#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Mac OS X Zero-Day Exploit Can Bypass Apple's Latest Protection Feature

Mac OS X Zero-Day Exploit Can Bypass Apple's Latest Protection Feature

Mar 25, 2016
A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company's newest protection feature and steal sensitive data from affected devices. With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection ( SIP ). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac. The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation. However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions
Microsoft's Artificial Intelligence Tay Became a 'Racist Nazi' in less than 24 Hours

Microsoft's Artificial Intelligence Tay Became a 'Racist Nazi' in less than 24 Hours

Mar 24, 2016
Tay, Microsoft's new Artificial Intelligence (AI) chatbot on Twitter had to be pulled down a day after it launched, following incredibly racist comments and tweets praising Hitler and bashing feminists. Microsoft had launched the Millennial-inspired artificial intelligence chatbot on Wednesday, claiming that it will become smarter the more people talk to it. The real-world aim of Tay is to allow researchers to "experiment" with conversational understanding, as well as learn how people talk to each other and get progressively "smarter." "The AI chatbot Tay is a machine learning project, designed for human engagement," a Microsoft spokesperson said. "It is as much a social and cultural experiment, as it is technical. Unfortunately, within the first 24 hours of coming online, we became aware of a coordinated effort by some users to abuse Tay's commenting skills to have Tay respond in inappropriate ways. As a result, we have taken Tay offline and are
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
What is SMTP STS? How It improves Email Security for StartTLS?

What is SMTP STS? How It improves Email Security for StartTLS?

Mar 24, 2016
Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone

Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone

Mar 23, 2016
Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters' iPhone: The Israeli mobile forensics firm Cellebrite . Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday. The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x " in a forensically sound manner and without any hardware intervention or risk of device wipe. " If Cellebrite succeeds in unlocking Farook's iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write
Warning! Think Twice Before Using USB Drives

Warning! Think Twice Before Using USB Drives

Mar 23, 2016
Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems. Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm. The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer. USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň. The 'USB Thief' Trojan Malware The USB Thief Trojan malware is stored either as a portable application's plugin source or as a Dynamically Linked Library (DLL) used by the portable application. Since USB devices often store popular applications like Firefox, Notepad++ or TrueCrypt portab
Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows

Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows

Mar 23, 2016
Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday. So, Save the Date if you are a Windows or Samba file server administrator. Samba is a free, open source implementation of the SMB/CIFS network file sharing protocol that runs on the majority of operating systems available today, including Windows, UNIX, Linux, IBM System 390, and OpenVMS. Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to communicate with the same networking protocol as the Windows products, thus enabling users to access network shared folders and files from Windows OS. Dubbed Badlock , the vulnerability has been discovered by Stefan Metzmacher, a developer of Samba Core Team. Details about the Badlock vulnerability will be disclosed on April 12, when the developers of Microsoft and Samba release security p
FBI Most Wanted — Three 'Syrian Electronic Army' Hackers Charged for Cyber Crime

FBI Most Wanted — Three 'Syrian Electronic Army' Hackers Charged for Cyber Crime

Mar 23, 2016
Syrian Electronic Army (SEA) Hackers have made their place on the FBI's Most Wanted List. The US Department of Justice and the Federal Bureau of Investigation (FBI) are willing to pay $100,000 reward for any information that leads to the arrest of the heads of the infamous hacking group Syrian Electronic Army. On Tuesday, the DoJ unsealed charges against three suspected members of the alleged group: Ahmad Umar Agha (aka The Pro), 22 Firas Dardar (aka The Shadow), 27 Peter Romar , 36 Agha and Dardar were allegedly involved in hacking Associated Press Twitter account in April 2013 and spreading a false rumor claiming that the White House had been bombed, injuring President Obama. This caused a temporary stock market dip. The two hackers allegedly engaged in a long-running cyber-propaganda campaign in support of the Syrian President Bashar al‑Assad. They hacked into various Twitter accounts of the main news organizations from 2011 to 2013. Their victims
FBI may have found a New Way to Unlock Shooter's iPhone without Apple

FBI may have found a New Way to Unlock Shooter's iPhone without Apple

Mar 22, 2016
There's more coming to the high-profile Apple vs. FBI case. The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C  that belonged to San Bernardino shooter, Syed Rizwan Farook. If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple. In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple, meanwhile, is evident on its part , saying that the FBI wants the company to effectively create the " software equivalent of cancer " that would likely open up all iPhones to malicious hackers. FBI to Apple: We'll Unlock iPhone by Our Own Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all. In a court filing [ PDF ] submitted on Mo
Who Viewed Your Profile on Instagram? Obviously, Hackers!

Who Viewed Your Profile on Instagram? Obviously, Hackers!

Mar 22, 2016
Are you curious about who viewed your profile on Instagram? This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile. But, should we believe them? Is there really some kind of way out to know who viewed your Instagram profile? The shortest answer to all these questions is ' NO ', such functionality does not exist on Instagram at the moment. But, thousands of users still have hope and hackers are taking advantage of this to target a broad audience. Recently, security researchers have discovered some malicious applications on Android Google Play Store as well as iOS App Store, which are entirely a hoax, targeting Instagram users. The iOS app is named " InstaCare - Who cares with me? " and is one of the top apps in Germany, while the Android app is dubbed "
Security Researcher Goes Missing, Who Investigated Bangladesh Bank Hack

Security Researcher Goes Missing, Who Investigated Bangladesh Bank Hack

Mar 19, 2016
Tanvir Hassan Zoha , a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft , has gone missing since Wednesday night, just days after accusing Bangladesh's central bank officials of negligence. Zoha was investigating a recent cyber attack on Bangladesh's central bank that let hackers stole $81 Million from the banks' Federal Reserve bank account. Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist. During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank's computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers. With the help of those credentials, the unknown hackers transferred large sums from Bangladesh's United States account to fraudulent accounts based in the Philippines and Sri Lanka. However, at the same time, Zoha accused senior offic
Bored With Chess? Here's How To Play Basketball in Facebook Messenger

Bored With Chess? Here's How To Play Basketball in Facebook Messenger

Mar 19, 2016
Hope all of you have enjoyed the Game of Chess in the Facebook Messenger. But if you're quite bored playing Chess or not really good at the game, then you probably felt a bit excited about Facebook's recent inclusion of a little Basketball mini-game into Messenger. Now you can play Basketball through Facebook Messenger, just by typing in the Basketball emoji and sending to one of your friends. This would enable a secret Basketball mini-game between you and your friend. Here's How to Play Basketball: Just locate the basketball emoji from your emoji list, send to one of your friends and click it to start the game. Once sent, you would be taken to the Basketball court in a pure white background, where there is no sidebars of any friend suggestions or any promotional ads; only appears a basketball and a hoop, nothing else! All you have to do: Just Swipe up and Toss the basketball into the hoop. A single swipe on your phone in the directio
Apple Engineers say they may Quit if ordered to Unlock iPhone by FBI

Apple Engineers say they may Quit if ordered to Unlock iPhone by FBI

Mar 19, 2016
Apple Vs. FBI battle over mobile encryption case is taking more twists and turns with every day pass by. On one hand, the US Department of Justice (DOJ) is boldly warning Apple that it might compel the company to hand over the source code of its full iOS operating system along with the private electronic signature needed to run a modified iOS version on an iPhone, if… …Apple does not help the Federal Bureau of Investigation (FBI) unlock iPhone 5C belonging to one of the San Bernardino terrorists. And on the other hand, Apple CEO Tim Cook is evident on his part, saying that the FBI wants the company to effectively create the " software equivalent of cancer " that would likely open up all iPhones to malicious hackers. Now, some Apple engineers who actually develop the iPhone encryption technology could refuse to help the law enforcement break security measures on iPhone, even if Apple as a company decides to cooperate with the FBI. Must Read:   FBI Di
Cybersecurity Resources