The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking your help. Instead, it was an infamous 'Nigerian 419' scam email template where fraudsters try to dupe you into making a quick online payment by offering a share in a large sum of money on the condition you help them transfer money out of their country. The FBI today announced the arrests of 281 suspects from around the world as part of an internationally coordinated law enforcement operation aimed at disrupting multi-billion-dollar BEC email and wire transfer scams. With no surprise, the largest number of arrests were made in Nigeria where authorities detained a total of 167 suspects, though a significant number of arrests were also made in nine other countrie...

Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month . Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws—one resides in the Windows operating system and the other in Windows Common Log File System Driver. Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enabl...

What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecure storage of credentials, potentially affecting every user and system on that network. Researcher Simon Kenin told The Hacker News that he discovered a total of five vulnerabilities—two in a D-Link DSL modem typically installed to connect a home network to an ISP, and three in multiple Comba Telecom WiFi devices. These flaws could potentially allow attackers to change your device settings, extract sensitive information, perform MitM attacks, redirect you to phishing or malicious sites and launch many more types of attacks. "Since your router is the gateway in and out of your entire network it can potentially affect every user and system on that network. An attacker-controlled ...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

It's Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). None of the security vulnerabilities patched this month in Adobe products is being exploited in the wild. The latest update for Adobe Flash Player , the software that will receive security patch updates until the end of 2020, this month addresses two critical vulnerabilities and affects Windows, macOS, Linux, and Chrome OS versions of the software. Both the critical vulnerabilities in Flash Player, listed below, lead to arbitrary code execution in the context of the current user, allowing attackers to take complete control over targeted systems. Same-origin method execution (CVE-2019-8069) Use-after-free (CVE-2019-8070) Both the vuln...

Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware in the Middle East, primarily in the United Arab Emirates (UAE). Dubbed Win32/StealthFalcon , named after the hacking group, the malware communicates and sends collected data to its remote command-and-control (C&C) servers using Windows Background Intelligent Transfer Service (BITS). BITS is a communication protocol in Windows that takes unused network bandwidth to facilitate asynchronous, prioritized, and throttled transfer of files between machines in the foreground or background, without impacting the network experience. BITS is commonly used by software up...

Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM (HipHop Virtual Machine)—a high-performance, open source virtual machine developed by Facebook for executing programs written in PHP and Hack programming languages. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance of your Hack and PHP code while maintaining the development flexibility that the PHP language provides. Since the affected HHVM server application is open-source and free, both issues may also impact other websites that use HHVM, including Wikipedia, Box and especially those which allow their users to upload images on the server. Both the vulnerabilities, as listed below, reside due to a possible memory overflow in the GD extension of HHVM wh...

It's been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here's a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution Trends The heat must have had an effect as this summer saw malware continuing to evolve, particularly around three core trends: Evasion-by-design Malware has been increasingly designed to bypass security controls leveraging a host of tactics, most notably by: Changing hashes via file obfuscation to evade AVs. Using encrypted communication with C2 servers to foil EDRs. Using feature manipulation and tampering to trick AI, machine-learning engines, and sandboxes through the detection of such environments and the deliberate delay in execution. Fileless Attacks and Living-Off-The-Land (LOTL) Taking evasion techniques one step further, an in...