The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

High-tech Sniper Rifles can be remotely hacked to shoot the wrong target – Something really scary and unpredictable. Yes, Hackers can remotely gain access to the $13,000 TrackingPoint sniper rifles that run Linux and Android operating system and have Wi-Fi connections. So then they can either disable the gun or choose a wrong target. A married pair of security researchers have proved that anything connected to the Internet can ultimately be hacked, whether computer systems, cars or… GUNS . According to the duo, the Tracking Point's self-aiming rifle sights, better known as the ShotView targeting system, is vulnerable to WiFi-based attacks that could allow your enemy to redirect bullets to new targets of their choice. Hacking $13,000 Self-aiming Rifles to Shoot wrong target Runa Sandvik and her husband Michael Auger are planning to present their findings on exploiting two of the $13,000 self-aiming rifles at the Black Hat hacking conference . In the hack, the duo demonstrates

Bad week for Android. Just days after a critical Stagefright vulnerability was revealed in the widely popular mobile platform, another new vulnerability threatens to make most Android devices unresponsive and practically unusable to essential tasks. Security researchers at Trend Micro have developed an attack technique that could ultimately crash more than 55 percent of Android phones , almost making them completely unresponsive and useless to perform very basic functions, including to make or receive calls. The dangerous security flaw affects any device running Android 4.3 Jelly Bean and later, including the latest Android 5.1.1 Lollipop , potentially putting hundreds of millions of Android users vulnerable to hackers. The flaw surfaced two days after Zimperium researchers warned that nearly 950 Million Android phones can be hijacked by sending a simple text message. Dubbed Stagefright , the vulnerability is more serious because it required no end-user interaction at

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A group of China-backed hackers believed to be responsible for high-profile data breaches, including the U.S. Office of Personnel Management and the insurance giant Anthem , has now hit another high-profile target –  United Airlines . United detected a cyber attack into its computer systems in May or early June; Bloomberg reported , citing some unnamed sources familiar with the matter. The same sources say that the hackers responsible for the data breach in United's systems are the same group of China-backed hackers that successfully carried out several other large heists, including the United States' Office of Personnel Management and the health insurer Anthem Inc. Dangerous Intentions: United Airlines Data Breach The stolen data includes manifests, which contain information on flights' passengers and their origins and destinations, meaning that the hackers have " data on the movements of Millions of Americans ." Since United Airlines

Are you the one who simply punch your wallet against a reader to get into your office? Then surely your office is using Radio-Frequency Identification (RFID) cards to manage building access and security. However, these most common access control systems are incredibly easy to hack — and now more than ever before. Thanks to a $10 tiny device developed by two security researchers that can easily circumvent these RFID cards. Dubbed BLEkey or Bluetooth Low Energy device is a tiny little device designed to be embedded in an RFID card reader, a small box you swipe or touch your card to open doors. BLEkey exploits a vulnerability in the Wiegand communication protocol used by the majority of RFID card readers today in order to clone and skim your RFID-equipped cards. Grab your BLEkey for Just $10 Mark Baseggio from security firm Accuvant and Eric Evenchick from Faraday Future who developed BLEkey are going to present their findings at next week's Black Hat se

The National Security Agency will restrict access to, and ultimately destroy, millions of US phone records previously collected by the spy agency, the Office of the Director of National Intelligence (ODNI) announced Monday. The federal law was passed in June ending the NSA's bulk collection of U.S. Citizen's Telephone records and destroying the data it collected under a controversial global spying program disclosed by former NSA contractor Edward Snowden. So far, the ODNI didn't specify when the agency would destroy these metadata records , but noted that the metadata must be retained until the lawsuits around the metadata collection program are ongoing. NSA's Bulk Metadata Collection is illegal Section 215 of the Patriot Act legally authorizes the law enforcement agencies to collect "any tangible things" that the government proves are connected or linked to an investigation into any suspected terrorist. However, the verdict in May ruled that the mas

A critical vulnerability has been discovered in the official Apple's App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in

Wanna Hack an extremely secure Computer? You do not need sophisticated techniques or equipment to do so. To hack an Air-Gapped computer – All you need is a cell phone; even old-fashioned, dumb phones from the past decade will work. Yes, Hacking Air-Gapped Computers is possible using a basic low-end mobile phone. Israeli security researchers have devised a new attack to steal data from a computer that is isolated from the internet and other computers that are connected to external networks, also known as an air-gapped computer. This new hack attack that could steal data from a highly secured computer uses: The GSM network Electromagnetic waves A basic low-end mobile phone The research was conducted by lead security researcher Mordechai Guri, along with Yuval Elovici, Assaf Kachlon, Ofer Hasson, Yisroel Mirsky, and Gabi Kedma – the same researchers who developed a previous attack that used a smartphone to wirelessly extract data from Air-Gapped computers .

Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o

Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of

Do you own a Smartwatch ? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch. Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks. In a study, HP's Fortify tested today's top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns. The most shocking part of the study was that –  Not even a Single Smartwatch Found to be 100 percent Safe Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers. With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers' security because these wearable devices could potentially open doors to new threats to personal and sensitive informat

I think you'll agree with me when I say: It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it? Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network. A group of six academics have developed a Tor network alternative for users that allows high-speed anonymous web surfing, reinforcing the privacy of Internet users worldwide. The network is dubbed: HORNET: High-speed Onion Routing at the Network Layer Many anonymising networks, including The Onion Router (or TOR) network, are often slow because the data passing through the networks is encrypted a many numbers of times. However, the high-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps  while maintaining privacy. The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University , along with Daniele Enri

As digging deeper and deeper into the huge Hacking Team data dump , security researchers are finding more and more source code, including an advanced Android Hacking Tool. Yes, this time researchers have found a source code to a new piece of weaponized android malware that had the capability to infect millions of Android devices even when users are running latest versions of the android mobile operating system. Trend Micro researchers found that the Italian spyware company was selling RCSAndroid (Remote Control System Android) , which they says, is one of the "most professionally developed and sophisticated" pieces of Android malware a.k.a Android hacking tool they have ever seen. RCSAndroid is a sophisticated, real-world surveillance and hacking tool that provides even unskilled hackers to deploy one of the world's more advanced surveillance suites for Google's mobile operating system Android. List of Creepy Features of Android Hacking Tool

How many Zero-Days do you think could hit Microsoft today? Neither one nor two; this times its Four. The Hewlett-Packard's Zero-Day Initiative (ZDI) has disclosed four new zero-day vulnerabilities in Microsoft's Internet Explorer browser that could be exploited to remotely execute malicious code on victim's machine. All the four zero-days originally were reported to Microsoft, affecting Internet Explorer on the desktop. However, later it was discovered that the zero-day vulnerabilities affected Internet Explorer Mobile on Windows Phones as well. Each of the four zero-day flaws affects different components of the browser, and all are remotely exploitable through typical drive-by attacks. Four Zero-day vulnerabilities Disclosed by ZDI Here are the zero-day vulnerabilities, as reported by ZDI: ZDI-15-359: AddRow Out-Of-Bounds Memory Access Vulnerability ZDI-15-360: Use-After-Free Remote Code Execution Vulnerability ZDI-15-361: Use-After-Free Rem

WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3 , to fix a critical security vulnerability that could have been exploited by hackers to take over websites, affecting the security of its Millions of sites. WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw that could allow any user with the Contributor or Author role to compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday. Cross-site scripting is actually a vulnerability in the Web applications' code that opens up the target website to attacks. The vulnerability is one of the most favorite and commonly used flaws by cyber criminals. According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system. This, in turn, le

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely . OpenSSH servers with keyboard-interactive authentication enabled , including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post . Exploit for the Vulnerability RELEASED  Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems. Researcher has also released a proof-of-concept exploit code, which i

A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite  that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet. The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser , could be exploited by to circumvent security protections and gain full control of Mac computers. The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system. This could make it easier for hackers to surreptitiously infect Macs with rootkits and other types of persistent malware. Thanks to an environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. Apple Mac OS X Vulnerability Gives Full Control of your Mac This environment variable specifies where in the file system an operating system component called the OS X dynamic linker dyld

Hacking Team , the Italy-based spyware company that sells spying software to law enforcement agencies worldwide, says the company has always operated with the law and regulation in an ethical manner. However, there was only one Violation of Law in this entire event, and that is – " the massive cyber attack on the Hacking Team. " company stated. The recent hack on Hacking Team exposed nearly 500GB of massive internal documents including internal emails, hacking tools, zero-day exploits , surveillance tools, source code for Spyware and a spreadsheet listing every government client with date of purchase and amount paid. Hacking Team Hack and Media Reports: The attack on Hacking Team was really huge in every sense. The team finally shows its disappointment with media on its hacking incident saying, the company that helps government fight crimes is being treated as the culprits, and the criminals who attacked the company are not. " Had a media company

The major tech companies including Google, Facebook, and Yahoo! have joined their hands to launch a new program meant to block fake web traffic by blacklisting flagged IP addresses. Today, majority of data center traffic is non-human or illegitimate, so to fight against this issue the Trustworthy Accountability Group (TAG) has announced a program that will tap into Google's internal data-center blacklist to filter bots. The new pilot program will reject traffic from web robots or bots by making use of a blacklist, cutting a significant portion of web traffic from within data centers, said Google Ad Manager Vegard Johnsen. Google or any other big tech firm maintains a Blacklist that lists suspicious IP addresses of computer systems in data centers that may be trying to trick the human into clicking on advertisements. Google's DoubleClick blacklist alone blocked some 8.9% of data-center traffic back in May. Facebook and Yahoo to Contribute Apart from Goo