The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The new documents leaked by former NSA contractor Edward Snowden has exposed a United States secretive facility located near a remote town in Australia's Northern Territory for covertly monitoring wireless communications and aiding US military missions. The leaked documents have come from the massive trove of classified material stolen by Snowden from the US National Security Agency (NSA) in 2013 that exposed the extent of the US government's global surveillance programs. The newly released classified documents, obtained by The Intercept, contained references to a secretive facility, which was codenamed "Rainfall," but is officially known as the Joint Defence Facility Pine Gap . The documents reveal that the Joint Defence Facility Pine Gap, located outside Alice Springs, deployed cutting-edge satellite technology for detailed geolocation intelligence that helps the US military locate targets for special forces and drone strikes . The use of unmanned air v...

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices into spying tools that could track your every move, including inferring sexual activity. Dubbed CovertBand , the attack has been developed by four researchers at the University of Washington's Paul G. Allen School of Computer Science & Engineering, and is so powerful that it can record what a person is doing through a wall. The CovertBand tracking system makes use of the built-in microphones and speakers—found in smartphones, laptops, tablets, smart assistant and other smart devices—as a receiver to pick up reflected sound waves, tracking the movements of anyone near the audio sourc...

The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the Android banking Trojan called Faketoken that now has capabilities to detect and record an infected device's calls and display overlays on top of taxi booking apps to steal banking information. Dubbed Faketoken.q , the new variant of mobile banking trojan is being distributed using bulk SMS messages as their attack vector, prompting users to download an image file that actually downloads the malware. Malware Spy On Telephonic Conversations Once downloaded, the malware installs the necessary modules and the main payload, which hides its shortcut icon and begins monitoring everything—from every calls to launched apps—that happens on the infected Android device. When calls are m...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. The first vulnerability (CVE-2017-10951) is a command injection bug discovered by researcher Ariele Caltabiano working with Trend Micro's Zero Day Initiative (ZDI), while the second bug (CVE-2017-10952) is a file write issue found by Offensive Security researcher Steven Seeley. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it. Foxit refused to patch both the vulnerabilities because they would not work with the "safe reading mode" feature that fortunately comes enabled by default in Foxit Reader. "Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by d...

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled. No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked. Car Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely , how to disable car's crucial functions like airbags, and even how to remotely steal cars . Now, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models. A team of researchers from Trend Micro's Forward-looking Threat Research (FTR) team, in collaboration with Politecnico di Milano and...