The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually "click" objects without any user interaction or consent. To know, how dangerous it can go, Wardle explains : "Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click...allowed. Authorize keychain access? Click...allowed. Load 3rd-party kernel extension? Click...allowed. Authorize outgoing network connection? click ...allowed." Wardle described his research into "synthetic" interactions with a user interface (UI) as "The Mouse is Mightier than the Sword," ...

Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely? Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in—even if you're careful about avoiding sketchy apps. That's exactly what security researchers from mobile security firm Kryptowire demonstrated at the DEF CON security conference on Friday. Researchers disclosed details of 47 different vulnerabilities deep inside the firmware and default apps (pre-installed and mostly non-removable) of 25 Android handsets that could allow hackers to spy on users and factory reset their devices, putting millions of Android devices at risk of hacking. At least 11 of those vulnerable smartphones are manufactured by companies including Asus, ZTE, LG, and the Essential Phone, and being distributed by US carriers like Verizon and AT&T. Other majo...

Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only when the target's face is detected by the camera. To demonstrate this scenario, security researchers at IBM Research came up with DeepLocker —a new breed of "highly targeted and evasive" attack tool powered by AI," which conceals its malicious intent until it reached a specific victim. According to the IBM researcher, DeepLocker flies under the radar without being detected and "unleashes its malicious action as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition." Describing it as the "sp...

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking site VKontakte, and China's Weibo and Douban—based on their names and pictures. The tool's creators claim they developed Social Mapper intelligence-gathering tool predominantly to help pen testers and red teamers with social engineering attacks. Although the searches of names and pictures can already be performed manually, Social Mapper makes it possible to automate such scans far faster and "on a mass scale with hundreds or thousands of individuals" at once. "Performing intelligence gathering online is a time-consuming process, it typically starts by attempting to...

WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations. Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a loophole in WhatsApp's security protocols to change the content of the messages, allowing malicious users to create and spread misinformation or fake news from "what appear to be trusted sources." The flaws reside in the way WhatsApp mobile application connects with the WhatsApp Web and decrypts end-to-end encrypted messages using the protobuf2 protocol . The vulnerabilities could allow hackers to misuse the 'quote' feature in a WhatsApp group conversation to change the identity of the sender, or alter the content of someone else's reply to a group chat, or even send private messages to one of ...