The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Top Story— Facebook has just lost over $60 billion in market value over the past two days—that's more than Tesla's entire market capitalisation and almost three times that of Snapchat. Facebook shares plunge over revelations that personal data of 50 million users was obtained and misused by British data analytics firm ' Cambridge Analytica ,' who reportedly helped Donald Trump win the US presidency in 2016. The privacy scandal that rocked the social media giant was revealed earlier this week when Chris Wylie , the 28-year-old data scientist who worked with a Cambridge University academic, turned into a whistleblower and leaked to the newspapers how poorly Facebook handles people's private information. Wylie claims Cambridge Analytica created " Steve Bannon's psychological warfare mindf**k tool " that profiles citizens to predict their voting patterns based on the personal information gathered from a variety of sources and then helps political ...

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs researchers, critical vulnerabilities ( RyzenFall, MasterKey, Fallout, and Chimera ) that affect AMD's Platform Security Processor (PSP) could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. Although exploiting AMD vulnerabilities require admin access, it could help attackers defeat important security features like Windows Credential Guard, TPMs, and virtualization that are responsible for preventing access to the sensitive data from even an admin or root account. In a press release published by AMD on Tuesday, the company downplays the threat by saying that, "any attacker gaining unauthorised ad...

Chicago-based online travel booking company Orbitz, a subsidiary of Expedia.com , reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online. Orbitz.com is a travel fare aggregator website and travel metasearch engine, allowing customers to quickly and easily search and book flights, hotels, rental cars, vacation packages, travel deals, cruises and more. The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers' information from the travel site to hackers. According to the company, hackers may have accessed payment card information stored on a consumer and business partner platform, along with customers' personal information, including name, address, date of birth, phone number, email address and gender. However, the company said its services such as Expedia flights, Expedia hotels, E...

You have always been warned not to share remote access to your computer with untrusted people for any reason—it's a basic cybersecurity advice, and common sense, right? But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers. A critical vulnerability has been discovered in Microsoft's Windows Remote Assistanc e (Quick Assist) feature that affects all versions of Windows to date, including Windows 10, 8.1, RT 8.1, and 7, and allows remote attackers to steal sensitive files on the targeted machine. Windows Remote Assistance is a built-in tool that allows someone you trust to take over your PC (or you to take remote control of others) so they can help you fix a problem from anywhere around the world. The feature relies on the Remote Desktop Protocol (RDP) to establish a secure connection with the person in need. However, Nabeel Ahmed of Trend Micro Zero Day Initiative discovered and reported an information di...

If you are unaware, the security standard HTTP Strict Transport Security (HSTS) can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source browser infrastructure WebKit that underpins its Safari web browser to prevent HSTS abuse after discovering that theoretical attacks demonstrated in 2015 were recently deployed in the wild against Safari users. HSTS—HTTP Strict Transport Security—is a great feature that allows websites to automatically redirects user's web traffic to secure page connections over HTTPS if the user accidentally opens an insecure URL and then remembers to route that user to the secure connection always. Since HSTS does not allow websites to store any information/value on users web browser except remembering the redirect information about turning it on/off for future use, using ...

Adrian Lamo, the hacker who tipped off the FBI about Wikileaks whistleblower Chelsea Manning, dies at the age of 37, according to a Facebook post by his father Mario Lamo-Jiménez. "With great sadness and a broken heart I have to let know all of Adrian's friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son..."  he posted. At this moment the cause of death is unknown, though reportedly Adrian was diagnosed with Asperger Syndrome in July 2010 and briefly hospitalized. Adrian was a former hacker, threat analyst, and writer, who had previously been behind several high-profile security breaches but gained headlines after breaking into The New York Times computer systems in 2002. Adrian was given the appellation " Homeless Hacker " by the media because once when he was unemployed he wandered the country by Greyhound bus and hacked corporations from inside abandoned buildings. He spent almost six mont...