The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The SMBv1 is one of the internet's most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to request services from a server. The WannaCry ransomware , which wreaked havoc last month, was also leveraging an NSA's Windows SMB exploit, dubbed EternalBlue , leaked by the Shadow Brokers in its April data dump. The WannaCry ransomware menace shut down hospitals , telecommunication providers, and many businesses worldwide, infecting hundreds of thousands of unpatched Windows servers running SMBv1 in more than 150 countries within just 72 hours on 12th of May. Although Microsoft patched the vulnerability in SMBv1 in March in MS17-010 , the company meanwhile strongly advised us...

Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover. Dubbed Stack Clash , the vulnerability ( CVE-2017-1000364 ) has been discovered in the way memory was being allocated on the stack for user space binaries. Exploiting Stack Clash Bug to Gain Root Access The explanation is simple: Each program uses a special memory region called the stack, which is used to store short-term data. It expands and contracts automatically during the execution of any program, depending upon the needs of that program. According to researchers at Qualys, who discovered and reported this bug, a malicious program can attempt to use more memory space than available on the stack,...

South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files. However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted. The hosting company has already paid two installments at the time of writing and would pay the last installment of ransom after recovering data from two-third of its infected servers. According to the security firm Trend Micro , the ransomware used in the attack was Erebus that was first spotted in September last year and was seen in February this year with Win...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics (DRA) , a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server. Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA. Vickery is the same security researcher who discovered over 191 million voter records stored in an unsecured database in late 2015. In April, Vickey also reported information on 93 million Mexican voters. Vickery discovered the exposed databases on June 12, which...

After the disclosure of sophisticated global espionage and disinformation campaign aimed to discredit enemies of the state, Citizen Lab researchers exposed the dirty game of the Mexican government and its politics. The report — " Government Spy: Systematic monitoring of journalists and human rights defenders in Mexico " — published by Citizen Lab today revealed how the Mexican government used advanced spyware tools purchased from the NSO Group to target the country's most prominent human rights lawyers, anti-corruption activists, and journalists. The NSO Group, an Israel-based company that produces the most advanced mobile spyware on the planet, sold the tool to governments with an explicit agreement that it should be used only to fight terrorists or criminal groups that have long kidnapped and killed Mexicans. But, the Mexican government targets include: Lawyers looking into the case of 43 Students disappeared in September 2014 from the town of Iguala. Two ...