The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity. Only one of these vulnerabilities, a remote code execution flaw ( CVE-2018-8267 ) in the scripting engine, is listed as being publicly known at the time of release. However, none of the flaws are listed as under active attack. Discovered by security researcher Dmitri Kaslov, the publicly known vulnerability is a remote memory-corruption issue affecting Microsoft Internet Explorer. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user. Microsoft has also addressed an important vulnera...

A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers. Josh Pitts, a researcher from security firm Okta, discovered that several third-party security products for Mac—including Little Snitch, F-Secure xFence, VirusTotal, Google Santa, and Facebook OSQuery—could be tricked into believing that an unsigned malicious code is signed by Apple. Code-signing mechanism is a vital weapon in the fight against malware, which helps users identify who has signed the app and also provides reasonable proof that it has not been altered. However, Pitts found that the mechanism used by most products to check digital signatures is trivial to bypass, allowing malicious files bundle with a legitimate Apple-signed code to effectively make the malware look like it has been signed by...

Despite warnings about the threat of leaving insecure remote services enabled on Android devices, manufacturers continue to ship devices with open ADB debug port setups that leave Android-based devices exposed to hackers. Android Debug Bridge (ADB) is a command-line feature that generally uses for diagnostic and debugging purposes by helping app developers communicate with Android devices remotely to execute commands and, if necessary, completely control a device. Usually, developers connect to ADB service installed on Android devices using a USB cable, but it is also possible to use ADB wirelessly by enabling a daemon server at TCP port 5555 on the device. If left enabled, unauthorized remote attackers can scan the Internet to find a list of insecure Android devices running ADB debug interface over port 5555, remotely access them with highest "root" privileges, and then silently install malware without any authentication. Therefore, vendors are recommended to make...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Due to the surge in cryptocurrency prices, not only hackers but also legitimate websites and mobile apps are increasingly using cryptocurrency miners to monetize by levying the CPU power of your PC and phones to mine cryptocurrencies. However, Apple wants to protect your Mac and iPhone battery from shady cryptocurrency mining apps, and therefore, the company has put restrictions on such apps by disallowing them in its official App Store. The company has updated the Hardware Compatibility section of its App Store guidelines, which now explicitly restrict iOS and Mac apps and ads from mining cryptocurrency in the background. "Apps, including any third party advertisements displayed with them, may not run unrelated background processes, such as cryptocurrency mining," the updated guidelines read. The update reportedly occurred last week, possibly in response to popular Mac app Calendar 2 that bundled a Monero (XMR) miner in with its premium upgrade that unlocked ...

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise (BEC) scheme. The arrest was the result of a six-month-long operation dubbed " Operation Wire Wire " that involved the US Department of Justice, the US Department of Homeland Security, the US Treasury, and the US Postal Inspection Service. The international law enforcement authorities led by the FBI arrested 42 of the total 74 individuals involved in BEC scheme in the United States, 29 in Nigeria and 3 each in Canada, Mauritius, and Poland. "Foreign citizens perpetrate many BEC scams. Those individuals are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world," the DoJ says. Moreover, the authorities seized nearly $2.4 million and recovered about $14 million in fraudulent transfers, according to the FBI, which estima...

China no longer owns the fastest supercomputer in the world; It is the United States now. Though China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled " Summit ." Summit is claimed to be more than twice as powerful as the current world leader with a peak performance of a whopping 200,000 trillion calculations per second—that's as fast as each 7.6 billion people of this planet doing 26.3 million calculations per second on a calculator. Until now the world's most powerful supercomputer was China's Sunway TaihuLight with the processing power of 93 petaflops (93,000 trillion calculations per second). Since June 2012, the U.S. has not possessed the world's most powerful supercomputer, but if Summit performs as claimed by IBM, it will be made straight to the top of the Top5...

It's no secret that expecting security controls to block every infection vector is unrealistic. For most organizations, the chances are very high that threats have already penetrated their defenses and are lurking in their network. Pinpointing such threats quickly is essential, but traditional approaches to finding these needles in the haystack often fall short. Now there is a unique opportunity for more feasible, more effective threat hunting capabilities, and it stems from a most unusual effort: rethinking the approach to wide area networking. When we look at the cyber kill-chain today, there are two major phases—infection and post-infection. Security experts acknowledge that organizations can get infected no matter how good their security controls are. The simple fact is, infection vectors change rapidly and continuously. Attackers use new delivery methods – everything from social engineering to zero-day exploits – and they often are effective. In most cases, an infecti...