The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT (advanced persistent threat) surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email sent to targeted victims that includes an attachment of a self-extracting archive containing two files—a Word document and a malicious executable. Posing to be from the Palestinian Political and National Guidance Commission, the Word document serves as a decoy to distract victims while the malware is installed in the background. The malicious executable, which runs in the background, act as the first stage info-stealer malware designed for intelligence gathering to identify potential victims (on the basis of what is unclear as of now), and then it accordingly downloads the second stage malware designed for espionage. "While the analysis...discloses the capabilities of ...

With the release of iOS 11.4.1, Apple has finally rolled out a new security feature designed to protect your devices against USB accessories that connect to the data port, making it harder for law enforcement and hackers to break into your iPhone or iPad without your permission. Dubbed USB Restricted Mode , the feature automatically disables data connection capabilities of the Lightning port on your iPhone or iPad if the device has been locked for an hour or longer, while the port can still be used for device charging. In other words, every time you lock your iPhone, a countdown timer of an hour gets activated in the background, which if completed, enables the USB restricted mode to prevent unauthorized access to the data port. Once the USB Restricted Mode gets activated, there's no way left for breaking into an iPhone or iPad without the user's permission. The feature would, no doubt, defeat law enforcement's use of special unlocking hardware made by Cellebrite ...

Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications. As you may know, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages. However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years. Hackers use compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, reducing the possibility of their malware being detected on targeted enterprise networks and consumer...

Besides Timehop , another data breach was discovered last week that affects users of one of the largest web hosting companies in Germany, DomainFactory, owned by GoDaddy. The breach initially happened back in last January this year and just emerged last Tuesday when an unknown attacker himself posted a breach note on the DomainFactory support forum. It turns out that the attacker breached company servers to obtain the data of one of its customers who apparently owes him a seven-figure amount, according to Heise . Later the attacker tried to report DomainFactory about the potential vulnerability using which he broke into its servers, but the hosting provider did not respond, and neither disclosed the breach to its customers. In that situation, the attacker head on to the company's support forum and broke the news with sample data of a few customers as proof, which forced DomainFactory to immediately shut down the forum website and initiate an investigation. Attacker G...

And the hacks just keep on coming. Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users. Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram, Twitter and Foursquare and acts as a digital time machine to help you find—what you were doing on this very day exactly a year ago. The company revealed on Sunday that unknown attacker(s) managed to break into its Cloud Computing Environment and access the data of entire 21 million users, including their names, email addresses, and approximately 4.7 million phone numbers attached to their accounts. "We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. Some data was breached," the company wrote in a security advisory posted on its website. Social Media OAuth2 Tokens Also Compromised Moreover, the attackers also got th...

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and buying habits and make millions by sharing your data with advertisers and marketers. If this is not enough, then there are governments across the world conducting mass surveillance, and hackers and cyber criminals who can easily steal sensitive data from the ill-equipped networks, websites, and PCs. So, what's the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks? No matter which Internet connection you are using to go online, one of the most efficient solutions to maximize your privacy is to use a secure VPN service. In this article, we have introduced two popular VPN services, TigerVPN and VPNSecure , which help...

Hacker himself got hacked. It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned. Targeting users since 2015, LokiBot is a password and cryptocoin-wallet stealer that can harvest credentials from a variety of popular web browsers, FTP, poker and email clients, as well as IT administration tools such as PuTTY. The original LokiBot malware was developed and sold by online alias "lokistov," a.k.a. "Carter," on multiple underground hacking forums for up to $300, but later some other hackers on the dark web also started selling same malware for a lesser price (as low as $80). It was believed that the source code for LokiBot was leaked which might have allowed others to compile their own versions of the stealer. However, a researcher who goes by alias " d00rt " on Twitter found that someone made little changes (patching) in the original Lok...