The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A security researcher responsibly disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday. Security researcher David Michael Levin, 31, of Estero, Florida was charged with three counts of gaining unauthorized access to a computer, network, or electronic instrument. On 19 December last year, Levin tested the security of Lee County website and found a critical SQL injection vulnerability in it, which allowed him to access site's database, including username and password. Levin was reportedly using a free SQL testing software called Havij for testing SQL vulnerabilities on the state elections website. According to Levin, he responsibly reported vulnerabilities to the respective authorities and helped them to patch all loopholes in the elections website. Video Demonstration of the Elections Website Hack Meanwhile, Levin demonstrates his finding via

In Brief The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible. The Smartphone patch update mechanism is broken, and someone has to fix it. Most smartphone models are not receiving available security patches, and the risk of vulnerabilities , malware infections , and data loss are leaving consumers vulnerable to attacks and putting businesses and corporate networks at risk. The United States federal regulators want to know how and when mobile phone manufacturers and cell phone carriers release security updates to assure its users' security, amid mounting concerns over security vulnerabilities. The Federal Communications Commission (FCC) in partnership with the Federal Trade Commission (FTC) have launched its own, parallel inquiry into mobile devic

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

If you wish to send iMessages from your Android smartphone to a friend who owns an iPhone, it's possible now, at least for those who own MacBooks and iMacs. A developer has come up with a smart solution to bring Apple's iPhone messaging platform to Android phones. Though the solution is not practical for most people, technical people and nerds can use it to send end-to-end encrypted iMessages. The solution is a smart hack, but the best part is: PieMessage totally works . Developed by Eric Chee, PieMessage needs an OS X client as a server to route messages to an Android device, enabling iMessage support on Android devices. So, it's the Mac that handles the entire workload. "Basically, what the Android client does is send the text to a MacBook," Chee said. "And uses the Mac's Messages app to send off the notification. When the Mac detects an incoming message, it will pass it back to the Android. So yes, there is both software you need to run on

Google has patched a high-severity vulnerability that has been around for the last five years, potentially leaving users' text messages, call histories, and other sensitive data open to snooping. The vulnerability, CVE-2016-2060, affects Android versions 4.3 and earlier that use the software package maintained by mobile chipmaker Qualcomm, according to a blog post published by security firm FireEye . The issue was first introduced in 2011 when Qualcomm released a set of new APIs (Application Programming Interfaces) for a network manager system service to the Android Open Source Project (AOSP) and later the "netd" daemon. Qualcomm modified the netd daemon for providing additional networking capabilities to your smartphone, including additional tethering capabilities, among other things. But unfortunately, the modification introduced a critical bug to the Android operating system that could allow low-privileged apps to gain access to your private data that is sup

" Talent has no Age Limit " That's what I said for a 10-year-old Finnish boy on our official Facebook page while sharing his recent achievement with our readers i.e. Winning $10,000 bug bounty from Instagram . Last Tuesday when we at The Hacker News first acknowledged this talented boy and the flaw he discovered in image-sharing social network Instagram, I did not have an idea that the Facebook post would get an enormous response from our followers, encouraging me to introduce Jani to our website readers too. Those who aren't aware, Jani from Helsinki recently reported an Instagram bug to Facebook that allowed him to delete other Instagram users' comments just by entering a malicious code into the app's comment field. " I would have been able to eliminate anyone's comment from Instagram, even Justin Bieber, " Jani told a local newspaper. Jani responsibly disclosed the vulnerability details to Facebook, who owns Instagram, in February and