The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp, which, when opened, exploited web browser and privilege escalation vulnerabilities to install spyware on iOS and Android devices stealthily. "Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators posing as NGO workers, journalists, and other fake personas," the researchers say . What's more? The researchers said they found "technical overlaps" of Poison Carp with two recently discovered campaigns against the Uyghur community in China—the iPhone hacking campaign ...

Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage. Over the past three decades, many high profile hacking incidents—like hacking the US presidential elections , targeting a country with NotPetya ransomware , causing blackout in Ukrainian capital Kiev , and Pentagon breach—have been attributed to Russian hacking groups, including Fancy Bear  (Sofacy), Turla ,  Cozy Bear ,  Sandworm Team  and Berserk Bear. Besides continuously expanding its cyberwar capabilities, the ecosystem of Russian APT groups has also grown into a very complex structure, making it harder to understand who's who in Russian cyber espionage. Now to illustrate the big ...

Many organizations regard Endpoint Detection and Response (EDR) as their main protection against breaches. EDR, as a category, emerged in 2012 and was rapidly acknowledged as the best answer to the numerous threats that legacy AV unsuccessfully struggled to overcome – exploits, zero-day malware and fileless attacks are prominent examples. While there is no dispute on EDR's efficiency against a significant portion of today's advanced threats, a new breed of "next-generation EDR" solutions are now available ( learn more here ) which on top of featuring all EDR capabilities, go beyond this to protect against prominent attack vectors that EDR does not cover such as those involving users and networks. "Many people unknowingly mix two different things – endpoint protection and breach protection," explained Eyal Gruner, co-Founder of Cynet (a next-generation EDR solution). "It's perfectly true that many attacks start at the endpoint and involve mali...

It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the way Microsoft's scripting engine handles objects in memory in Internet Explorer. The vulnerability is a memory-corruption issue that could allow a remote attacker to hijack a Windows PC just by convincing the user into viewing a specially crafted, booby-trapped web-page hosted online, when using Internet Explorer. "An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affec...

Two widely used Adblocker Google Chrome extensions , posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, they also pose huge threats to both your privacy and security. Being the most over-sighted weakest link in the browser security model, extensions sit between the browser application and the Internet — from where they look for the websites you visit and subsequently can intercept, modify, and block any requests, based on the functionalities they have been designed for. Apart from the extensions which are purposely created with malicious intent , in recent years we have also seen some of the most popular legitimate Chrome and Firefox extensions g...

Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most severe of which could allow remote hackers to take control of an affected system. Google has decided to keep details of all four vulnerabilities secret for a few more days in order to prevent hackers from exploiting them and give users enough time to install the Chrome update. For now, Chrome security team has only revealed that all four vulnerabilities are use-after-free issues in different components of the web browser, as mentioned below, the critical of which could lead to remote code execution attacks. The use-after-free vulnerability is a class of memory corruption issue that allows corruption or modificat...

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured Elasticsearch server by security firm vpnMentor, which made the discovery during its large-scale mapping project. For a country with a population of over 16 million people, the breach exposed details of almost every Ecuadorian citizen, including President Lenín Moreno as well as WikiLeaks CEO Julian Assange , who was given political asylum in the country in 2012. The unsecured Elasticsearch server, which was based in Miami and owned by Ecuadorian company Novaestrat, contained 18GB cache of data appeared to have come from a variety of sources including government registries, an automot...