The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation ...

Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this whole process faster, Google Chrome and other major browsers offer "Autofill" feature that automatically fills out web form based on data you have previously entered in similar fields. However, it turns out that an attacker can use this autofill feature against you and trick you into spilling your private information to hackers or malicious third parties. Finnish web developer and whitehat hacker Viljami Kuosmanen published a demo on GitHub that shows how an attacker could take advantage of the autofill feature provided by most browsers, plugins, and tools such as Password Managers. Although, this trick was first discovered by Ricardo Martin Rodriguez , Security Analyst at ElevenPaths, in the year 2013, but it seems Google haven't done anything to address weakness in Autofill feature. The proof-of-concept demo website consists of a simple online...

Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are using weak passwords that are easy to remember and reuse same passwords on multiple accounts and reusable passwords to secure their online accounts. Ideally, your password should be at least 16 characters long and should contain a combination of digits, symbols, uppercase letters and lowercase letters. Most of us know about this good password practice, but we just ignore it because it is really painful for us to memorize complex password strings for different accounts. Here comes the need of a Password Manager OR  Password Management Software . Password Manager can significantly reduce your password memorizing problem, along with the cure for your bad habit of setting weak pass...

In Brief Microsoft has issued its first Patch Tuesday for 2017 , and it's one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player. Meanwhile, Adobe has also released patches for more than three dozen security vulnerabilities in its Flash Player and Acrobat/Reader for Windows, MacOS, and Linux desktops. According to the Microsoft Advisory, only one security bulletin is rated critical, while other three are important. The bulletins address security vulnerabilities in Microsoft's Windows, Windows Server, Office, Edge and Flash Player. The only security bulletin rated as critical is the one dedicated to Adobe Flash Player, for which Microsoft distributed security patches through Windows Update. Other security bulletins that addresses flaws in Microsoft products are as follows: Bulletin 1 — MS17-001 This security update resolves just one v...

The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang! The hacking group is now selling another package of hacking tools, " Equation Group Windows Warez ," which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group. For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and "powerful espionage tools" created by The Equation Group. On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire " Windows Warez " collection for 750 Bitcoin (around US$678,630). The data dump contains many windows hacking tools, categorized as following: Fuzzing tools (used to discover errors and security loopholes) Exploit Framework Network Implants Remote Administration Tools (RAT) Remot...