The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The 2014 Yahoo hack disclosed late last year that compromised over 500 million Yahoo user accounts was believed to be carried out by a state-sponsored hacking group. Now, two Russian intelligence officers and two criminal hackers have been charged by the US government in connection with the 2014 Yahoo hack that compromised about 500 million Yahoo user accounts, the Department of Justice announced Wednesday. According to the prosecutors, at least 30 million accounts were accessed as part of a spam campaign to access the email contents of thousands of people, including journalists, government officials, and technology company employees. The four defendants — Two officers from the Russian Federal Security Service (FSB) and two other hackers — are identified as: Dmitry Aleksandrovich Dokuchaev, 33 — an officer in the FSB Center for Information Security at the time of the hack, and now Russian national and resident. Igor Anatolyevich Sushchin, 43 — an FSB officer, a superior...

Next time when someone sends you a photo of a cute cat or a hot chick on WhatsApp or Telegram then be careful before you click on the image to view — it might hack your account within seconds. A new security vulnerability has recently been patched by two popular end-to-end encrypted messaging services — WhatsApp and Telegram — that could have allowed hackers to completely take over user account just by having a user simply click on a picture. The hack only affected the browser-based versions of WhatsApp and Telegram, so users relying on the mobile apps are not vulnerable to the attack. According to Checkpoint security researchers, the vulnerability resided in the way both messaging services process images and multimedia files without verifying that they might have hidden malicious code inside. For exploiting the flaw, all an attacker needed to do was sending the malicious code hidden within an innocent-looking image. Once the victim clicked on the picture, the attacker coul...

In a large-scale Twitter hack, thousands of Twitter accounts from media outlets to celebrities, including the European Parliament, Forbes, BlockChain, Amnesty International, UNICEF, Nike Spain and numerous other individuals and organizations, were compromised early Wednesday. The compromised Twitter accounts is pushing a disturbing spam message written in Turkish comparing the Dutch to the Nazis, with Swastikas and a " #NaziHollanda " or " #Nazialmanya " (Nazi Germany) hashtag, and changed some of the victims' profile pictures to an image of the Turkish flag and Ottoman Empire coat of arms. In addition to the message, the hackers are also posting a link to a YouTube video and the Twitter account Sebo . According to the latest reports, this weird Twitter activity on numerous high-profile accounts is the result of a vulnerability in the third-party app called Twitter Counter. Twitter Counter is a social media analytics service that helps Twitter users to ...

After last month's postponement, Microsoft's Patch Tuesday is back with a massive release of fixes that includes patches for security vulnerabilities in Windows and associated software disclosed and exploited since January's patch release. Meanwhile, Adobe has also pushed out security updates for its products, releasing patches for at least seven security vulnerabilities in its Flash Player software. Microsoft patched a total of 140 separate security vulnerabilities across 18 security bulletins, nine of them critical as they allow remote code execution on the affected computer. Microsoft Finally Patches Publicly Disclosed Windows Flaws Among the "critical" security updates include a flaw in the SMB (server message block) network file sharing protocol, which had publicly disclosed exploit code since last month. The original patch released last year for this flaw was incomplete. The flaw is a memory corruption issue that could allow remote code execu...

With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money. The troublesome part is that Adware is now becoming trojanized and more sophisticated, as it aggressively collects personal data from the mobile device it's installed on, including name, birth date, location, serial number, contacts, and browser data without users' consent. However, the risk is a bit higher on Android than other platforms because of the extra permissions that apps enjoy. Although Google has stepped up its efforts to remove potentially harmful apps from its Play Store in the past years and added more stringent malware checks for new apps, Adware app eventually finds its way into its mobile app marketplace to target millions of Android users. In its recent efforts to make its Play Store ecosystem safe, Google has recently discover...