The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

It's True  —  There is no such backdoor that only its creator can access. Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI ( Unified Extensible Firmware Interface ) Secure Boot feature. What's even worse? It will be impossible for Microsoft to undo its leak. Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your system bootloader, as well as, Secure Boot restricts you from running any non-Microsoft operating system on your device. In other words, when Secure Boot is enabled, you will only be able to boot Microsoft approved ( cryptographically signature checking ) operating systems. However, the Golden Keys disclosed by two security researchers, using alias MY123 and Slipstream , can be used to install non-Windows operating systems, say GNU/Linux or Android, on the devices protected by Secure Boot. Moreover, according to the blog pos

In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 34 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102 , patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by getting you to view specially-crafted PDF content in your web browser. Users of Microsoft Edge on Windows 10 systems are at a significant risk for remote code execution (RCE) attacks through a malicious PDF file. Web Page with PDF Can Hack Your Windows Computer Since Edge automatically renders PDF content when the browser is set as a default browser, this vulnerability only affects Windows 10 users with Microsoft Edge set as the default browser, as the exploit would execute by simply by viewing a PDF online. Web browsers for all other affected operating systems do not automatically

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Two computer hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding and reporting multiple security vulnerabilities in the Airline's website. Olivier Beg, a 19-year-old security researcher from the Netherlands, has earned 1 Million air miles from United Airlines for finding around 20 security vulnerabilities in the software systems of the airline. Last year, Chicago-based 'United Airlines' launched a bug bounty program to invite security researchers and bug hunters for finding and reporting security holes in its websites, software, apps and web portals. Under its bounty program, United Airlines offers a top reward of 1 Million flyer miles for reporting Remote Code Execution (RCE) flaws; 250,000 miles for medium-severity vulnerabilities, and 50,000 flyer miles for low-severity bugs. According to Netherlands Broadcasting Foundation , the 19-year-old reported 20 security issues to United Airlines and the most severe fla

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev

The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These us

Internet of Things (IoT) is the latest buzz in the world of technology, but they are much easier to hack than you think. Until now we have heard many scary stories of hacking IoT devices , but how realistic is the threat? Just think of a scenario where you enter in your house, and it's sweltering, but when you head on to check the temperature of your thermostat, you find out that it has been locked to 99 degrees. And guess what? Your room thermostat is demanding $300 in Bitcoins to regain its control. Congratulations, Your Thermostat has been Hacked! This is not just a hypothetical scenario; this is exactly what Ken Munro and Andrew Tierney of UK-based security firm Pen Test Partners have demonstrated at the DEFCON 24 security conference in Las Vegas last Saturday. Two white hat hackers recently showed off the first proof-of-concept (PoC) ransomware that infects a smart thermostat. Ransomware is an infamous piece of malware that has been known for locking up comput

After the failure of Facebook's Free Basics -- an initiative to provide free Internet access -- in India due to the violation of Net Neutrality principles, Facebook has reintroduced its plan to provide Internet access in rural India, but this time: The social networking giant is planning to launch a commercial WiFi service in India. Facebook is testing a WiFi service in rural India, allowing people with no internet connection to buy affordable data packages from their local internet service providers (ISPs) in order to access the Internet via local hotspots. Dubbed Express Wi-Fi , the program is in sync with Mark Zuckerberg's Internet.org -- the platform Facebook used for its Free Basics to bring the Internet to all. India banned Free Basics in the country on net neutrality grounds. Net Neutrality advocates argued that by offering some websites and services for free, people are discouraged from visiting other sites. Now, Facebook has partnered with state-owned

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed " Quadrooter ," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones. That's a very big number. The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas. Critical Quadrooter Vulnerabilities: The four security vulnerabilities are: CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July

On this day 25 years ago, August 6, 1991, the world's first website went live to the public from a lab in the Swiss Alps. So Happy 25th Birthday, WWW! It's the Silver Jubilee of the world's first website. The site was created by Sir Tim Berners-Lee , the father of the World Wide Web (WWW), and was dedicated to information on the World Wide Web project. The world's first website, which ran on a NeXT computer at the European Organization for Nuclear Research (CERN), can still be visited today, more than two decades after its creation. The first website address is https://info.cern.ch/hypertext/WWW/TheProject.html . "The WorldWideWeb (W3) is a wide-area hypermedia information retrieval initiative aiming to give universal access to a large universe of documents," the world's first public website reads, going on to explain how others can also create their own web pages. "The project started with the philosophy that much academic information sh

Pokémon GO has become the world's most popular mobile game since its launch in July, but not everyone loves it. Pokémon GO has officially been banned in Iran. The Iranian High Council of Virtual Spaces – the country's official body that oversees online activity – has prohibited the use of the Pokémon GO app within the country due to unspecified " security concerns, " BBC reports . The Iranian council did not detail why the country has actually banned its citizen from playing the wildly popular game. Although many countries, including Russia and China, have expressed security concerns over the smash hit augmented reality game, Iran has become the first country to introduce an official ban of Pokémon GO. Since its launch, Pokémon GO has officially been released in more than 35 countries so far with over 100 Million downloads and continues to make an estimated $10 Million in daily revenue. Despite strict Internet restrictions in Iran, Pokémon fans have still