The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing that millions of users are making themselves vulnerable to cyber attacks by keeping outdated versions of popular applications on their computers. Probably the most overlooked vectors for any cyber attack is out-of-date programs, which most of the times, is the result of the users' laziness and company's administrators ignoring the security updates in a business environment as they can't afford the downtime. According to the report [ PDF ],  Adobe Shockwave tops the list of software that most user left outdated on their PCs, followed by VLC Media Player, Skype, Java Runtime Environment , 7-Zip File Manager, and Foxit Reader. The outdated software applications often provide an ope...

Update: Microsoft's search engine Bing has been restored in China after being inaccessible in the country for almost two days. According to sources familiar with the matter, Bing was blocked due to an accidental technical error and not due to an attempt at censorship. China has blocked Microsoft-owned search engine Bing , the company confirmed after receiving complaints from users throughout the country who took to social media beginning late Wednesday to express concerns. So, Bing becomes the latest service to be shut down by Chinese government behind its so-called Great Firewall of China , which blocks thousands of websites originating in the west including Facebook, WhatsApp , Twitter, Yahoo, and Google. The news came as a surprise because Microsoft's search engine actually followed China's strict rules on censoring search results. Online service WebSitePulse that tracks outages in China also confirmed that cn.bing.com—the web address for Bing in China since ...

Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims' iPhoneX running iOS 12.1.2 and before versions. To do so, all an attacker needs to do is trick iPhoneX users into opening a specially crafted web page using Safari browser, that's it. However, finding flaws and creating a working exploit to carry out such attacks is not as easy as it may sound for every iOS hacker. Discovered by security researcher Qixun Zhao of Qihoo 360's Vulcan Team, the exploit takes advantage of two security vulnerabilities that were first demonstrated at TianfuCup hacking contest held in November last year and then was later responsibly reported to the Apple security team. Zhao today released some details of and a proof-of-concep...

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR ( pear-php.net ) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file system. Though the PEAR developers are still in the process of analyzing the malicious package, a security announcement published on January 19, 2019, confirmed that the allegedly hacked website had been serving the installation file contaminated with the malicious code to download for at least half a year. The PHP Extension and Application Repository (PEAR) is a community-driven framework and distribution system that offers anyone to search and download free libraries written in PHP programming language. These open-source libraries (better known as packages) allows developers to ea...

The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking , which security researchers with "moderate confidence" believe originated from Iran. Domain Name System (DNS) is a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). What is DNS Hijacking Attack? DNS hijacking involves changing DNS settings of a domain, redirecting victims to an entirely different attacker-controlled server with a fake version of the websites they are trying to visit, often with an objective to steal users' data. "The attacker alter...

Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a remote, man-in-the middle attacker to compromise Linux machines. The flaw, apparently, once again demonstrates that if the software download ecosystem uses HTTPS to communicate safely, such attacks can easily be mitigated at the first place. Discovered by Max Justicz, the vulnerability (CVE-2019-3462) resides in the APT package manager, a widely used utility that handles installation, update and removal of software on Debian, Ubuntu, and other Linux distributions. According to a blog post published by Justicz and details shared with The Hacker News, the APT utility doesn't properly...

The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data Protection Commission) said in a press release issued today. The fine was imposed following the latest CNIL investigation into Google after receiving complaints against the company in May 2018 by two non-profit organizations—None Of Your Business (NOYB) and La Quadrature du Net (LQDN). Why Has Google Been Fined? According to the CNIL, Google has been found violating two core privacy rules of the GDPR—Transparency, and Consent. First, the search engine giant makes it too difficult for users to find essential information, like the "data-processing purposes, the data storag...