The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10. While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline. The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team's researcher Ivan Fratric, is a so-called " type confusion flaw " in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code exec...

Wi-Fi enabled devices — widely known as the Internet of Things (IoT) — are populating offices and homes in greater and greater numbers. From smartphones to connected printers and even coffee makers, most of these IoT devices have good intentions and can connect to your company's network without a problem. However, as the Internet of Things (IoT) devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. The attackers can use your smart devices to gain backdoor entry to your network, giving them the capability to steal sensitive data, such as your personal information, along with a multitude of other malicious acts. An interesting attack scenario has recently been demonstrated by one of the renowned hackers, Jayson Street , who said all it is needed is to walk around with the right device to get into someone's device. Before we jump into the te...

A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that could have exposed a range of sensitive information, including passwords, and cookies and tokens used to authenticate users. Dubbed Cloudbleed , the nasty flaw is named after the Heartbleed bug that was discovered in 2014, but believed to be worse than Heartbleed. The vulnerability is so severe that it not only affects websites on the CloudFlare network but affects mobile apps as well. What exactly is "Cloudbleed," how it works, how are you affected by this bug, and how you can protect yourself? Let's figure it out. What is Cloudbleed? Discovered by Google Project Ze...

British police have arrested a suspect in connection with the massive attack on Deutsche Telekom that hit nearly 1 Million routers last November. Late last year, someone knocked down more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany, which affected the telephony, television, and internet service in the country. Now, Germany's federal criminal police force (BKA) revealed today that the UK's National Crime Agency (NCA) reportedly arrested a 29-year-old British suspect at Luton airport in London on Wednesday, who is accused of being the mastermind behind the last year's attack. In a statement , the German police said the last year's attack was especially severe and was carried out to compromise the home routers to enroll them in a network of hijacked machines popularly known as Botnet, and then offer the DDoS services for sale on dark web markets. But ultimately, the attack created a denial-of-service situation, which resulted i...

SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack. SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hashes, SHA-1 also converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that particular message. Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1. The explanation is technologically tricky, but you can think of it as attackers who surgically alters their fingerprints in order to match yours, and then uses that to unlock your smartphone. The researchers h...