The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Update (Tuesday, April 11):  The arrest of a Russian man in Spain was apparently for his role in Kelihos botnet responsible for sending hundreds of millions of spam emails worldwide. A Russian computer hacker and alleged spam kingpin was arrested in Barcelona, Spain, on Friday reportedly over suspicion of being involved in hacking attacks linked to alleged interference in last year's United States presidential election process . 36-year-old Peter Yuryevich Levashov  from St. Petersburg was detained by police in Barcelona after US authorities issued an international arrest warrant for his arrest. While the Russian embassy in Madrid announced Levashov's arrest on Sunday, it did not confirm the reason for his arrest. This is the second arrest made by the Spanish authorities since the US 2016 election. In January, the police detained Stanislav Lisov , 32, on suspicion of creating and operating the NeverQuest Banking Trojan and possibly influencing the presidential ele...

It's 2017, and opening a simple MS Word file could compromise your system. Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office. The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object. When opened, the exploit code gets executed and makes a connection to a remote server controlled by the attacker, from where it downloads a malicious HTML application file (HTA) that's disguised as a document created in Microsoft's RTF (Rich Text Format). The HTA file then gets executed automatically with attackers gaining full code execution on the victim's machine, downloading additional payloads from "different well-known malware families" ...

Remember The Shadow Brokers ? They are back. A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to " Equation Group " – an elite cyber attack unit linked to the NSA. Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction , the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (fr...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA). Named Grasshopper , the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection. All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims. Grasshopper: Customized Malware Builder Framework According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using. The Grasshopper framework then automatically puts together several components sufficient for attack...

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping. According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February. Dubbed ' Operation TradeSecret ,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities. Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called " Scanbox ." Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the...

Since the launch of Windows 10, there has been widespread concern about its data collection practices , mostly because Microsoft has been very secretive about the telemetry data it collects. Now, this is going to be changed, as Microsoft wants to be more transparent on its diagnostics data collection practices. Till now there are three options ( Basic, Enhanced, Full ) for Windows 10 users to select from under its diagnostics data collection section, with no option for users to opt out of sending their data to Microsoft. Also, the company has never said precisely what data it collects behind these options, which raised huge privacy concerns among privacy-conscious users. But now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update , bringing an end to nearly two years of its mysterious data collection practices . The Windows 10 Creators Update, which will be available from Apri...

No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla...

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th...

Sir Tim Berners-Lee — the inventor of the World Wide Web — has won this year's A.M. Turing Award, which is frequently described as the "Nobel Prize of Computing," by the Association for Computing Machinery (ACM). Turing Award is named after Alan Mathison Turing , the British mathematician and computer scientist who was a key contributor to the Allied cryptanalysis of German Enigma cipher and German "Tunny" encoding machine in World War II. The ACM announced the 2016 Turing Award on Tuesday, which also includes the top prize of $1 Million that has been awarded to Sir Berners-Lee, who is long known for inventing World Wide Web, which becomes a way for scientists to share information on the Internet. "I'm humbled to receive the namesake award of a computing pioneer who showed that what a programmer could do with a computer is limited only by the programmer themselves," Sir Berners-Lee said on receiving the award.  "It's an hon...