The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite  that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet. The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser , could be exploited by to circumvent security protections and gain full control of Mac computers. The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system. This could make it easier for hackers to surreptitiously infect Macs with rootkits and other types of persistent malware. Thanks to an environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. Apple Mac OS X Vulnerability Gives Full Control of your Mac This environment variable specifies where in the file system an operating system component called the OS X dynamic linker dyld

Hacking Team , the Italy-based spyware company that sells spying software to law enforcement agencies worldwide, says the company has always operated with the law and regulation in an ethical manner. However, there was only one Violation of Law in this entire event, and that is – " the massive cyber attack on the Hacking Team. " company stated. The recent hack on Hacking Team exposed nearly 500GB of massive internal documents including internal emails, hacking tools, zero-day exploits , surveillance tools, source code for Spyware and a spreadsheet listing every government client with date of purchase and amount paid. Hacking Team Hack and Media Reports: The attack on Hacking Team was really huge in every sense. The team finally shows its disappointment with media on its hacking incident saying, the company that helps government fight crimes is being treated as the culprits, and the criminals who attacked the company are not. " Had a media company

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The major tech companies including Google, Facebook, and Yahoo! have joined their hands to launch a new program meant to block fake web traffic by blacklisting flagged IP addresses. Today, majority of data center traffic is non-human or illegitimate, so to fight against this issue the Trustworthy Accountability Group (TAG) has announced a program that will tap into Google's internal data-center blacklist to filter bots. The new pilot program will reject traffic from web robots or bots by making use of a blacklist, cutting a significant portion of web traffic from within data centers, said Google Ad Manager Vegard Johnsen. Google or any other big tech firm maintains a Blacklist that lists suspicious IP addresses of computer systems in data centers that may be trying to trick the human into clicking on advertisements. Google's DoubleClick blacklist alone blocked some 8.9% of data-center traffic back in May. Facebook and Yahoo to Contribute Apart from Goo

System administrators have reportedly exposed almost 600 Terabytes (TB) of MongoDB database due to running outdated and unpatched versions of the NoSQL MongoDB database. The open source MongoDB is the most popular NoSQL database used by companies of all sizes, from eBay and Sourceforge to The New York Times and LinkedIn. According to Shodan's representative John Matherly, nearly 30,000 MongoDB instances are publicly accessible over the Internet without the need of any form of authentication. This huge MongoDB database isn't exposed due to a flaw in its latest version of the software, but due to the use of out-of-date and unpatched versions of the platform that fail to bind to localhost. While investigating NoSQL databases, Matherly focused on MongoDB that is growing in popularity. "It turns out that MongoDB version 2.4.14 seems to be the last version that still listened to 0.0.0.0 [in which listening is enabled for all interfaces] by default, which

Do you use your Real Identity online and think about being private? If yes, then you are insane. Ashley Madison , the popular online dating website with tagline " Life is short. Have an affair ", recently got hacked , reportedly exposing a sample of its users' account information and other personal data online. The hacker group, called itself ' The Impact Team ', is also threatening to release the real names and all associated data of its 37 Million cheating customers. There are also rumors that the team could sell the stolen data for lots of money, instead of revealing it all for free. This isn't first time when the customers of online hooking site are scared of being exposed, two months ago the sex life of almost 4 Million users of Adult Friend Finder was made available on underground market for sale for 70 Bitcoins ($16,800). Lesson we Learned from These Hacks The Ashley Madison hack raises serious questions about what these compa

" Life is short. Have an affair, " but always remember " Cheaters never prosper. " AshleyMadison.com , an American most prominent dating website, that helps married people cheat on their spouses has been hacked, potentially putting very private details of Millions of its users at risk of being exposed. The Stolen personal data may include information from users' real names, addresses and their personal photographs to credit card details and sexually explicit chat logs. With a Huge Database of over 37 Million users, AshleyMadison.com , owned by Avid Life Media (ALM) company , is a very popular dating website that helps married people have extramarital affairs. Cougar Life and Established Men, two other dating sites also owned by Avid Life Media, have also had their data compromised. The Hacker group responsible for the hacks called itself " The Impact Team, " a company spokesperson confirmed. The group apparently raises an obje

In the wake of a critical Remote Code Execution vulnerability in all supported versions of its operating system platform, Microsoft has just issued an emergency fix. Yes, it's time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run malicious code on your computer, thereby taking " complete control of the affected system. " The critical flaw ( CVE-2015-2426 ), which affects all the supported versions of Windows operating system, resides in the way Windows Adobe Type Manager Library handles specially crafted Microsoft's OpenType fonts. Once exploited, the vulnerability could allow hackers to execute remotely malicious code on victims' computer if they open a specially crafted document or visit an untrusted web page that contains embedded OpenType fonts. " An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights ," Microsoft s

Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target. A massive 91% of successful data breaches at companies started with a social engineering and spear-phishing attack. A phishing attack usually involves an e-mail that manipulates a victim to click on a malicious link that could then expose the victim's computer to a malicious payload. So what is the missing link to manage the problem of employees being Social engineered? The answer is very simple – Educate your Employees and reinforce good security procedures at the same time. Phish your Employees! Yes, you heard me right… by this I mean that you should run a mock phishing campaign in your organization and find out which employees would easily fall victim to the phishing emails. Then step everyone through Internet

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma