The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Apple Mac Computers are considered to be invulnerable to malware, but the new Exploit discovered by security researchers proves it indeed quite false. Patrick Wardle , director of research at security firm Synack , has found a deadly simple way that completely bypass one of the core security features in Mac OS X i.e.  Gatekeeper . Introduced in July of 2012, Gatekeeper is Apple's anti-malware feature designed to keep untrusted and malicious applications from wreaking havoc on Macs. However, Wardle has found a quick and simple way to trick Gatekeeper into letting malicious apps through on Mac OS X machines, even if the protection is set to open apps downloaded only from the Mac App Store. According to the researcher, before allowing any apps to execute on an OS X machine, Gatekeeper performs a number of checks, such as: Checking the initial digital certificate of a downloaded app Ensuring the app has been signed with an Apple-recognized developer certificat

If you are among thousands of privacy-conscious people who are still using ' no longer available ' TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user's data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google's Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ' unfixed security issues '. TrueCrypt is a widely-used ' On-the-Fly ' Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Google is doubling the maximum APK file size on the Play Store from 50 MB to 100 MB . That means... Android app developers can now build higher quality Apps and Games that users love. Of course, for an end user it may affect the overall app performance and installation time, as well as mobile data connectivity. Google Wants Developers to Create Richer Apps By increasing file size limit from 50 MB to 100 MB, Google wants to encourage developers for creating richer apps and games , as well as help avoid the need for downloading additional files after the initial APK download. There are two primary purposes of setting a cap for APKs. The limit ensures: Developers write code efficiently and keep an eye on the overall size of their app Users don't have to wait too long to download an app or game from the Play Store However,  Expansion Files are still there to help developers build apps that exceed the 100MB barrier , but the aim to increase the base lim

Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham , a security researcher at Vulnerability-Lab , the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. The WinRAR RCE vulnerability lie under the ' High Severity ' block, and scores 9 on CVSS ( Common Vulnerability Scoring System ). HOW WINRAR VULNERABILITY WORKS? Let's take a look at its actions. The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the " Text to display in SFX window " section when the user is creating a new SFX file. WinRAR SFX is an executable compressed file type containing one or more file

A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS ) attacks of over 150 gigabits per second (Gbps). The distributed denial-of-service network, dubbed XOR DDoS Botnet , targets over 20 websites per day , according to an advisory published by content delivery firm Akamai Technologies. Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions. XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside. How XOR DDoS Botnet infects Linux System? Unlike other DDoS botnets , the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain ro

Earlier this month, Microsoft surprised us all with the announcement that they built a Linux kernel-based operating system, Azure Cloud Switch (ACS) , for developing software products for Network Devices. Now, Microsoft just announced that they have selected Ubuntu as the operating system for their Cloud-based Big Data services. Yes, Microsoft needs Linux. To expand its Azure Data Lake project, that makes Big Data processing and Analytics simpler and more accessible, Microsoft has partnered with Hortonworks and Canonical to launch " Azure HDInsight " for Linux users. Azure HDInsight is a Hadoop-based Big Data solution powered by Cloud that is now also available for Ubuntu, along with Windows OS. By offering both Windows and Linux clusters, Microsoft's fulfills its aim to enhance its own cross-platform aspirations that will accelerate a move towards Hybrid Cloud Computing . " The collaboration between Microsoft and Canonical to create the option to run Azur