The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

If you use iCloud to sync your Apple devices, your private data may be at risk of getting exposed or deleted by April 7th. It has been found that a mischievous group of hackers claiming to have access to over 300 million iCloud accounts is threatening Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in crypto-currency or $100,000 worth of iTunes gift cards. The hacking group, who identified themselves as 'Turkish Crime Family,' has demanded a ransom to be paid in Bitcoin or Ethereum, another popular crypto-currency. Motherboard broke this story on Tuesday after a hacker claiming to represent the alleged hacking group shared screenshots of alleged emails between the group and Apple's security team with the publication. "I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," the hacker told Motherboard. The screenshots o

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent , the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What's worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called " Application Verifier ," which cannot be patched. Application Verifier is a runtime verification tool that loads DLLs (dynamic link library) into processes for testing purpose, allowing developers quickly detect and fix programming errors in their applications. Unpatchable Microsoft Application Verifier Exploit The vulnerability resides in how this Application Verifier tool handles DLLs. According to the researchers, as part of the process, DLLs are bound to the target processes in a Windows Regist

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Are you curiously googling or searching torrents for photos or videos of Emma Watson, Amanda Seyfried, Rose McGowan, or any other celebrities leaked in The Fappenning 2.0 ? If yes, then beware, you should not click any link promising Fappenning celebrity photos . Cybercriminals often take advantage of news headlines in order to trap victims and trick them into following links that may lead to websites containing malware or survey scams. Last week, a few private photos of Emma Watson and Amanda Seyfried — ranging from regular selfies to explicitly sexual photos — were circulating on the Internet forums, including Reddit and 4chan, with UK's TV presenter Holly Willoughby and US actor Rose McGowan among the latest alleged victims. Now, according to the security researchers from MalwareBytes, scammers are exploiting this new batch of leaked celebrity photos and videos by using their stolen selfies to lure victims on social media sites and making dollars. Also Read: Hacke

You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users' session, including domain admin/system user, without knowing their passwords? Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack the session of any logged-in Windows user who has higher privileges without knowing that user's password, using built-in command line tools. This trick works on almost all versions of Windows operating system and does not require any special privileges. Korznikov is himself unable to figure out if it is a Windows feature or a security flaw. The issue discovered by Korznikov is not entirely new, as a French security researcher, namely Benjamin Delpy, detailed a similar user session hijacking technique on his blog some six years ago. Korznikov calls the attack a "privilege

You might have heard the latest news about Microsoft blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others. Don't panic, this new policy doesn't mean that all Windows 7 and 8.1 users will not be able to receive latest updates in general because Microsoft has promised to support Windows 7 until 2020 , and Windows 8.1 until 2023. But those who have upgraded their machines running older versions of Windows to the latest processors, or manually downgraded their new laptops to run Windows 7/8.1 would be out of luck. A recently published Microsoft Knowledge Base article suggests that if you are running the older version of operating systems on your computers that feature new processors, including Intel's 7th generation Core i3, i5 and i7 ("Kaby Lake"), AMD Ryzen ("Bristol Ridge") and Qualcomm 8996 chips or later, the security updates will not install. Inste