The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars . Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). A security expert has discovered vulnerabilities in the Mitsubishi Outlander's Wi-Fi console that could allow hackers to access the vehicle remotely and turn off car alarms before potentially stealing it. The company has embedded the WiFi module inside the car so that its users can connect with their Mitsubishi mobile app to this WiFi and send commands to the car. Researchers from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander uses a weak WiFi access security key to communicates with the driver's phone. The key to getting into the Wi-Fi can be cracked through a brute force attack (" on a 4 x GPU c

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The man who runs the biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts. Yes, I'm talking about Facebook CEO Mark Zuckerberg , who had his Twitter and Pinterest accounts compromised on Sunday. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack and guess how the group did it? Thanks to the LinkedIn data breach ! The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts. Also Read: Hacker Removed Zuckerberg's Facebook Cover Photo The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter ( @finkd ) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offens

Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed " IRONGATE ," affects Siemens industrial control systems. The malware only works in a simulated environment and is probably just a proof-of-concept that is likely not used in wild; therefore is not yet advanced enough to impact real-world systems . The Irongate malware "is not viable against operational Siemens control systems," the cybersecurity firm said in its blog post , and the malware "does not exploit any vulnerabilities in Siemens products." The researchers found this malware fascinating due to its mode of operation that included some Stuxnet-like behavior. The Stuxnet sab

Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns