The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks. Dubbed Safe Links, the feature has been included in Office 365 software as part of Microsoft's Advanced Threat Protection (ATP) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. So, every time a user clicks on a link provided in an email, it first sends the user to a Microsoft owned domain, where the company immediately checks the original URL for anything suspicious. If Microsoft's scanners detect any malicious element, it then warns users about it, and if not, it redirects the user to the original link. However, researchers at cloud security company Avanan have revealed how attackers have been bypassing the Safe Links feature by using a technique called, " baseStriker attack ." ...

Since hackers have started exploiting two recently disclosed unpatched critical vulnerabilities found in GPON home routers, security researchers have now released an unofficial patch to help millions of affected users left vulnerable by their device manufacturer. Last week, researchers at vpnMentor disclosed details of—an authentication bypass (CVE-2018-10561) and a root-remote code execution vulnerability (CVE-2018-10562)—in many models of Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions. If exploited, the first vulnerability lets an attacker easily bypass the login authentication page just by appending ?images/ to the URL in the browser's address bar. However, when coupled with the second flaw that allows command injection, unauthenticated attackers can remotely execute malicious commands on the affected device and modified DNS settings, eventually allowing them to take full control of the device remotely. ...

Two Romanian hackers have been extradited to the United States to face 31 criminal charges including computer fraud and abuse, wire fraud conspiracy, wire fraud, and aggravated identity theft. Described as "international computer hackers" by the United States Department of Justice, Teodor Laurentiu Costea , 41, and Robert Codrut Dumitrescu , 40, allegedly rob Americans of more than $18 million in an elaborate phishing scheme. Costea and Dumitrescu were named in the 31-count federal grand jury indictment on August 16 last year and were accused last week in the Northern District of Georgia following their extradition. Another co-defendant, Cosmin Draghici, 28, remains in custody in Romania awaiting his extradition to the United States. "These extraditions send a strong warning to cybercriminals and fraudsters worldwide, that we, along with our law-enforcement partners, will work tirelessly to bring you to justice," said U. S. Attorney Byung J. "BJay...

Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-end encrypted messaging on Twitter. Dubbed " Secret Conversation ," the feature has been spotted in the latest version of Android application package (APK) for Twitter by Jane Manchun Wong, a computer science student at the University of Massachusetts Dartmouth. End-to-end encryption allows users to send and receive messages in a way that no one, be it an FBI agent with a warrant, hacker or even the service itself, can intercept them. However, it seems like the Secret Conversation feature has currently been available only to a small number of users for testing. So, if you are one of those lucky ones, you will be able to send end-to-end encrypted Secret Conversation thro...

Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging , a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10. Process Doppelgänging attack works by using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running. If you want to know more about how Process Doppelgänging attack works in detail, you should read this article  I published late last year. Shortly after the Process Doppelgänging attack details went public, several threat actors were found abusing it in an attempt to bypass modern security solutions. Security researc...

Do you know that any app you have installed on your Android phone can monitor the network activities—even without asking for any sensitive permission—to detect when other apps on your phone are connecting to the Internet? Obviously, they cant see the content of the network traffic, but can easily find to which server you are connecting to, all without your knowledge. Knowing what apps you often use, which could be a competing or a financial app, "shady" or "malicious" app can abuse this information in various ways to breach your privacy. But it seems like Google has planned to address this serious privacy issue with the release of its next flagship mobile operating system. With Android P, any app will no longer be able to detect when other apps on your Android device are connecting to the Internet, according to the new code changes in Android Open Source Project (AOSP) first noticed by XDA Developers. "A new commit has appeared in the Android Open S...

A team of security researchers has reportedly discovered a total of eight new " Spectre-class " vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well. Dubbed Spectre-Next Generation , or Spectre-NG , the partial details of the vulnerabilities were first leaked to journalists at German computer magazine Heise, which claims that Intel has classified four of the new vulnerabilities as "high risk" and remaining four as "medium." The new CPU flaws reportedly originate from the same design issue that caused the original Spectre flaw , but the report claims one of the newly discovered flaws allows attackers with access to a virtual machine (VM) to easily target the host system, making it potentially more threatening than the original Spectre vulnerability. "Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret k...