The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on macOS without displaying users any warning or asking for their explicit permission. However, the newly discovered malware, dubbed OSX/Linker , has not been seen in the wild as of now and appears to be under development. Though the samples leverage unpatched Gatekeeper bypass flaw, it does not download any malicious app from the attacker's server. According to Joshua Long from Intego, until last week, the "malware maker was merely conducting some detection testing reconnaissance." "One of the files was signed with an Apple Developer ID (as explained below), it is ...

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAM s, like Rowhammer , RAMBleed , Spectre, and Meltdown . Have you ever noticed they all had at least one thing in common? That's OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on a targeted computer, where an unprivileged attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system. That's possible because OpenSSH has an agent that keeps a copy of your SSH key in the memory so that you don't have to type your passphrase every time you want to connect to the same remote server. However, modern operating systems by default store sensitive data, including encryption keys and passwords, in the kernel memory which can not be accessed by user-level privileged p...

As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability ( CVE-2019-1105 ) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims. Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago. In a blog post published Friday, Appleby revealed that while exchanging some JavaScript code with his friends over an email, he accidentally discovered a cross-site scripting (XSS) issue th...

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities , besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks. With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms. Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874 , the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN ...

Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed " LoudMiner " and also " Bird Miner, " the attack leverages command-line based virtualization software on targeted systems to silently boot an image of Tiny Core Linux OS that already contains a hacker-activated cryptocurrency mining software in it. Isn't it interesting to use emulation to run single-platform malware on cross-platforms? Spotted by researchers at ESET and Malwarebytes , attackers are distributing this malware bundled with pirated and cracked copies of VST (Virtual Studio Technology) software on the Internet and via Torrent network since August 2018. VST applications contain sounds, effects, synthesizers, and other advanced editing features that allow tech-centric audio professionals to create music. ...