#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for black hat | Breaking Cybersecurity News | The Hacker News

Linux distributor security list destroyed after hacker compromise !

Linux distributor security list destroyed after hacker compromise !

Mar 08, 2011
Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list. In a note to " Vendor-Sec " members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer. I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@….de at this time. Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation. The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members. This means that a compromise and the captu
Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Aug 09, 2018
Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only when the target's face is detected by the camera. To demonstrate this scenario, security researchers at IBM Research came up with DeepLocker —a new breed of "highly targeted and evasive" attack tool powered by AI," which conceals its malicious intent until it reached a specific victim. According to the IBM researcher, DeepLocker flies under the radar without being detected and "unleashes its malicious action as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition." Describing it as the "sp
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

Sep 12, 2022
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based buffer
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Airplanes Can Be Hacked Through Wireless In-flight Entertainment System

Airplanes Can Be Hacked Through Wireless In-flight Entertainment System

Aug 05, 2014
Almost a year ago, at the ' Hack In The Box ' security summit in Amsterdam, a security researcher at N.Runs and a commercial airline pilot, Hugo Teso presented a demonstration that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code. Quite similar to the previous one, a security researcher claims to have devised a method that can give cyber criminals access to the satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems. Cyber security expert Ruben Santamarta, a consultant with cyber security firm IOActive , will unveil his research and all the technical details this week at a major Las Vegas hacker convention, Black Hat conference, showing How commercial airliner satellite communication systems can also be compromised by hackers, along with the evidence of satellite communications system vulnerabilities that questions the standards th
Websites of Indian Embassy in 7 Countries Hacked; Database Leaked Online

Websites of Indian Embassy in 7 Countries Hacked; Database Leaked Online

Nov 07, 2016
Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad. This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns. Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously. In Pastebin link shared on their Twitter account , the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad. The pair exploited a si
How Drones Can Find and Hack Internet-of-Things Devices From the Sky

How Drones Can Find and Hack Internet-of-Things Devices From the Sky

Aug 08, 2015
Security researchers have developed a Flying Drone with a custom-made tracking tool capable of sniffing out data from the devices connected to the Internet – better known as the Internet-of-things. Under its Internet of Things Map Project , a team of security researchers at the Texas-based firm Praetorian wanted to create a searchable database that will be the Shodan search engine for SCADA devices. Located More Than 1600+ Devices Using Drone To make it possible, the researchers devised a drone with their custom built connected-device tracking appliance and flew it over Austin, Texas in real time. During an 18 minute flight, the drone found nearly 1,600 Internet-connected devices , of which 453 IoT devices are made by Sony and 110 by Philips. You can see the full Austin map here . How did They locate Internet of Things Devices? The researchers located all ZigBee-enabled smart devices and networks and then started expanding their research. "When [I
Four million hotel locks vulnerable to 'Dry erase marker'

Four million hotel locks vulnerable to 'Dry erase marker'

Oct 05, 2012
At Black Hat security conference this year Cody Brocious demonstrated that How a simple Dry erase marker allows him to open an Onity hotel room door lock with an Arduino, which is totally James Bond. This is just kind of scary on multiple levels, the least being that dry erase markers are one of the most ordinary, non-suspicious objects we can think of. Watch the video below and be afraid – be very afraid. It has been refined to such a state where there are no dangling bits that come out of the marker, with a tip that looks totally normal sans any wires. All you need to do is touch the tip of the market to the door port, and you would have gained entry without mentioning a secret password. The story didn't stop there with Onity, the electronic door specialist in question, stepping in to introduce several measures to secure the doors. Brocious created a proof-of-concept device to show to security experts and press, but it was a bit crude. In order to build and test all of this yoursel
Remote Attack Could Format Your Pebble Smartwatch Easily

Remote Attack Could Format Your Pebble Smartwatch Easily

Aug 22, 2014
Pebble, a wristwatch that can connect to your phone - both iOS and Android - and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely. Pebble Smartwatch , developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers. A security enthusiast Hemanth Joseph  claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it. HOW PEBBLE SMARTWATCH WORKS Before proceeding towards how he did this, let me explain how Peb
Android Bloatware, Another Serious Android Privacy Issue

Android Bloatware, Another Serious Android Privacy Issue

Dec 05, 2011
Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It's not just Carrier IQ that Android users need to be worried about. A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team. " Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploi
Google Releases Chrome Extension for End-To-End Email Encryption

Google Releases Chrome Extension for End-To-End Email Encryption

Dec 18, 2014
Back in june this year, Google announced an alpha Google Chrome extension called " End-to-End " for sending and receiving emails securely, in wake of former NSA contractor Edward Snowden's revelations about the global surveillance conducted by the government law-enforcements. Finally, the company has announced that it made the source code for its End-to-End Chrome extension open source via GitHub . Google is developing a user-friendly tool for individuals to implement the tough encryption standard known as Pretty Good Privacy (PGP) in an attempt to fully encrypt people's Gmail messages that can't even be read by Google itself, nor anyone else other than the users exchanging the emails. PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. But implementing PGP is too complicated for m
Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity

Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity

Sep 08, 2011
Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity Researchers " Elie Bursztein " from Stanford University in California have managed to bypass the encryption on a PC's hard drive to find out what websites a user has visited and whether they have any data stored in the cloud. " Commercial forensic software concentrates on extracting files from a disc, but that's not super-helpful in understanding online activity ," says Elie Bursztein, whose team developed the software. " We've built a tool that can reconstruct where the user has been online, and what identity they used. " The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system. OWADE is in alpha version and is only available by checking out the code directly as we update it very frequently. Note th
Dutch Police Seize Two VPN Servers, But Without Explaining... Why?

Dutch Police Seize Two VPN Servers, But Without Explaining... Why?

Sep 03, 2016
Recently, two European countries, France and Germany, have declared war against encryption with an objective to force major technology companies to built encryption backdoors in their secure messaging services. However, another neighborhood country, Netherlands, is proactively taking down cyber criminals, but do you know how? Dutch Police has seized two servers belonging to Virtual Private Network (VPN) provider Perfect Privacy , as part of an investigation, without even providing any reason for seizures. Switzerland-based VPN provider said they came to know about the servers seizure from I3D, the company that provides server hosting across Rotterdam. For those unfamiliar, Virtual Private Networks or VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. VPNs have now become a great tool not just for large companies, but also for individual
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

May 31, 2022
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky  said  in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a  track record  of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022  published  late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profile to other
BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

Oct 04, 2014
Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be known as " BadUSB ", whose source code has been published by the researchers on the open source code hosting website Github , demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack. The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware. But Wait! What this means is that this critical vulnerability is now ava
Bleeding Life 2 Exploit Pack Released

Bleeding Life 2 Exploit Pack Released

Oct 24, 2011
Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits Adobe CVE-2008-2992 CVE-2010-1297 CVE-2010-2884 CVE-2010-0188 Java CVE-2010-0842 CVE-2010-3552 Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Pan
Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected

Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected

Feb 14, 2023 Ad Fraud / Online Security
The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin  said  in a report published last week. Details of the malicious activity were  first exposed  by the GoDaddy-owned company in November 2022. The campaign, which is said to have been active since September last year, is orchestrated to redirect visitors to compromised WordPress sites to fake Q&A portals. The goal, it appears, is to increase the authority of spammy sites in search engine results. "It's possible that these bad actors are simply trying to convince Google that real people from different IPs using different browsers are clicking on their search results," Sucuri noted at
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

Aug 09, 2023 Mobile Security / Network Attack
Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for  null-ciphered cellular connections . "The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic," Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle  said . "Android does not rely on link-layer encryption to address this threat model. Instead, Android establishes that all network traffic should be end-to-end encrypted (E2EE)." 2G networks, in particular, employ weak encryption and lack mutual authentication,  rendering  them  susceptible  to over-the-air interception and traffic decryption attacks by impersonating a real 2G tower. The  threat posed by rogue cellular base stations  means th
Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

Dec 07, 2017
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging , the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the m
Cybersecurity Resources