The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability , like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update. For those unaware, roughly a week ago, an anonymous researcher who goes by the online alias "Pwn20wnd" released a free jailbreak for iOS 12.4 on GitHub that exploited a kernel vulnerability (CVE-2019-8605) that Apple patched in iOS 12.3 in May this year. However, the vulnerability accidentally got reintroduced in iOS 12.4 in July, making it easier for hackers to jailbreak updated Apple devices, including the iPhone XS, XS Max, and XR or the 2019 iPad Mini and iPad Air, running iOS 12.4 and iOS 12.2 or earlier. Now, Apple has released iOS 12.4.1 to re-patch the security issue that not only allow...

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers and gained access to "hashed passwords and other non-financial data" associated with its millions of customers. The incident occurred on August 23 when unknown hackers found an authorization token on one of the company's servers and used it to gain access to an internal system API, without requiring any username and password. Immediately after the breach discovery, Hostinger restricted the vulnerable system, making this access no longer available, and contacted the respective authorities. "On August 23rd, 2019 we have received informational alerts that one of our servers has been accessed by an unauthorized third party," Hostinger said. "This...

As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t...

A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de...

Google today announced a new initiative—called Privacy Sandbox —in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their primary source of funding to operate and keep their professionally created content open and freely accessible to everyone. However, with the evolution of online advertising, the targeted advertisement technologies have become too much invasive because of involved intrusive practices and more prudent approaches to accurately curate users' personal information, thereby raising serious privacy concerns among Internet users. In its latest blog post , Google acknowledged that ad tracking is "now being used far beyond its original design intent," but also highlights that unplanned attempts to address privacy con...