The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Why we can't detect all security loopholes and patch them before hackers exploit them? Because... we know that humans are too slow at finding and fixing security bugs, which is why vulnerabilities like Heartbleed , POODLE and GHOST remained undetected for decades and rendered almost half of the Internet vulnerable to theft by the time patches were rolled out. Now to solve this hurdle, DARPA has come up with an idea: To build a smart Artificial Intelligence System that will automatically detect and even patch security flaws in a system. Isn't it a revolutionary idea for Internet Security? The Defense Advanced Research Projects Agency (DARPA) has selected seven teams of finalists who will face off in a historic battle, as each tries to defend themselves and find out flaws without any human control. The DARPA Cyber Grand Challenge will be held at the annual DEF CON hacking conference in Las Vegas next month. Must Read : Artificial Intelligence System that can detec

The extraordinary ' Panama Papers leak ' from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world's richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular content management systems: Drupal and WordPress. Now, we are quite sure that the Panama Papers, which implicated 72 current and former heads of state, was due to vulnerabilities in Drupal and WordPress that allowed hackers to get into the law firm's system and stole over 11.5 Million files (around 2.6 Terabytes of data). The Drupal Security Team has announced that critical patches to address several security issues in Drupal contributed modules, including several highly critical Remote Code Execution (RCE) vulnerabilities, will be released today at 16:00 UTC. According to an advisory, the critical arbitrary remote PHP code execution vulnerability ( PSA-2016-001 ) affects up to 10000 Drupal websites. However, "Drupal c

Security researchers have discovered a new campaign targeting energy companies in Western Europe with a sophisticated malware that almost goes to great lengths in order to remain undetected while targeting energy companies. Researchers from SentinelOne Labs discovered the malware, which has already infected at least one European energy company, is so sneaky and advanced that it is likely believed to be the work of a wealthy nation. The malware, dubbed ' SFG ', contains about 280 kilobytes of code, featuring a vast arsenal of tools rarely seen in ordinary malware samples. It takes " extreme measures " to cleverly and stealthily evade a large number of security defenses before it drops its payload. The malware dismantles antiviruses processes one-by-one until the malware is finally safe to uninstall them all. It also encrypts key features of its code so that it could not be discovered and analyzed. It'll not execute itself if it senses it's being run in

There's a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you've got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, you're only as secure as your weakest link. There's still one group that can inadvertently open the gates to unwanted threat actors—your own people. Security must be second nature for your first line of defense For your organization to thrive, you need capable employees. After all, they're your source for great ideas, innovation, and ingenuity. However, they're also human. And humans are fallible. Hackers understand no one is perfect, and that's precisely what they seek to exploit. This is why your people must become your first line of defense against cyber threats. But to do so, they need to learn how to defend thems

Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software. The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism. The "critical" flaw ( CVE-2016-3238 ) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers. The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights; Microsoft said in MS16-087 bulletin posted Tuesday. Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users. Microsoft said the critical flaw could

Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets. The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0. The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them. Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack. " The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user, " researchers say. Researchers say they discovered vulnerable analytics packages in at lea

You might be aware of Microsoft and Canonical's partnership to integrate " Bash on Ubuntu on Windows 10 ," which is typically a non-graphical Ubuntu running over Windows Subsystem for Linux . Windows 10 doesn't officially support graphical Linux desktop applications. But, now we have noticed a very interesting ticket titled "Run Any Desktop Environment in WSL" raised at Github  repository, in which a user who goes by name Guerra24 has managed to run the graphical version of Ubuntu Linux, i.e. Ubuntu Unity on Windows 10. It's not " Microsoft Linux ." BASH or Bourne Again Shell is capable of handling advanced command line functionalities. Microsoft has provided support for Bash on Windows 10 as an expansion of its command-line tool family, so don't get confused. The Bash on Windows 10 feature is designed only for developers who want to run Linux terminal utilities without any OS dependencies. However, this feature downloads and installs

Nintendo's new location-based augmented reality game Pokémon GO has been making rounds since its launch just a few days ago. People are so excited to catch 'em all that brought Nintendo's market-value gains to $7.5 Billion (£5.8 Billion) in just two days – the highest surge since 1983. Due to the huge interest surrounding Pokémon GO, even hackers are using the game's popularity to distribute malicious versions of Pokémon GO that could install DroidJack malware on Android phones, allowing them to compromise user's devices completely. However, the latest threat is related to the privacy concerns raised about the iOS version of the official Pokémon GO app. Pokémon GO – A Huge Security Risk Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad. Ye

" Pokémon Go " has become the hottest iPhone and Android game to hit the market in forever with enormous popularity and massive social impact. The app has taken the world by storm since its launch this week. Nintendo's new location-based augmented reality game allows players to catch Pokémon in the real life using their device's camera and is currently only officially available in the United States, New Zealand, UK and Australia. On an average, users are spending twice the amount of time engaged with the new Pokémon Go app than on apps like Snapchat. In fact Pokémon Go is experiencing massive server overload in just few days of launch. Due to the huge interest surrounding Pokémon Go, many gaming and tutorial websites have offered tutorials recommending users to download the APK from a non-Google Play link. In order to download the APK, users are required to " side-load " the malicious app by modifying their Android core security settings, allowing

Twitter account of another high profile has been hacked! This time, it's Twitter CEO Jack Dorsey. OurMine claimed responsibility for the hack, which was spotted after the group managed to post some benign video clips. The team also tweeted at 2:50 AM ET today saying " Hey, its OurMine,we are testing your security, " with a link to their website that promotes and sells its own "services" for which it has already made $16,500. Although the tweets posted by the group did not contain any harmful content, both the tweet and linked to a short Vine video clip have immediately been removed. Ourmine is the same group of hackers from Saudi Arabia that previously compromised some social media accounts of other CEOs including: Google's CEO Sundar Pichai Facebook's CEO Mark Zuckerberg Twitter's ex-CEO Dick Costolo Facebook-owned virtual reality company Oculus CEO Brendan Iribe Since all tweets posted to Dorsey's account came through Vine,

Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a " dark day for Russia ." The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested. The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years. Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government. "Putin