The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto , the hacking group, which they dubbed RANCOR, has been found using two new malware families—PLAINTEE and DDKONG—to target political entities primarily in Singapore and Cambodia. However, in previous years, threat actors behind KHRAT Trojan were allegedly linked to a Chinese cyber espionage group, known as DragonOK. While monitoring the C&C infrastructure associated with KHRAT trojan, researchers identified multiple variants of these two malware families, where PLAINTEE appears to be the latest weapon in the group's arsenal that uses a custom UDP protocol to communicate with its remote command-and-control server. To deliver both PLAINTEE and DDKONG, attackers use spear phishing messages with different inf...

Security researchers have been warning of a few newly detected variants of python -based adware that are being distributed in the wild not only to inject ads but also found installing malicious browser extensions and hidden cryptocurrency miner into victims' computers. Dubbed PBot , or PythonBot , the adware was first uncovered more than a year ago, but since then the malware has evolved, as its authors have been trying different money-making schemes to profit themselves, according to researchers at Kaspersky Labs. The previous versions of the PBot malware were designed to perform man-in-the-browser (MITB) attacks to inject unwanted advertising scripts on web pages visited by the victim, but the newer variants have been found installing malicious ad extensions in the web browser. "Developers are constantly releasing new versions of this modification, each of which complicates the script obfuscation," Kaspersky researchers said in their blog post published today....

The Wi-Fi Alliance today officially launched WPA3 —the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks . WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data. However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic. Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2's technical shortcomings from the ground. What is WPA3? What New Security Features WPA3 Offers? WP...

Google just announced its plan to introduce a new anti-spoofing feature for its Android operating system that makes its biometric authentication mechanisms more secure than ever. Biometric authentications, like the fingerprint, IRIS, or face recognition technologies, smoothen the process of unlocking devices and applications by making it notably faster and secure. Although biometric systems also have some pitfalls that are not hidden from anyone, as it has been proven multiple times in the past that most biometric scanners are vulnerable to spoofing attacks, and in most cases fooling them is quite easy. Google announced today a better model to improve biometric security, which will be available from Android P, allowing mobile app developers to integrate an enhanced mechanism within their apps to keep users' data safe. New Biometric Metrics to Identify Spoofing and Imposter Attacks Currently, the Android biometric authentication system uses two metrics—False Accept Rate (FA...

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions. Google's Firebase service is one of the most popular back-end development platforms for mobile and web applications that offers developers a cloud-based database, which stores data in JSON format and synced it in the real-time with all connected clients. Researchers from mobile security firm Appthority discovered that many app developers' fail to properly secure their back-end Firebase endpoints with firewalls and authentication, leaving hundreds of gigabytes of sensitive data of their customers publicly accessible to anyone. Since Firebase offers app developers an API server, as shown below, to access their databases hosted with the service, attackers can gain acce...

If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well. Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store. This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it. From early 2018, Google has already started implementing this mechanism, which doesn...

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Google Chrome, the vulnerability resides in the way browsers handle cross-origin requests to video and audio files, which if exploited, could allow remote attackers to even read the content of your Gmail or private Facebook messages. For security reasons, modern web browsers don't allow websites to make cross-origin requests to a different domain unless any domain explicitly allows it. That means, if you visit a website on your browser, it can only request data from the same origin the site was loaded from, preventing it from making any unauthorized request on your behalf in an attempt to steal your data from other sites. However, web browsers do not respond in the same way while fetc...