The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that's his/her 5th publicly disclosed Windows zero-day exploit [ 1 , 2 , 3 ] in less than a year. Published on GitHub , the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine. The vulnerability resides in Task Scheduler, a utility that enables Windows users to schedule the launch of programs or scripts at a predefined time or after specified time intervals. SandboxEscaper's exploit code makes use of SchRpcRegisterTask, a method in Task Scheduler to register tasks with the server, which doesn't properly check for permissions and can, therefore, be used to set an arb...

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time. In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet. Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually. The core security features—like encrypted communication, role-based access control, authentication realms—in p...

High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is less commonly known is that by following basic and well-defined practices and wise security product choices, any organization can level up its defenses to a much higher standard. "At the end of the day it comes down to strategic planning," says Eyal Gruner, CEO and co-founder of Cynet, "rather than thinking in term of specific product or need, zoom out and breakdown the challenge to its logical parts – what do you need to do proactively on an on-going basis, while you're under attack and when you manage a recovery process." From the various frameworks of security b...

Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play Store, as well as Google technical support beyond services that are publicly available via open source licensing, Reuters report. Why? That's because last week, U.S. President Donald Trump signed an executive order declaring a national emergency banning foreign companies—over surveillance fear—from doing telecommunication business in the United States without the government's approval. About the executive order, White House Press Secretary Sarah Sanders said in a statement that President Trump "has made it clear that this Administration will do what it takes to keep America safe and prosperous, an...

The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other's PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers. According to the publication , the cyber attack was launched by hackers with Chinese origin who used Winnti trojan malware, activities of which have previously been found linked to the Chinese state intelligence system. Active since at least 2010, Winnti advanced persistent threat (APT) group has previously launched a series of financial attacks against software and gaming organizations primarily in the United States, Japan, and South Korea. The group i...

Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its production version. Founded by Jeff Atwood and Joel Spolsky in 2008, Stack Overflow is the flagship site of the Stack Exchange Network. With 10 million registered users and over 50 million unique visitors every month, Stack Overflow is very popular among professional and enthusiast programmers. In an older version of the announcement published by Mary Ferguson, VP of Engineering at Stack Overflow, the company confirmed the breach but said it did not find any evidence that hackers accessed customers' accounts or any user data. However, the updated announcement now says that after ...

In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware . GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe, primarily in the United States and Europe, for years. GozNym was created by combining two known powerful Trojans—Gozi ISFB malware, a banking Trojan that first appeared in 2012 and Nymaim, a Trojan downloader that can also function as ransomware. In a press conference held on Thursday, Europol said the operation was successfully conducted with the cooperation between Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The United States has charged ten members of the GozNym criminal network, 5 of which were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine. However, rest of the five defendants reside in Rus...