The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers...

A critical vulnerability has been discovered in Systemd , the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445 , actually resides in the ' dns_packet_new ' function of 'systemd-resolved,' a DNS response handler component that provides network name resolution to local applications. According to an advisory published Tuesday, a specially crafted malicious DNS response can crash 'systemd-resolved' program remotely when the system tries to lookup for a hostname on an attacker-controlled DNS service. Eventually, large DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution. This means the attackers can remotely run any malware on the targeted system or server via their evil DNS service...

What if I say the Tuesday's devastating global malware outbreak was not due to any ransomware infection? Yes, the Petya ransomware attacks that began infecting computers in several countries, including Russia, Ukraine, France, India and the United States on Tuesday and demands $300 ransom was not designed with the intention of restoring the computers at all. According to a new analysis, the virus was designed to look like ransomware but was wiper malware that wipes computers outright, destroying all records from the targeted systems. Comae Technologies Founder Matt Suiche, who closely looked the operation of the malware, said after analyzing the virus, known as Petya, his team found that it was a " Wiper malware ," not ransomware. Security experts even believe the real attack has been disguised to divert world's attention from a state-sponsored attack on Ukraine to a malware outbreak. "We believe the ransomware was, in fact, a lure to control the...

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release. With the launch of its Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017, Microsoft is planning to release lots of security features in an effort to prevent major global malware crisis. Just a few days ago, we reported about Microsoft's plan to build its EMET or Enhanced Mitigation Experience Toolkit into the kernel of the upcoming Windows 10 to boost the security of your computer against complex threats such as zero-day vulnerabilities. Also, the tech giant has planned to remove the SMBv1 (Server Message Block version 1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — from the upcoming Windows 10 (1709) Redstone 3 ...

WikiLeaks has just published a new batch of the ongoing Vault 7 leak , and this time the whistleblowing website has unveiled a classified malware for that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system. In short, the malware does it by capturing the IDs of nearby public hotspots and then matching them with the global database of public Wi-Fi hotspots' locations. Dubbed ELSA , the alleged CIA's project consists of two main elements: the processing component (Operator Terminal) and the implant (Windows Target) which is typically being deployed on a target Windows host. Here's How the CIA's ELSA Malware Works The Elsa system first installs the malware on a targeted WiFi-enabled machine using separate CIA exploits to gain persistent access on the device. The malware then uses Wi-Fi hardware of the infected computer to scan nearby visible WiFi access points (AP) and records their ESSID – stands for Extended Service Se...