked as " important. " Bulletin MS15-106 is considered to be critical for Internet Explorer (IE) and affects absolutely all versions of Windows operating system. The update addresses a flaw in the way IE handles objects in memory. The flaw could be exploited to gain access to an affected system, allowing hackers to gain the same access rights as the logged-in user. A hacker could " take advantage of compromised websites, and websites that accept or host user-provided content or advertisements ," the advisory states. " These websites could contain specially crafted content that could exploit the vulnerabilities. " Therefore, the dependency here is that an IE user must knowingly click on the malicious link, which then be leveraged by an attacker to get the full control over a computer t...

From today, every phone call you make, every text message you send and every email you write will compulsorily be tracked by the government agencies under a new metadata retention scheme. Yes, you heard right. If you are a citizen of Australia with a mobile phone and an Internet connection, your digital activity will be recorded. As the government's new data retention law comes into effect, the Australian telecommunications companies will now keep large amounts of your telecommunications metadata for two years. The law has allegedly been implemented to protect the country against organized terrorist and criminals, like every government agencies including the United States' intelligence agency NSA and British intelligence agency GCHQ claim. But… This new scheme vastly expands the retention of personal data, which has triggered a debate among Australians as it is a major invasion of privacy . WHAT IS BEING COLLECTED? Until today, data retention by ...