The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Oh MY God! Is Tracy Morgan Really Dead? NO, Thankfully it's only a hoax, but scammers announced the popular comedian and actor Tracy Morgan dead. Another Facebook scam is circulating across the social networking website just a day before the former " Saturday Night Live " and " 30 Rock " star Tracy Morgan was critically hurt in a six-vehicle fatal accident on the New Jersey Turnpike that killed his friend and writer 62-year-old James McNair. With the rise in various scams on the popular social networking giant, Facebook that has more than one billion active users, it became very clear that not only does the social networking platform provide special opportunities for people to connect and share information, but serves as a great platform for scammers as well. TOTAL SCAM LEADS TO MALWARE Scammers spare no incident to target as many victims as possible, and this time they made use of this roadway accident to target users by spreading the fake Facebook videos proclaimin...

The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users' financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as possible. BANKING MALWARE WITH NETWORK SNIFFING Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steals users' information from the device it has infected but, has ability to " sniff " network activity in an effort to compromise the devices of same network users as well. The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with an attached link that users easily click, considering th...

A 20 year old critical subtle integer overflow vulnerability has been discovered in Lempel-Ziv-Oberhumer (LZO), an extremely efficient data compression algorithm that focuses on decompression speed, which is almost five times faster than zlib and bzip compression algorithms. Lempel-Ziv-Oberhumer (LZO) was developed in 1994 by Markus Oberhumer and currently it is one of the most popular and widespread compression algorithm used in the Linux kernel , some Samsung Android mobile devices, other embedded devices and several open-source libraries including OpenVPN, MPlayer2, Libav, FFmpeg. 20 YEAR OLD VULNERABILITY IN LZO ALGORITHM Don A. Bailey, founder and CEO of Lab Mouse Security, who disclosed the technical details of the buffer overrun vulnerability in LZO/LZ4 algorithm, explains that if an attacker carefully craft a piece of compressed data that would run malicious code when the software attempted to decompress it. According to advisory, if buffers of 16MB or more ...

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi...

This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event's security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year's World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil. The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea , standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance camera...

Security researchers have uncovered a new Stuxnet like malware, named as " Havex ", which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm , which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even can shut down a country's power grid with a single keystroke. According to security firm F-Secure who first discovered it as Backdoor:W32/Havex.A. , it is a generic remote access Trojan ( RAT ) and has recently been used to carry out industrial espionage against a number of companies in Europe that use or develop industrial applications and machines. SMARTY PANTS, TROJANIZED INSTALLERS To accomplish this, besides traditional infection methods such as exploit kits and spam emails,...

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, ...

Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1. This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1. The jailbreak tool is currently available for Windows but works on every iOS devices. Many iOS users have posted on Reddit that the tool works successfully. Jailbreaking is a process of removing limitations on iOS devices , Apple's operating system, so you can install third party software not certified by Apple. Such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV. One question rises in my mind that when Apple 's system root protections have been greatly enhanced in an effort to make jailbreaks more difficult, then what's the whole story behind the unexpectedly release of this jailbreak tool? STEPS TO JAILBREAK iOS 7.1 ...

If you are one of the users of the BBC News iPhone app , then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: " NYPD Twitter campaign 'backfires' after hashtag hijacked," then strangely adds: "Push sucks! Pull blows! " After a while it goes to: " BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIII like testing. " Beneath the message the text seems to get more serious as it adds: " This is a breaking news story and the BBC News app will bring you updates as soon as they are available. " From various media outlets, it was observed that the most popular BBC News smartphone app has been hijacked by the some attackers who compromised its " Breaking News " feature and sent bogus messages to the users of the BBC News iPhone app. But BBC developers were actually ...