The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation. The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage. The pitfall is that if every US state introduces its own s...

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities. Dubbed Strandhogg , the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application. By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users' credentials using fake login screens, as shown in the video demonstration. "The vulnerability allows an attacke...

Facebook has finally started implementing the open source data portability framework as the first phase of ' Data Transfer Project ,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter. Facebook today announced a new feature that will allow its users to transfer their Facebook photos and videos to their Google Photos accounts—directly and securely without needing to download and reupload it. The feature is only available to Facebook users in Ireland for now, as a test, and expected to be available to the rest of the world in early 2020. This new Facebook feature is built using the Data Transfer Project (DTP), a universal data import/export protocol that aims to give users more control over their data and let them quickly move it between online services or apps whenever they want. "If a user wants to switch to another product or service because they think it is better, they should be able to do so as easily a...

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT , yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users. Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release , aut...

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers). The leaked database includes affected users' names, email addresses, MageID, billing and shipping address information, and some limited commercial information. While Adobe didn't reveal or might don't know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach la...