The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability ...

It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously. Starting with the country's first-ever conviction for 'SIM Swapping' this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from victims. In the latest incident, the U.S. authorities on Thursday arrested two more alleged cybercriminals from Massachusetts, charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping between November 2015 and May 2018. SIM Swapping, or SIM hijacking, is a technique that typically involves the social engineering of a target's mobile phone provider. An attacker makes a phony call posing as their targets and convinces the mobile phone provider to port the target's phone number to a SIM card belonging to the attacker. Once successful, the attacker can t...

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be the most protected part of a mobile device. The vulnerabilities reside in Qualcomm's Secure Execution Environment (QSEE), an implementation of Trusted Execution Environment (TEE) based on ARM TrustZone technology. Also known as Qualcomm's Secure World, QSEE is a hardware-isolated secure area on the main processor that aims to protect sensitive information and provides a separate secure environment (REE) for executing Trusted Applications. Along with other personal information, QSEE usually contains private encryption keys, passwords, credit, and debit card credentials. Since it is based on the principle of l...

What could be even worse than getting hacked? It's the "failure to detect intrusions" that always results in huge losses to the organizations. Utah-based technology company InfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May 2014 until March 2016. What's ironic is that the company detected the breach only after it received an alert that its servers had reached maximum storage capacity due to a data archive file that the hacker created. InfoTrax Systems is an American company based in Utah that provides backend operations systems to multi-level marketers, which also includes an extensive amount of sensitive data on their users' compensation, inventory, orders, and accounting. The breach reportedly occurred in May 2014 when the hacker exploited vulnerabilities in InfoTrax's server and its client's website to gain remote control over its server, allowing him to gain access t...

Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack. This article brings a list of free tools that are already being used to combat these alarming challenges and enabling SMEs to arm themselves against a wide range of cyber offenders. Website Security Test with GDPR and PCI DSS Compliance Scan The problem: It would be hard to come across an SME without a website, or at least a web page on the Internet. Such websites are habitually poorly protected, becoming low-hanging fruit for cybercriminals. Even if the website does not store or handle any payment transactions or otherwise sensitive information, once breached, access to it can be sold in Dark Web mark...

Zombieload is back. This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown , Foreshadow and other MDS variants (RIDL and Fallout). Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards. The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware. ZombieLoad v2 Affects Latest Intel CPUs Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135 , that r...