The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell. The vulnerability impacts Winbox—a management component for administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices. The vulnerability allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID....

Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals. Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 28 percent from 2016 to 2026, "much faster than the average for all occupations." This presents a massive opportunity for people looking to break into the industry. If you want to join the next generation of cybersecurity professionals, Springboard has done all of the research for you in building the Cybersecurity Career Track . Here's what you need to know: Key Roles in Cybersecurity First, we have to drill down to the different roles and specialties within cybersecurity so you know which might be the best fit for you. There are three broad categories of roles here, analysts, engineers and archite...

An Irish national who helped run the now-defunct dark web marketplace Silk Road pleaded guilty on Friday to drug trafficking charges that carry a maximum sentence of 20 years in prison. Gary Davis , also known as Libertas, was one of the site administrators and forum moderators for Silk Road, then-largest underground marketplace on the Internet used by thousands of users to sell and buy drugs and other illegal goods and services. Silk Road went down after the law enforcement raided its servers in 2013 and arrested its founder Ross William Ulbricht , who has been sentenced to life in prison after being convicted on multiple counts related to the underground drug marketplace. The FBI also seized Bitcoins (worth about $33.6 million, at the time) from the website. Those Bitcoins were later sold in a series of auctions by the United States Marshals Service (USMS). According to a press release published by US Department of Justice, Davis helped the black market website "r...

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon. The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China. The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon. "Apple made its discovery of suspi...

Do you know what is the latest version of Wi-Fi? It's okay if you don't know. It is — Wi-Fi is 802.11ac. I am sure many of us can't answer this question immediately because the Wi-Fi technology doesn't have a traditional format of version numbers… at least until yesterday. The Wi-Fi Alliance—the group that manages the implementation of Wi-Fi—has today announced that the next version of WiFi standard, which is 802.11ax, will use a simpler naming scheme and will be called WiFi 6. Wi-Fi 6, based on the IEEE 802.11ax standard, will offer higher data rates, increased capacity, good performance—even in dense environments (such as stadiums or public venues) and improved power efficiency, making it perfect choice for smart home and IoT uses). Of course, the updated version names of all previous Wi-Fi standards will now be: 802.11b → Wi-Fi 1 802.11a → Wi-Fi 2 802.11g → Wi-Fi 3 802.11n → Wi-Fi 4, 802.11ac (current) → Wi-Fi 5 This new straightforward approach...