The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself " The Shadow Brokers ." Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. A hacking exploit, dubbed ExtraBacon , leveraged a zero-day vulnerability (CVE-2016-6366) resided in the Simple Network Management Protocol (SNMP) code of Cisco ASA software that could allow remote attackers to cause a reload of the affected system or execute malicious code. Now Cisco has found another zero-day exploit , dubbed "Benigncertain," which targets PIX firewalls. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products. But,

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

British citizen and alleged hacker Lauri Love will be extradited to the United States to face allegations of hacking into United States government computer systems, a UK judge ruled on Friday. Love, 31, is currently facing up to 99 years in prison for allegedly hacking into the FBI, the US Army, the US Missile Defence Agency, the National Aeronautics and Space Administration (NASA), and New York's Federal Reserve Bank during 2012 and 2013. US Prosecutors claim that Love was allegedly involved in #OpLastResort , an online protest linked with the Anonymous collective following the persecution and untimely death of activist Aaron Swartz, who committed suicide in 2013 while under federal charges for data theft. Speaking at Westminster Magistrates' Court in London, District Judge Nina Tempia said : "I'll be extraditing Mr. Love, by which I mean I'll be passing the case to the Secretary of State." Tempia said Love could appeal against the court decisi

Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100. Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million . Cheap Method to Unlock iPhone 5C Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C. Dubbed NAND Mirroring , the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March,

Two Researchers have discovered a couple of vulnerabilities in Signal , the popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden. One of those vulnerabilities could allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while another bug could allow hackers to remotely crash vulnerable devices. The vulnerabilities have just been patched, but the updated version of Signal is yet available on the Github open source repository, and not on the Google's official Play Store for Android apps, leaving millions of privacy conscious people vulnerable to attacks. That means, if you have installed Signal messaging app via Google Play Store, like other millions of Android users, you are still vulnerable to hackers. Developed by open source software group Open Whisper System, Signal is a free and open source messaging application specifically designed for Android and iOS users to make secure and e