Search results for Chrome OS | Breaking Cybersecurity News | The Hacker News

Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now freely available and already included in the cost of your smartphone. For the very first time, Google has announced its plans to charge a fee to European Android phone manufacturers who want to include a free version of Google apps on their Android handsets. In short, Android phone makers will now have to pay Google for installing the Play store, Gmail, YouTube, Maps, and Chrome, that are usually considered to be core parts of the Android operating system, but are actually Google services. "Since the pre-installation of Google Search and Chrome together with our other apps helped us

The Annual Pwn2Own Hacking Competition  2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year's hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, were compromised by the two security researchers. Sponsored by HP's Zero Day Initiative program, the Pwn2Own Hacking Competition ran two days at a security conference in Vancouver, Canada. The final highlights for Pwn2Own 2015 are quite impressive: 5 bugs in the Windows operating system 4 bugs in Internet Explorer 11 3 bugs in Mozilla Firefox 3 bugs in Adobe Reader 3 bugs in Adobe Flash 2 bugs in Apple Safari 1 bug in Google Chrome $557,500 USD bounty paid out to researchers The star of the show was South Korean secur

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Today, most of you surf the web unaware of the fact that websites collect your data and track your locations and makes millions by sharing your search histories, location data, and buying habits with advertisers and marketers. And if this isn't enough, there are hackers and cyber criminals out there who have the ability to easily steal your sensitive and personal data from the ill-equipped websites. In short, the bitter truth is that you have no or very little online privacy. To resolve this issue, you need a Virtual Private Network (VPN). If you are worried about online Privacy and have not thought about using a VPN, it might be time to get one. But, the question is: What are the best anonymous VPN services? Unfortunately, not all VPNs are as anonymous as they claim to be. Some VPN services keep extensive logs of their users' browsing activities, including IP-addresses for weeks, which nullify the point of using a VPN for privacy. Want Privacy While You Surf

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server, and Visual Studio. None of the vulnerabilities addressed this month by the tech giant were disclosed publicly at the time of release, leaving the two recently disclosed zero-day flaws in Internet Explorer and Edge browsers still open for hackers. However, two new privilege escalation vulnerabilities, which affect all supported versions of the Windows operating system, have been reported as being actively exploited in the wild. Both rated as important, the flaws ( CVE-2019-0803

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a

Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users' system. On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack. The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions , leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. " Pinkie Pie discovered an

If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability ( CVE 2020-13699 ), which, if exploited, could let remote attackers steal your system password and eventually compromise it. What's more worrisome is that the attack can be executed almost automatically without requiring much interaction of the victims and just by convincing them to visit a malicious web page once. For those unaware, TeamViewer is a popular remote-support software that allows users to securely share their desktop or take full control of other's PC over the Internet from anywhere in the world. The remote access software is available for desktop and mobile operating systems, including Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8, and BlackBerry. Discovered b

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen ( 19 ) vulnerabilities in its Flash Player, including one ( CVE-2015-8651 ) that is being exploited in the wild. All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely. So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs. Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon: A Type Confusion Vulnerability that could lead to arbitrary code execution ( CVE-2015-8644 ) An Integer Overflow Vulnerability that also leads to code e

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android's built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday. FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices. FIDO2 protocol is a combination of W3C's WebAuthn API that allows developers to integrate FIDO aut

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them (ICYMI). Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use Radio-waves to control our Smartphones from 16 feet away and How did the NSA break Trillions of Encrypted connections. Also, some of last week's news included USB Killer v2.0 and a real-life Thor-like Hammer . I recommend you to read the entire news (just click ' Read More ' because there's some valuable advice in there as well). Here's the list: 1. Google OnHub Router Runs on Chrome OS; Here's How to Root it Google OnHub Router runs Chrome operating system, the same Linux-based OS that powers Google Chromebook laptops and desktops. Google OnHub is a modern wireless router designed by Google and TP-Link. It operates networks on both t

When it comes to safeguarding your Internet security, installing an antivirus software or running a Secure Linux OS on your system does not mean you are safe enough from all kinds of cyber-threats. Today majority of Internet users are vulnerable to cyber attacks, not because they aren't using any best antivirus software or other security measures, but because they are using weak passwords to secure their online accounts. Passwords are your last lines of defense against online threats. Just look back to some recent data breaches and cyber attacks, including high-profile data breach at OPM ( United States Office of Personnel Management ) and the extra-marital affair site Ashley Madison , that led to the exposure of hundreds of millions of records online. Although you can not control data breaches, it is still important to create strong passwords that can withstand dictionary and brute-force attacks . You see, the longer and more complex your password is, the much harder