The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of your different online accounts, making it much easier for you to use unique passwords for different sites. However, the password manager isn't as secure as it promises. Also Read:  Popular Password Managers Are Not As Secure As You Think Google Project Zero Hacker Tavis Ormandy discovered several security issues in the software that allowed him to steal passwords stored with LastPass. " Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap ," Ormandy revealed on Twitter . Once compromise a v

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past. Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection. For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account. But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns. Here's what the relevant paragraph of the latest DAG draft reads: "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not wi

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type. Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks. The latest findings by the same security firm are even worse. Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it. Dubbed KeySniffer , the hack is death for millions of wireless, radio-based keyboards. The Cause: Lack of Encryption and Security Updates The KeySniffer vulnerability affects wireless keyboards from eight different hardware manufacturers that use cheap transceiver chips ( non-Bluetooth chips ) – a less secure, radio-based communication protocol. T

Researchers have discovered over 100 malicious nodes on the Tor anonymity network that are "misbehaving" and potentially spying on Dark Web sites that use Tor to mask the identities of their operators. Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. The nodes, also known as the Tor hidden services directories ( HSDirs ) are servers that act as introductory points and are configured to receive traffic and direct users to hidden services (" .onion " addresses). In other words, the hidden services directory or HSDir is a crucial element needed to mask the true IP address of users on the Tor Network. But, here's the issue: HSDir can be set up by anyone. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and

On Friday, just three days prior to the start of the party's national convention, WikiLeaks released almost 20,000 e-mails with more than 8,000 stolen from the US Democratic National Committee (DNC) following a cyber attack in June. Two days later, on Sunday, DNC Chairwoman Debbie Wasserman Schultz announced her resignation and now had no major role on the party's convention stage. Many of the leaked emails indicted that the top DNC officials were actively working against the campaign of Sen. Bernie Sanders and strongly favoring Hillary Clinton over Sanders during the primaries, when they were supposed to be neutral. The controversy ruined the start of the DNC's national convention in Philadelphia and forced the Wasserman Schultz to resign. The leak, from January 2015 to May 2016, is believed to be an attempt by the Russian government to influence the presidential election, some U.S. lawmakers and cybersecurity experts say. The leak features DNC staffers debat