Search results for hacker display | Breaking Cybersecurity News | The Hacker News

EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately update its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told The Hacker News. The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan , is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar. According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar. Since the address bar of a web browser is the most r...

14 Year Old Hacker Hired by Microsoft after doing  phishing via Call of Duty Server ! These are the kinds of things dreams are made of, a 14 year old hacker on Call of Duty was just recruited by Microsoft. You heard me right, Microsoft . This is exactly what Sony should have done with George Hotz – given him a job as a security specialist, instead of suing him in court and getting its PlayStation Network and other Sony websites hacked day in and out. Microsoft is reported to be working with the 14-year-old Irish hacker who managed to stir up a little trouble with his Call of Duty: Modern Warfare 2 phishing scam alert. According to the managing director of Microsoft of Ireland, the company is helping the hacker " develop his talent for legitimate purposes. " Congrats to that young hacker, whose name was not disclosed. While the new prospect for the Dublin kid is not meant to be an example for other hackers to follow, companies do have to realize that there are many talent...

Social media networks are no doubt a quick and powerful way to share information and ideas, but not everything shared on Facebook or Twitter is true. Misinformation, or "Fake News," has emerged as a primary issue for social media platforms, seeking to influence millions of people with wrong propaganda and falsehoods. In past years, we have seen how political parties and other groups have used spoofed social media profiles of influencers or leaders to spread misinformation, and most of the time such techniques work to successfully convince people into believing that the information is true. Although social media services like Facebook, Twitter, and Google, offers account verification (verified accounts with blue tick) for public figures, we have seen hackers hijacking verified accounts to spread fake news from legitimate account to their millions of followers. Now, researchers have uncovered a new, cunning attack technique currently being used by hackers to take ove...

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev...

I was watching my favorite show on the television and it was just half over when I saw something which was definitely not a part of the show I was watching. My television screen gone blank for a couple of seconds and then what I saw was totally unbelievable for my eyes. It was my friend ' Rahul Sasi ' on the television and I was still wondering that how did he interrupted in between a television show like happens in Sci-Fi movies, someone hijacks television or computer to deliver some kind of message or warning. Also like in some horror movies in which sometime ghostly images interrupts between the television and suddenly comes out. Oh my god! But, nothing happened like that in my case, my friend didn't came out. Just few minutes later I was again redirected to the same show I was watching, only a part of it I missed, but never mind I'll watch it on the YouTube later. I think you might be thinking as if I am kidding, but it's true. My friend Rahul Sasi is a well kn...

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment," Zimperium zLabs researcher Vishnu Pratapagiri said . "This overlay presents an alarming '*WARNING*' message, alongside a wallet address and amount, both of which are dynamically retrieved from the command-and-control server." The mobile security company said the overlay is remotely initiated when the command "ransome" is issued by the C2 server. The overlay can be dismissed by the attacker by sending the "delete_ransome" command. HOOK is assessed to be an offshoot of the ERMAC banking trojan, which, coincidentally, had its source code leaked on a publicly accessible directory over the int...

A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz  discovered Remote code execution flaw " due to a type-cast issue in combination with complex curly syntax ", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo()  PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog , he noticed a legitimate URL on EBay: https://sea.ebay.com/search/?q=david&catidd=1  . . and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${ phpinfo() }}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept li...

There is a very sleek line between hacking and security. The security used to protect the public could be misused by hackers against the public itself, and one shouldn't forget that with the advance in technology, the techniques used by cyber criminals also improves. Today, What hackers need to conduct a successful cyber attack? Maybe just a computing device injected under the skin of their bodies, who can bear the pain, would be enough to help complete a successful cyber attack – also known as Biohacking . This was exactly what presented by the former U.S. Navy petty officer and now engineer at APA Wireless Seth Wahle . With no malicious intention, Wahle implanted a small NFC chip in his left hand right between his thumb and his pointer finger in order to display the risks of Biohacking. Hacking Android devices using NFC implants: For those unaware, NFC (Near Field Communications) chips embedded in our smartphone devices are used for transferring files and in various mobile pa...

FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders. The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option. As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp." Have you yet asked yourself why...

Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and artificial intelligence-powered malware researcher platform that aims to help users identify unknown malware samples before they strike. Dubbed SNDBOX , the free online automated malware analysis system allows anyone to upload a file and access its static, dynamic and network analysis in an easy-to-understand graphical interface. The loss due to malware attacks is reported to be more than $10 billion every year, and it's increasing. Despite the significant improvement of cyber security mechanisms, malware is still a powerful and effective tool used by hackers to compromise systems because of...

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy . Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app  easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the  Stream Publish Dialog looks like the following:  https://www.facebook.com/dialog/stream.publish?app_id=xxxx&redirect_uri=https://www.facebook.com/&action_links=&attachment=%7B%27media%27:%20[%7B%27type%27:%20%27flash%27,%27swfsrc%27:%27https://files.nirgoldshlager.com/goldshlager2.swf%27...

Around five years after unknown hackers gained unauthorized access to multiple kernel.org servers used to maintain and distribute the Linux operating system kernel, police have arrested a South Florida computer programmer for carrying out the attack. Donald Ryan Austin , a 27-year-old programmer from of El Portal, Florida, was charged Thursday with hacking servers belonging to the Linux Kernel Organization ( kernel.org ) and the Linux Foundation in 2011, the Department of Justice announced on Thursday. The Linux Kernel Organization runs kernel.org servers for distributing the Linux operating system kernel, which is the heart of the operating system, whereas the Linux Foundation is a separate group that supports kernel.org. According to an indictment [ PDF ] unsealed by federal prosecutors on Monday, Austin managed to steal login credentials of one of the Linux Kernel Organization system administrators in 2011 and used them to install a hard-to-detect malware backdoor, dubbe...

People are still getting over the most controversial data scandal of the year, i.e., Cambridge Analytica scandal , and Facebook is under fire yet again after it emerges that a popular quiz app on the social media platform exposed the private data of up to 120 million users for years. Facebook was in controversies earlier this year over a quiz app that sold data of 87 million users to a political consultancy firm, who reportedly helped Donald Trump win the US presidency in 2016. Now, a different third-party quiz app, called NameTests, found exposing data of up to 120 million Facebook users to anyone who happened to find it, an ethical hacker revealed. NameTests[.]com, the website behind popular social quizzes, like "Which Disney Princess Are You?" that has around 120 million monthly users, uses Facebook's app platform to offer a fast way to sign up. Just like any other Facebook app, signing up on the NameTests website using their app allows the company to fetch neces...