The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft is once again facing embarrassment for not patching a vulnerability on time. Yes, Google's Project Zero team has once again publicly disclosed a vulnerability  ( with POC exploit ) affecting Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched. A few months back, the search engine giant disclosed a critical Windows vulnerability to the public just ten days after revealing the flaw to Microsoft. However, this time Google revealed the vulnerability in Windows to the public after Microsoft failed to patch it within the 90-day window given by the company. Google's Project Zero member Mateusz Jurczyk responsibly reported a vulnerability in Windows' Graphics Device Interface (GDI) library to Microsoft Security Team on the 9th of June last year. The vulnerability affects any program that uses this library, and if exploited, could potentially allow hackers to steal informatio

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data. A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware. Dubbed ViperRAT , the malware has specifically been designed to hijack Israeli soldiers' Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices. Modus Operandi Identified According to the security firms, IDF personnel had been compromised by social engineering techniques — where the soldiers were lured via Facebook Messenger and other social networks into entering communications with hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The soldiers were th

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone's neck, targeting businesses, hospitals , financial institutions and personal computers worldwide and extorting millions of dollars. Ransomware is a type of malware that infects computers and encrypts their content with strong encryption algorithms, and then demands a ransom to decrypt that data. It turned out to be a noxious game of Hackers to get paid effortlessly . Initially, ransomware used to target regular internet users, but in past few months, we have already seen the threat targeting enterprises, educational facilities , and hospitals, hotels , and other businesses. And now, the threat has gone Worse! This PoC Ransomware Could Poison Water Supply! Researchers at the Georgia Institute of Technology (GIT) have demonstrated the capability of ransomware to take down the critical infrastructure our cities need to operate, causing havoc among people.

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the Address Space Layout Randomization (ASLR) protection. ASLR is a crucial security defense deployed by all modern operating systems from Windows and Linux to macOS, Android, and the BSDs. In general, ASLR is a memory protection mechanism which randomizes the location where programs run in a device's memory. This, in turn, makes it difficult for attackers to execute malicious payloads in specific spots in memory when exploiting buffer overflows or similar bugs. In short, for attackers, it's like an attempt to burglarize a house blindfolded. But now a group of researchers, known as VUSe

Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack. Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts . Well, it's happened yet again. Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords. The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts. The warning message sent Wednesday to some Yahoo users read: "Based on the ongoing i