The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692 , the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version 5.4.02.3 and earlier. The Same Origin Policy or SOP is a security feature applied in modern browsers that is designed to make it possible for web pages from the same website to interact while preventing unrelated sites from interfering with each other. In other words, the SOP makes sure that the JavaScript code from one origin should not be able to access the properties of a website on another origin. The SOP bypass vulnerability in the Samsung Internet Browser, discovered by Dhiraj Mishra , could allow a malicious website to steal data, such as passwords or cookies, from the sites ope...

Remember how some cybercriminals shut down most of Washington D.C. police's security cameras for four days ahead of President Donald Trump's inauguration earlier this year? Just a few days after the incident, British authorities arrested two people in the United Kingdom, identified as a British man and a Swedish woman, both 50-year-old, on request of U.S. officials. But now US federal court affidavit  has revealed that two Romanian nationals were behind the attack that hacked into 70% of the computers that control Washington DC Metropolitan Police Department's surveillance camera network in January this year, CNN reports. The two suspects—Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28—were arrested in Bucharest on December 15 on charges of conspiracy to commit wire fraud and various forms of computer fraud. According to the criminal complaint unsealed in Washington, the pair hacked 123 of the Metropolitan Police Department's 187 outdoor surveillance c...

Pavel Lerner , a prominent Russian blockchain expert and known managing director of one of the major crypto-exchanges EXMO, has allegedly been kidnapped by "unknown" criminals in the Ukranian capital of Kiev. According to Ukraine-based web publication Strana , Lerner, 40-year-old citizen of Russia, was kidnapped on December 26 when he was leaving his office in the center of town (located on the Stepan Bandera Avenue). Unknown kidnappers in dark clothes and balaclavas dragged Lerner in their black Mercedes-Benz Vito brand (state number AA 2063 MT) car and drove away in an unknown direction. The information comes from an anonymous source in Ukrainian law enforcement agencies, though multiple investigations are currently underway to find out why and by whom Lerner was kidnapped. Lerner is a recognized IT specialist in Ukraine who led a number of startups related to blockchain technology development and mining operations. Lerner is also the managing director of EXMO ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Wishing you all a very 'belated' Merry Christmas. This holiday season Santa has a very special gift for all PlayStation gamers. Developer SpecterDev finally released a fully-functional much-awaited kernel exploit for PlayStation 4 (firmware 4.05) today—almost two months after Team Fail0verflow revealed the technical details of it. Now available on Github , dubbed "namedobj," the kernel exploit for the PlayStation 4 on 4.05FW allows users to run arbitrary code on the gaming console, enabling jailbreaking and kernel-level modifications to the system. Although PS4 kernel exploit does not include Jailbreak code, others can develop a full jailbreak exploit using it. Jailbreaking allows users to run custom code on the console and install mods, cheats, third-party applications, and games that are typically not possible because of the anti-piracy mechanisms implicated on the Sony PlayStation. "This release, however, does not contain any code related to def...

Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass an army of unsecured internet-of-things devices , including home and office routers, that could be used at any time by hackers to launch Internet-paralyzing DDoS attacks . Another variant of Mirai has hit once again, propagating rapidly by exploiting a zero-day vulnerability in a Huawei home router model. Dubbed Satori (also known as Okiru), the Mirai variant has been targeting Huawei's router model HG532, as Check Point security researchers said they tracked hundreds of thousands of attempts to exploit a vulnerability in the router model in the wild. Identified initially by Check Point researchers late November, Satori was found infecting more than 200,000 IP addresses in just...

While continuing its crackdown on services that help Chinese citizens to bypass Great Firewall, Chinese authorities have sentenced a man to five-and-a-half years in prison for selling a VPN service without obtaining a proper license from the government. Earlier this year, the Chinese government announced a ban on "unauthorized" VPN services , making it mandatory for companies to obtain an appropriate license from the government in order to operate in the country. Citizens in China usually make use of VPN and Proxy services to bypass the country's Great Firewall, also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country. The Great Firewall project already blocked access to more than 150 out of the world's 1,000 top websites, which includes Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate Bay in the country. VPN helps Chinese citizens encrypt their Internet traffic and route it through a distant c...