The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves . This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link , which accidently published its Private code signing keys inside the company's open source firmware packages. Dutch news site Tweakers made aware of the issue by one of its readers with online moniker " bartvbl " who had bought a D-Link DCS-5020L security camera and downloaded the firmware from D-Link, which open sources its firmware under the GPL license. However, while inspecting the source code of the firmware, the reader found what seemed to be four different private keys used for code signing. Hackers Could Sign Malware After testing, the user managed to successfully create a Windows application , which he was able to sign with one of the four code signing keys belonging to D-Lin...

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu...

Sit Tight on your seats, because you're gonna get a Shock. Microsoft has developed an Operating System powered by LINUX. Close your mouth first. It's True! Microsoft has built its own Linux-based operating system called Azure Cloud Switch (ACS ) and believe me, under Satya Nadella, Microsoft has become more open than ever. According to the announcement made through an official blog post on Microsoft website, Azure Cloud Switch (ACS) describes as "cross-platform modular operating system for data center networking built on Linux." or Simply, " Commodity switch software stack for data center networks". The Purpose of developing Linux-based Azure Cloud Switch (ACS) operating system at Microsoft is to make it simpler to control the hardware from multiple vendors ( such as Switches ) that powers their cloud-based services. And here's the Kicker: "Running on Linux, ACS [Azure Cloud Switch] is able to make use of its vibrant eco...

Ever registered on StarBucks website? Change your passwords now! If you are one of those Millions Starbucks customers who have registered their accounts and credit card details on StarBucks website, then your banking details are vulnerable to hackers. An Independent Security Researcher, Mohamed M. Fouad from Egypt, has found three critical vulnerabilities on StarBucks website that could have allowed attackers to take over your account in just one click. The vulnerabilities include: Remote Code Execution Remote File Inclusion lead to Phishing Attacks CSRF (Cross Site Request Forgery) Stealing Credit Cards Details In case of Remote File Inclusion flaw, an attacker can inject a file from any location into the target page, which includes as a source code for parsing and execution, allowing attacker to perform: Remote Code Execution on the company's web server Remote Code Execution on the client-side, potentially allowing attacker to perform othe...

Whenever you go to Buy any Electronic Gadget — Phone, Tablet, Laptop, Watch — the most important specification isn't its processor speed or its camera quality. It's how long the device's battery backup is. Imagine easy access to such batteries that provide more battery power after charging it once, do not give up in less time and have a life of many years. To achieve this, the researchers at Massachusetts Institute of Technology (MIT) and Samsung , have developed a new material that could potentially revolutionize the Battery industry. Researchers have solved all these Battery issues with just one weird practical approach, called Solid-State Electrolytes . Today the cells we depend on contain Liquid-State Electrolyte , the researchers thought of replacing the one with a Solid form of electrolyte. Solid-State Electrolytes could simultaneously address the greatest challenges associated with improving lithium-ion batteries (LIB) , with the possibility to increas...

A Critical vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software , used by hundreds of thousands of prominent software organizations, could potentially expose details of their non-public security vulnerabilities to the Hackers. So it's time for developers and organizations that use Bugzilla open source bug tracking system to upgrade to the latest patched versions – namely 5.0.1, 4.4.10, or 4.2.15 . Bugzilla is a vulnerability database used by Mozilla as well as many open-source projects and private organizations. Besides patched flaws, these databases also contain sensitive information related to unpatched vulnerabilities reported to organizations. Unfortunately, the researchers at security firm PerimeterX have discovered a vulnerability ( CVE-2015-4499 ) in Bugzilla's email-based permissions process that allowed them to gain high-level permissions on Bugzilla. As a result, it is potentially possible for an attacker to easily access u...