The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi...

This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event's security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year's World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil. The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea , standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance camera...

Security researchers have uncovered a new Stuxnet like malware, named as " Havex ", which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm , which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even can shut down a country's power grid with a single keystroke. According to security firm F-Secure who first discovered it as Backdoor:W32/Havex.A. , it is a generic remote access Trojan ( RAT ) and has recently been used to carry out industrial espionage against a number of companies in Europe that use or develop industrial applications and machines. SMARTY PANTS, TROJANIZED INSTALLERS To accomplish this, besides traditional infection methods such as exploit kits and spam emails,...

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, ...

Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1. This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1. The jailbreak tool is currently available for Windows but works on every iOS devices. Many iOS users have posted on Reddit that the tool works successfully. Jailbreaking is a process of removing limitations on iOS devices , Apple's operating system, so you can install third party software not certified by Apple. Such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV. One question rises in my mind that when Apple 's system root protections have been greatly enhanced in an effort to make jailbreaks more difficult, then what's the whole story behind the unexpectedly release of this jailbreak tool? STEPS TO JAILBREAK iOS 7.1 ...

If you are one of the users of the BBC News iPhone app , then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: " NYPD Twitter campaign 'backfires' after hashtag hijacked," then strangely adds: "Push sucks! Pull blows! " After a while it goes to: " BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIII like testing. " Beneath the message the text seems to get more serious as it adds: " This is a breaking news story and the BBC News app will bring you updates as soon as they are available. " From various media outlets, it was observed that the most popular BBC News smartphone app has been hijacked by the some attackers who compromised its " Breaking News " feature and sent bogus messages to the users of the BBC News iPhone app. But BBC developers were actually ...