The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This popular image-processing library made headline last year with the discovery of the then-zero-day vulnerability, dubbed ImageTragick , which allowed hackers to execute malicious code on a Web server by uploading a maliciously-crafted image. Now, just last week, security researcher Chris Evans demonstrated an 18-byte exploit to the public that could be used to cause Yahoo servers to leak other users' private Yahoo! Mail image attachments. 'Yahoobleed' Bug Leaks Images From Server Memory The exploit abuses a security vulnerability in the ImageMagick library, which Evans dubbed

A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools , it exploits all the seven. Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two tools: EternalBlue and DoublePulsar. Now, Miroslav Stampar, a security researcher who created famous 'sqlmap' tool and now a member of the Croatian Government CERT, has discovered a new network worm, dubbed EternalRocks , which is more dangerous than WannaCry and has no kill-switch in it. Unlike WannaCry, EternalRocks seems to be designed to function secretly in order to ensure that it remains undetectable on the affected system. However, Stampar learned of EternalRocks after it infected his SMB honeypot . The NSA exploits used by EternalRocks, which Stampar called " Do

The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining access to their backend sys

Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in upcoming days. The Netgear's alleged router analytics data collects information regarding: Total number of devices connected to the router IP address MAC addresses Serial number Router's running status Types of connections LAN/WAN status Wi-Fi bands and channels Technical details about the use and functioning of the router and the WiFi network. The company said it is collecting the data for routine diagnostic to know how its products are used and how its routers behave. "Technical data about the functioning and use of our routers and their WiFi network

In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect . Google Play Protect , which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious apps, which have always been albatross around the tech giant's neck. Since Google Play Protect actually comes with the Google Play Store, users do not need to install or activate this security feature separately. Google Play Protect for Android devices consists: App scanning Anti-Theft Measures Browser Protection Play Protect's App Scanning Feature Google Play Protect is an always-on service on devices which said to scan 50 billion apps each day across a billion Android devices to ensure they are safe. Google already has a number of security measures in place to help keep your smartphones safe, including Verify Apps and its Bouncer service, but once apps are uploa

Since the Shadow Brokers released the zero-day software vulnerabilities and hacking tools – allegedly belonged to the NSA's elite hacking team Equation Group – several hacking groups and individual hackers have started using them in their own way. The April's data dump was believed to be the most damaging release by the Shadow Brokers till the date, as it publicly leaked lots of Windows hacking tools , including dangerous Windows SMB exploit. After the outbreak of WannaCry last week, security researchers have identified multiple different campaigns exploiting Windows SMB vulnerability (CVE-2017-0143), called Eternalblue , which has already compromised hundreds of thousands of computers worldwide. I have been even confirmed by multiple sources in hacking and intelligence community that there are lots of groups and individuals who are actively exploiting Eternalblue for different motives. Moreover, the Eternalblue SMB exploit ( MS17-010 ) has now been ported to  Met