The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula from SecuRing published a blog post , about the "Quick Look" feature in macOS that helps users preview photos, documents files, or a folder without opening them. Regula explained that Quick Look feature generates thumbnails for each file/folder, giving users a convenient way to evaluate files before they open them. However, these cached thumbnails are stored on the computer's non-encrypted hard drive, at a known and unprotected location, even if those files/folders belong to an encrypted container, eventually revealing some of the content stored on encrypted drives. Patrick Wardle, chief research officer at Digital Security, equally shared the concern, saying tha...

Given Fortnite's current popularity and craziness across the globe, we understand if you have been searching the web for download links to Fortnite APK for Android phone. However, you are not alone, thousands of people out there are also searching tutorials and links for, " how to install Fortnite on Android " or " how to download Fortnite for Android " on the Internet. The app has taken the world by storm since its launch in the same way Minecraft and Pokemon Go took before it. The fortnite game spent the first third of 2018 breaking records with an astonishing 3.4 million players playing the game at a time in February. However, you should keep this in mind—Fortnite for Android smartphones is not available yet and, is still under development. In March when Epic Games released Fortnite game for iOS, the company also announced that the world's most famous battle royale game with more than 125 million players is also coming to Android this summer. ...

A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail , in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext , affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. Software developer Marcus Brinkmann discovered that an input sanitization vulnerability, which he dubbed SigSpoof , makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. The vulnerability, tracked as CVE-2018-12020 , affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available so...

Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a Chinese-speaking threat actor group called LuckyMouse . LuckyMouse, also known as Iron Tiger, EmissaryPanda, APT 27 and Threat Group-3390, is the same group of Chinese hackers who was found targeting Asian countries with Bitcoin mining malware early this year. The group has been active since at least 2010 and was behind many previous attack campaigns resulting in the theft of massive amounts of data from the directors and managers of US-based defense contractors. This time the group chose a national data center as its target from an unnamed country in Central Asia in an attempt to gain "access to a wide range of government ...

Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor's speculative execution technology—like Specter and Meltdown —and could potentially be exploited to access sensitive information, including encryption related data. Dubbed Lazy FP State Restore , the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw and keep their customers protected. The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Windows and Linux distributions. As the name suggests, the flaw leverages a system performance optimization feature, called Lazy FP state restore, embedded in modern processors, which is resp...

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release , Microsoft has pushed an important update to address an easily exploitable vulnerability in Cortana that could allow hackers to break into a locked Windows 10 system and execute malicious commands with the user's privileges. In worst case scenario, hackers could also compromise the system completely if the user has elevated privileges on the targeted system. The elevation of privilege vulnerability, tracked as CVE-2018-8140 and reported by McAfee security researchers, resides due to Cortana's failure to adequately check command inputs, which eventually leads to code execution with elevated permissions. "An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status," Microsoft explain...