#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New Systemd Privilege Escalation Flaws Affect Most Linux Distributions

New Systemd Privilege Escalation Flaws Affect Most Linux Distributions

Jan 10, 2019
Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. The vulnerabilities, assigned as CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, actually resides in the "systemd-journald" service that collects information from different sources and creates event logs by logging information in the journal. The vulnerabilities, which were discovered and reported by security researchers at Qualys, affect all systemd-based Linux distributions, including Redhat and Debian , according to the researchers. However, some Linux distros such as SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not affected, as "their userspace [code] is compiled with GCC's -fstack-clash-protection ." The first two flaws are memory corruptions issues, while the ...
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Jan 10, 2019
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. Therefore, every time users click on a link provided in an email, Safe Links first sends them to a Microsoft owned domain, where it immediately checks the original link for anything suspicious. If Microsoft's security scanners detect any malicious element, it then warns the users about it, and if not, it redirects them to the original link. However, researchers at the cloud security company Avanan have revealed how attackers have been bypassing both Office 365's URL reputation check a...
Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Jan 10, 2019
Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks. To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections. The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection. Launched over eight years ago, Google Public DNS, at IP addresses 8.8.8.8 and 8.8.4.4, is world's largest public Domai...
cyber security

New Webinar: Identity Attacks Have Changed — Have Your IR Playbooks?

websitePush SecurityThreat Detection / Identity Security
With modern identity sprawl, the blast radius of a breach is bigger than ever. Are you prepared? Sign up now.
cyber security

AI Can Personalize Everything—Except Trust. Here's How to Build It Anyway

websiteTHN WebinarIdentity Management / AI Security
We'll unpack how leading teams are using AI, privacy-first design, and seamless logins to earn user trust and stay ahead in 2025.
Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

Jan 10, 2019
Remember " The Shadow Brokers " and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA contractor Harold T. Martin III , unnamed sources familiar with the investigation told Politico. In October 2016, the U.S. government arrested and charged Martin, 51, with theft of highly classified documents, including most sensitive NSA hacking tools and top-secret information about "national defense," that he siphoned from government computers over the period of two decades. The breach is believed to be the largest heist of classified government material in America's history, far bigger than Edward Snowden leaks . According to the sources, the Antivirus firm learned about Martin after he sent unusual direct messag...
German Police Seek Help In Finding Parcel Bomber With MAC Address

German Police Seek Help In Finding Parcel Bomber With MAC Address

Jan 09, 2019
German police are seeking your help in gathering information related to a MAC address that could lead to the cell phone device used by a DHL blackmailer who last year parceled out bombs at different addresses in Brandenburg and Berlin. Between November 2017 and April 2018, someone used German parcel delivery service DHL to sent out several so-called improvised explosive devices (IEDs) in packets, demanding €10 million worth of bitcoins from the parcel service. In one event, a parcel containing nails, screws, and fireworks explosive powder was received by a pharmacy adjacent to the German Christmas market during 2017 Christmas, which eventually caused the evacuation of the market. German police later discovered a message inside that package in which the blackmailer threatened to send more parcels in the pre-Christmas season unless DHL made a 10 million euro payment in Bitcoin. During the investigation, the German police successfully communicated with the alleged blackmailer m...
Get 10 Popular Books To Learn Advanced Hacking [2018 Bundle]

Get 10 Popular Books To Learn Advanced Hacking [2018 Bundle]

Jan 09, 2019
It should come as no surprise that cybersecurity is one of the most important and lucrative fields in the world right now, and it's becoming more important every day—thanks to a growing number of cyber attacks that are targeting everything from individuals and startups to Fortune 500 companies and entire government agencies. So it should also come as no surprise that demand for talented and trained cybersecurity professionals who know how to thwart and retaliate against these attacks is skyrocketing. The 2018 Supercharged Cybersecurity Bundle offers a massive trove of resources that will give you the skills you need to join the fight against cybercriminals of all backgrounds, and the entire bundle is available for 95% off at just $29.99. With 10 most popular cyber security books (listed below), spanning 12 hours of in-depth instruction, this bundle walks you through everything from the more theoretical and abstract elements of cybersecurity to its most essential tools and platfo...
Google Removes 85 Adware Apps That Infect 9 Million Android Users

Google Removes 85 Adware Apps That Infect 9 Million Android Users

Jan 09, 2019
Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users. With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money for its makers. The now-removed 85 apps in question disguised as games, streaming TV, and remote control simulator apps in the Google Play store and had collectively been installed by nine million users all over the world. Researchers from cyber security company Trend Micro spotted these apps which has the ability to bombard user devices with full-screen advertisements at regular intervals or when users unlock their device by monitoring their screen unlocking functionality. The apps can display ads even when you are not browsing the internet, hide themselves and run in the background on infected devices. The most popul...
Microsoft Patch Tuesday — January 2019 Security Updates Released

Microsoft Patch Tuesday — January 2019 Security Updates Released

Jan 09, 2019
Microsoft has issued its first Patch Tuesday for this year to address 49 CVE-listed security vulnerabilities in its Windows operating systems and other products, 7 of which are rated critical, 40 important and 2 moderate in severity. Just one of the security vulnerabilities patched by the tech giant this month has been reported as being publicly known at the time of release, and none are being actively exploited in the wild. All the seven critical-rated vulnerabilities lead to remote code execution and primarily impact various versions of Windows 10 and Server editions. Two of the 7 critical flaws affect Microsoft's Hyper-V host OS that fails to properly validate input from an authenticated user on a guest operating system, three affect the ChakraCore scripting engine that fails to properly handle objects in memory in Edge, one affects Edge directly that occurs when the browser improperly handles objects in memory, and one impacts the Windows DHCP client that fails to pro...
Expert Insights Articles Videos
Cybersecurity Resources