The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack , which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down. However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read. Now, researchers from Finnish cyber-security firm F-Secure figured out a new way to disable this overwrite security measure by physically manipulating the computer's firmware, potentially allowing attackers to recover sensitive data stored on the computer after a cold reboot in a matter of few minutes. "Cold boot...

Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds. Yes, you heard that right. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical Engineering at the KU Leuven University in Belgium has demonstrated how it break the encryption used in Tesla's Model S wireless key fob. With $600 in radio and computing equipment that wirelessly read signals from a nearby Tesla owner's fob, the team was able to clone the key fob of Tesla's Model S, open the doors and drive away the electric sports car without a trace, according to Wired . "Today it's very easy for us to clone these key fobs in a matter of seconds," Lennert Wouters, one of the KU Leuven researchers, told Wired. "We can completely impersonate the key fob...

A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS. While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates , Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks. The phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake. Discovered by Pakistan-based security researcher Rafay Baloch, the vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading. Here's How the URL Spoofing Vulnerability Works Successfu...

Times to gear up your systems and software. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity. This month's security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET, and more. Four of the security vulnerabilities patched by the tech giant this month have been listed as "publicly known" and more likely exploited in the wild at the time of release. CVE-2018-8475: Windows Critical RCE Vulnerability One of the four publicly disclosed vulnerabilities is a critical remote code execution flaw ( CVE-2018-8475 ) in Microsoft Windows and affects all versions Windows operating system, including Windows 10. The Windows RCE vulnerability resides in the way Windows handles specially cra...

Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this month for Adobe users? This month Adobe Acrobat and Reader applications did not receive any patch update, while Adobe Flash Player has received an update for just a single privilege escalation vulnerability (CVE-2018-15967) rated as important. Secondly, Adobe said none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Total 9 Security Patches for Adobe ColdFusion Adobe has addressed a total of nine security vulnerabilities in its ColdFusion web application development platform, six of which are critical, two important and one moderate. According to the advisory released by Adobe, ColdFusion contain...