The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot. It's like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS apps or users' entire iPhones. NO iOS ZONE Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled " No iOS Zone ", at the RSA security conference in San Francisco on Tuesday. The duo showed: It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users' mobile devices with incredible accuracy. Also, even the "No iOS Zone" attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots. It is nothing but a DoS attack… ...that makes the device inaccessible by its users, just like in the ca

Sad but True! Your Apple's Mac computer is vulnerable to a serious privilege escalation flaw, dubbed "RootPipe," even if you are running the latest version of Mac OS X. What's RootPipe? Back in October 2014, a Swedish White Hat hacker Emil Kvarnhammar claimed to have discovered a critical privilege escalation vulnerability, he dubbed the backdoor as " RootPipe ," in some versions of Mac OS X including the then newest version 10.10 Yosemite. The vulnerability ( CVE-2015-1130 ) could allow an attacker to take full control of your desktop Mac computer or MacBook laptop, even without any authentication. Keeping in mind the devastating effect of the RootPipe vulnerability, the researcher privately reported the flaw to Apple and did not disclose the details of the flaw publicly until the company released a patch to fix it. Apple did release an update but failed to patch RootPipe: Earlier this month, Apple released the latest version of Mac OS

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability , affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers. Which isn't great? This serious flaw in Magento platform  exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server. All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions. Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and gain

Quite surprising but the just released Apple's iOS 8.4 beta has been jailbroken by a well-known hacker. Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as "i0n1c" in the jailbreak community. i0n1c has also shared a video proof-of-concept, titled " iOS 8.4 Beta 1 Jailbreak Preview 1, " showing… ...an iPhone 6 Plus model (that runs on iPhone 7.1) powered with iOS 8.4 Beta 1 has been jailbroken with Cydia icon showcased on the Home screen. In order to prove the jailbreak on iOS 8.4 beta 1, the hacker shows off the Apple Watch companion app, the newly redesigned Music app, and the new Emoji keyboard as well, while giving the video demonstration. The video demonstration by the hacker proved an actual jailbreak for iOS 8.4 beta 1, but don't expect a public iOS jailbreak tool iOS 8.4 or any other firmware from i0n1c. No doubt this seems to be a great news for all

If you are really upset with Chrome browsers warnings that your HTTPS enabled website contains unsecured third-party contents that sometimes force your users to close the tab, Google has solved this problem for you. With the release of the next version of Google's popular browser, Chrome 43 , it may be easier for developers and system administrators to ensure HTTPS websites are not compromised by insecure HTTP resources. Until now, the current browsers of Google flag a ' mixed-content warning ' in the form of a yellow triangle over the padlock if any HTTPS page loads any resource from an unencrypted HTTP URL. What's mixed content? And… ...Why should I worry about Mixed content if I am using HTTPS on my web pages? If, say, your website has HTTPS enabled but your website's pages are loading contents, such as images, retrieved through regular, clear text HTTP URLs, then it is believed that the connection is only partially encrypted. Partial

Encryption is one of the major steps to be taken by every big technology giant in order to protect its users over the Internet, and, among those, Google has set an admirable example by gradually moving all of its online services to use strong HTTPS encryption. So far, Google encrypted email by switching its Gmail service to HTTPS, Google encrypted data communicating between its servers, Google gives priority to encrypted websites in its search results, as well as Google search also uses HTTPS . Now: To help protect privacy and security of its users, the search engine giant is moving its advertising platforms to HTTPS , as well. Google has already moved its YouTube advertisements to HTTPS as of the end of last year, but Google has a widely spread ad network that serves ads to Hundreds of Millions of users across the Globe every day. However, the content of those ads are mainly controlled by the advertisers, and we cannot predict their intention. To better comba