The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you are an iPhone user and use Uber app, you would be surprised to know that widely popular ride-hailing app can record your screen secretly. Security researcher Will Strafach recently revealed that Apple selectively grants (what's known as an " entitlement ") Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch. The screen-recording API allows the Uber app to record user's screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen. What's more?  The company's access to such permission could make this data vulnerable to hackers if they, somehow, able to hijack Uber's software. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach told Gizmodo , who first reported about the issue. ...

A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System (APFS) volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint section is showing the actual password in the plain text. Yes, you got that right—your Mac mistakenly reveals the actual password instead of the password hint. In September, Apple released macOS High Sierra 10.13 with APFS (Apple File System) as the default file system for solid-state drives (SSDs) and other all-flash storage devices, promising strong encryption and better performance. Mariano discovered the security issue while he was using the Disk Utility in macOS High Sierra to add a new encrypted APFS volume to a container. When adding a new volume, he was asked to set a password and, optionally, write a hint for it. So, whenever the new volume is mounted, m...

It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye , independently discovered a series of malware campaigns primarily targeting aerospace, defence contractors and manufacturing sectors in various countries, including the United States, Thailand, South Korea and India. What's common? All these attack campaigns, conducted by various hacking groups, eventually install same information and password stealer malware—dubbed FormBook —on the targeted systems. FormBook is nothing but a " malware-as-as-service ," which is an affordable piece of data-stealing and form-grabbing malware that has been ...

A Greek court has approved the U.S. extradition of a 38-year-old Russian national accused of laundering more than $4 billion in bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking with the help of the now-defunct BTC-e exchange. Alexander Vinnik , an alleged operator of BTC-e—a digital currency exchange service that has been in operation since 2011 but seized by the authorities right after Vinnik's arrest in a beachside village in northern Greece in late July 2016 at the request of US law enforcement authorities. Since his arrest, Moscow has also requested Vinnik be returned home, as it has previously done with other Russian nationals wanted by the United States. However, the Greek court ruled Wednesday (4 October) to extradite Vinnik to the U.S., where he will face trial on the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transact...

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a "pure Java" HTTP web server environment for Java concept to run in. Unlike Apache Struts2 vulnerabilities , which have recently been exploited to breach the systems of American credit reporting agency Equifax , Apache Tomcat flaws are less likely to be exploited. The critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617) discovered in Apache Tomcat is due to insufficient validation of user-supplied input by the affected software. Only systems with HTTP PUTs enabled (via setting the "read-only" initi...