The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have uncovered a new piece of mobile surveillance malware believed to be developed by a Russian defense contractor that has been sanctioned for interfering with the 2016 U.S. presidential election. Dubbed Monokle , the mobile remote-access trojan has been actively targeting Android phones since at least March 2016 and is primarily being used in highly targeted attacks on a limited number of people. According to security researchers at Lookout, Monokle possesses a wide range of spying functionalities and uses advanced data exfiltration techniques, even without requiring root access to a targeted device. How Bad is Monokle Surveillance Malware In particular, the malware abuses Android accessibility services to exfiltrate data from a large number of popular third-party applications, including Google Docs, Facebook messenger, Whatsapp, WeChat, and Snapchat, by reading text displayed on a device's screen at any point in time. The malware also extracts...

The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal . Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices and policies. The agreement requires Facebook to make some major structural changes, as explained below, that will hold the company accountable for the decisions it makes about its users' privacy and information it collects on them. "The order requires Facebook to restructure its approach to privacy from the corporate board-level down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight," the FTC said in a press release . Ac...

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to create custom automated spreadsheets for various Siemens projects related to the power generation industry. However, according to the United States Justice Department ( DoJ ), Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date. Logic Bomb is a piece of computer code intentionally inserted into software or system to carry out specific operations like crash or malfunction after certain conditions are met, or an amount of time has expire...

A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide. The vulnerable software in question is ProFTPD , an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and comes pre-installed with many Linux and Unix distributions, like Debian. Discovered by Tobias Mädel , the vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back. According to Mädel, an incorrect access control issue in the mod_copy module could be exploited by an authenticated user to unauthorizedly copy any file on a specific location of the vulnerable FTP server where the user is otherwise not allowed to write a file. ...

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited. It's a lucrative career, and anyone can find work after the right training. According to the Bureau of Labor Statistics, demand for cyber security experts will expand rapidly over the next three or four years. If you want to build a career in the industry, now is the time to take action. Do you also want to learn real-world hacking techniques but don't know where to start? This week's THN deal is for you —  2019 Ethical Hacker Master Class Bundle . This latest training bundle includes 10 following-mentioned courses with over 180 hours of  1395 in-depth  online lectures, helping you master all the fundamentals of cyber...

Equifax, one of the three largest credit-reporting firms in the United States, has to pay up to $700 million in fines to settle a series of state and federal investigations into the massive 2017 data breach that exposed the personal and financial data of nearly 150 million Americans—that's almost half the country. According to an official announcement by the U.S. Federal Trade Commission (FTC) today, Equifax has agreed to pay at least $575 million in fines, but this penalty could rise to up to $700 million depending on the amount of compensation people claim. Up to $425 million of the fines will go to a fund that will provide credit monitoring services to affected customers and compensate anyone who bought such services from the company and paid other related expenses as a result of the breach . Rest $175 million and $100 million will go to civil penalties across 50 states and to the Consumer Financial Protection Bureau (CFPB), respectively. Besides the penalty, the co...

If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet services. The root certificate in question, labeled as " trusted certificate " or " national security certificate ," if installed, allows ISPs to intercept and monitor users' encrypted HTTPS and TLS connections, helping the government spy on its citizens and censor content. In other words, the government is essentially launching a "man in the middle" attack on every resident of the country. But how installing a "root certificate" allow ISPs to decrypt HTTPS connection? For those unaware, your device and web browsers automatically trust digi...