The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In Brief Some 100 Million cars made by Volkswagen are vulnerable to a key cloning attack that could allow thieves to unlock the doors of most popular cars remotely through a wireless signal, according to new research. Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack applies to practically every car Volkswagen has sold since 1995. There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot. Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research [ PDF ] later this week at the Usenix security conference in Austin, Texas. Attack 1 — Using Arduino-based RF Transceiver (Cost $40) The first attack can be carried out using a cheap radio device that can...

If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 ( version 3.6 and above of the Linux kernel ) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays. The flaw actually resides in the design and implementation of the Request for Comments: 5961 ( RF...

Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices. The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft. But now Apple is going to face competition from a blackhat company named, Exodus Intelligence. Exodus Intelligence is offering more than double Apple's maximum payout for zero-day vulnerabilities affecting the newest versions of iOS. The company is willing to pay more than $500,000 for zero-day vulnerabilities and exploits affecting iOS 9.3 and above. Although Exodus labeled itself as ' Research Sponsorship Program ,' the company actually makes money by buying and selling zero-day vulnerabilities and exploits. On Wednesday, Exodus launched its new bonus structure for the acquisition of details and exploits for zero-day vu...

It's True  —  There is no such backdoor that only its creator can access. Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI ( Unified Extensible Firmware Interface ) Secure Boot feature. What's even worse? It will be impossible for Microsoft to undo its leak. Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your system bootloader, as well as, Secure Boot restricts you from running any non-Microsoft operating system on your device. In other words, when Secure Boot is enabled, you will only be able to boot Microsoft approved ( cryptographically signature checking ) operating systems. However, the Golden Keys disclosed by two security researchers, using alias MY123 and Slipstream , can be used to install non-Windows operating systems, say GNU/Linux or Android, on the devices protected by Secure Boot. Moreover, according to the blog po...

In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 34 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102 , patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by getting you to view specially-crafted PDF content in your web browser. Users of Microsoft Edge on Windows 10 systems are at a significant risk for remote code execution (RCE) attacks through a malicious PDF file. Web Page with PDF Can Hack Your Windows Computer Since Edge automatically renders PDF content when the browser is set as a default browser, this vulnerability only affects Windows 10 users with Microsoft Edge set as the default browser, as the exploit would execute by simply by viewing a PDF online. Web browsers for all other affected operating systems do not automatically ...