The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent. The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers. The apps were removed just two days after Apple kicked out another popular "Adware Doctor" application for collecting and sending browser history data from users' Safari, Chrome, and Firefox to a server in China. "This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)," Trend Micro argued. The suspicious behavior of Trend Micro apps was initially reported by a user on the Malwarebytes forum in December 2017, which was last weekend re-con...

Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser , today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with the Mozilla Firefox bundled in the Tor software. NoScript is a free browser extension that blocks malicious JavaScript, Java, Flash and other potentially dangerous content on all web pages by default, though users can whitelist sites they trust. According to Zerodium, NoScript "Classic" versions 5.0.4 to 5.1.8.6--with 'Safest' security level enabled--included in Tor Browser 7.5.6 can be bypassed to run any JavaScript file by changing its content-type header to JSON format. In other words, a website can exploit this vulnerability to execute malicious JavaScript on victim...

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China. What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app. The app in question is "Adware Doctor," the Mac App Store No. 1 paid utility and also ranked as the fourth most popular paid app on the store, which sells for $4.99 and markets itself to be the "best app" to prevent "malware and malicious files from infecting your Mac." However, a security researcher with the @privacyis1st Twitter handle detected Adware Doctor's suspicious spyware-like behavior almost a month ago and also uploaded a proof-of-concept video demonstration of how the user's browser history is exfiltrated. The researcher informed Apple about...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

British Airways, who describes itself as "The World's Favorite Airline," has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. So who exactly are victims? In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com) and British Airways mobile app between late 21 August and 5 September were compromised. The airline advised customers who made bookings during that 15 days period and believe they may have been affected by this incident to "contact their banks or credit card providers and follow their recommended advice." British Airways stated on its Twitter account that personal details stolen in the breach included their customers' names and addresses, along with their financial information, but the company assured its customers that the hackers did not get away with their passport numbers or travel details. The ...

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack . According to multiple government officials cited by the NY Times who are familiar with the indictment, the charges would be brought against Park Jin Hyok , who works for North Korean military intelligence agency Reconnaissance General Bureau (RGB). The November 2014 Sony Pictures Entertainment hack was done in retaliation for the studio's production of a comedic film, " The Interview ," a comedy about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un. In June 2014, the Pyongyang government also denounced the film as "undisguised sponsoring of terrorism, as well as an Act of War" in a letter to U.N. Secretary-General Ban Ki-moon. The Sony Pictures hack was devastating to the company and exposed over 200...

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional ( CISSP ) is a globally recognised certification in the field of information security, which has become a gold standard of achievement that is acknowledged worldwide. CISSP certification deals with a range of information security topics including security engineering and software development security and helps you understand the various areas of security you should be aware of. The CISSP exam is highly challenging and requires a broad level of knowledge. However, achieving the CISSP certification requires help, irrespective of your experience level. Choose the right CISSP Training Course There are a wide number of courses and training programs in the market, but make sure you sign up for one that equips you with the best practices in the industry and helps you to ace the exam in your first attempt. To help you ...

British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged guilty to three counts of making bomb threats to schools and airlines in Luton Magistrates' Court on Monday. Duke-Cohan spammed out more than 24,000 emails to schools across the UK and in the US as well, claiming that pipe bombs had been planted on the premises, which would blow up the building if $5,000 extortion money was not made within 3 hours. He Got Arrested Third-Time For Making Hoax Bomb Threats This is not the first time Duke-Cohan has been arrested for spreading fake bomb threats. He first created panic in March this year when he emailed thousands of schools in the UK warnin...