The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Carbanak – One of the most successful cybercriminal gangs ever that's known for the theft of one billion dollars from over 100 banks across 30 countries back in 2015 – is back with a BANG! The Carbanak cyber gang has been found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of unsuspecting malware victims. Forcepoint Security Labs researchers said Tuesday that while investigating an active exploit sent in phishing messages as an RTF attachment, they discovered that the Carbanak group has been hiding in plain site by using Google services for command and control. "The Carbanak actors continue to look for stealth techniques to evade detection," Forcepoint's senior security researcher Nicholas Griffin said in a blog post . "Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation." Th

A newly discovered bug in Apple's iOS mobile operating system is being exploited in a prank that lets anyone crash your iPhone or iPad by just sending an emoji-filled iMessage, according to several reports. YouTube star EverythingApplePro published a video highlighting a sequence of characters that temporarily freeze and restart an iPhone, which people can send to their iPhone buddies to trouble them. You can watch the video demonstration below. Here's the first troublesome text: A white Flag emoji, the digit "0" and a Rainbow emoji. This simple numeric character, flag, and rainbow emojis confuse iOS 10 devices when it tries to combine them into a rainbow flag. As soon as this text is received, the iPhone's software attempts to combine the emojis but fails, and the messaging app crashes and eventually reboots in a few minutes. The recipients do not even have to open or read the message. Video Demonstration Another iPhone-crashing method involves

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Security researchers have discovered a rare piece of Mac-based espionage malware that relies on outdated coding practices but has been used in some previous real-world attacks to spy on biomedical research center computers. Dubbed Fruitfly , the malware has remained undetected for years on macOS systems despite using unsophisticated and "antiquated code." Infosec firm Malwarebytes discovered Fruitfly, detected as 'OSX.Backdoor.Quimitchin,' after one of its IT administrators spotted some unusual outgoing activity from a particular Mac computer. According to the researchers, the recently discovered what they're calling "the first Mac malware of 2017" contains code that dates before OS X, which has reportedly been conducting detailed surveillance operation on targeted networks, possibly for over two years. Fruitfly uses a hidden pearl script to communicate back to two command-and-control (C&C) servers and has the ability to perform actions l

It's not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy. But what's worrisome is that these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these Internet of Things (IoTs) devices. The most recent victim of this issue is the Samsung's range of SmartCam home security cameras. Yes, it's hell easy to hijack the popular Samsung SmartCam security cameras, as they contain a critical remote code execution (RCE) vulnerability that could let hackers gain root access and take full control of these devices. SmartCam is one of the Samsung's SmartThings range of devices, which allows its users to connect, manage, monitor and control "smart" devices in their home using their smartphones or tablets. Back in 2014, the hacking group Exploiteer

If you want to get the most out of your computer, you need to get the most out of your hard drive, where all your data is stored. Today hard drives are larger than ever, so it makes sense for you to partition your hard disk to effectively use all of its space and manage all your important information. Partitioning is also useful if you intend to install and use more than one operating system on the same computer. There is a vast business of partition manager software out there, and today we are reviewing one of the most popular partition management tools available in the market: EaseUS Partition Master Professional . EaseUS Partition Master Professional offers you the complete package with capabilities for organizing and resizing your drive, restoring and backing up your information, improving system performance, installing and managing several operating systems on the same computer, along with recovering and cloning data files. Let's dig deep into the capabilities pro

It's 2017, and we're not any further along with Wi-Fi security than we were 10 years ago. There are Intrusion Detection Systems and 2nd generation antivirus apps to protect us from some vulnerabilities but the simple fact that some people and businesses still don't set their network up well in the first place. Installing WiFi is like running Ethernet to your parking lot. It's a cliche thing to say, but it is often true. If I can attack your network sitting in my car from the parking lot, what chance do you have? And 99% of the time I'm successful. Lots of companies are moving to new offices that have wide open office layouts. Some may not have BYOD policies or wireless security plans in place, and anyone can bring their own device to work that you may not know about. I've even seen some companies installing IoT devices like smart led light bulbs and thermostats. Even some security camera systems which are always running unsecured and default passwords. So what can you