The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

No software is immune to being Hacked! Not even Linux. A security researcher has discovered a critical vulnerability in Ubuntu Linux operating system that would allow an attacker to remotely compromise a target computer using a malicious file. The vulnerability affects all default Ubuntu Linux installations versions 12.10 (Quantal) and later. Researcher Donncha O'Cearbhaill discovered the security bug which actually resides in the Apport crash reporting tool on Ubuntu. A successful exploit of this CrashDB code injection issue could allow an attacker to remotely execute arbitrary code on victim's machine. All an attacker needs is to trick the Ubuntu user into opening a maliciously booby-trapped crash file. This would inject malicious code in Ubuntu OS's crash file handler, which when parsed, executes arbitrary Python code. "The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary," O'Cearbhaill explain

Macintosh computers are often considered to be safer than those running Windows operating system, but a recently discovered attack technique proves it all wrong. All an attacker needs is a $300 device to seize full control of your Mac or MacBook. Swedish hacker and penetration tester Ulf Frisk has developed a new device that can steal the password from virtually any Mac laptop while it is sleeping or even locked in just 30 seconds, allowing hackers to unlock any Mac computer and even decrypt the files on its hard drive. So, next time when you leave your Apple's laptop unattended, be sure to shut it down completely rather than just putting the system in sleep mode or locked. Here's How an Attacker can steal your Mac FileVault2 Password The researcher devised this technique by exploiting two designing flaws he discovered last July in Apple's FileVault2 full-disk encryption software. The first issue is that the Mac system does not protect itself against Direc

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

One of the FBI's most wanted hackers who was behind the largest theft of financial data has finally been arrested at the JFK airport in New York. Joshua Samuel Aaron is accused of being part of a hacking group that attacked several major financial institutions, including JPMorgan Chase , and according to the officials, which was "the largest theft of user data from a U.S. financial institution in history." Aaron was believed to have been living as a fugitive in Moscow, Russia after being charged with hacking crimes in 2015, which exposed the personal information of more than 100 Million people. On June 2015, a federal arrest warrant was issued for Aaron by the United States District Court, and the FBI and US secret service agents arrested him upon his arrival at the JFK airport in NY, announced the US Department of Justice. "Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of person

Remember The Shadow Brokers? The hacker group that's believed to be behind the high-profile cyber theft of NSA hacking tools and exploits that sparked a larger debate on the Internet concerning abilities of US intelligence agencies and their own security The group put the stolen cyber weapons on auction but received not much response and gone quiet for some time. However, The Shadow Brokers has now appeared to have put up the NSA's hacking tools and exploits for direct sale on an underground website. A newly uncovered site reportedly contains a file signed with the cryptographic key of The Shadow Brokers, suggesting the hacker group has now moved to sell NSA hacking tools directly to buyers one by one, Motherboard reports . On Wednesday, someone going by pseudonym Boceffus Cleetus published a post on Medium, saying that the Shadow Brokers hackers are now selling "NSA tools individually." "The site also lets visitors download a selection of scree

Ashley Madison, an American most prominent dating website that helps married people cheat on their spouses has been hacked, has agreed to pay a hefty fine of $1.6 Million for failing to protect account information of 36 Million users , after a massive data breach last year. Yes, the parent company of Ashley Madison , Ruby Corp. will pay $1.6 Million to settle charges from both Federal Trade Commission (FTC) and 13 states alleging that it misled its consumers about its privacy practices and did not do enough to protect their information. Not only the company failed to protect the account information of its 36 Million users, but also it failed to delete account information after regretful users paid a $20 fee for "Full Delete" of their accounts. Moreover, the Ashley Madison site operators were accused of creating fake accounts of "female" users in an effort to attract new members. Avid Life Media denied the claim at the time, but a year later when the com