The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users. If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron Masas, a security researcher from Imperva, has discovered a vulnerability in web browsers that could allow attackers to find everything other web platforms, like Facebook and Google, knows about you—and all they need is just trick you into visiting a website. The vulnerability, identified as CVE-2018-6177 , takes advantage of a weakness in audio/video HTML tags and affects all web browsers powered by "Blink Engine," including Google Chrome. To illustrate the attack scenario, the researcher took an example of Facebook, a popular social media platform that collects in-depth profiling information on its users, including their age, gender, where you have been (loca...

Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to .ru domains. According to victims, their account names, profile pictures, passwords, email addresses associated with their Instagram accounts, and even connected Facebook accounts are being changed in the attack. Many of the affected Instagram users are also complaining about their profile photos replaced with stills from popular films, including Despicable Me 3 and Pirates of the Caribbean. Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or...

Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote. On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain. But as I said, phishers always find a way to bypass security protections in order to victimize users. Just ...

A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware. Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims' computers and displays a message purporting to come from a national law enforcement agency. The splash screen of the malware was designed to falsely tell unsuspecting victims that they have been caught doing illegal or malicious activities online or the law enforcement had found illegal material on their computer, forcing users to make pay a "fine" of $200-300 within 48 hours to regain access to their computers. Raymond Odigie Uadiale, 41-year-old, who worked as a Microsoft network engineer, is not the actual author of the Reveton ransomware , but he helped the Reveton distributor, residing in the UK and identified as the online...

2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow , alternatively called L1 Terminal Fault or L1TF, the new attacks include three new speculative execution side-channel vulnerabilities affecting Intel processors. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords. The three Foreshadow vulnerabilities have been categorized into two variants: 1.) Foreshadow Foreshadow ( PDF ) targets a new technology originally been designed to protect select code and users' data from disclosure or modification, even if the entire system falls under a...