The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies. The country banned Microsoft's Windows operating system on government computers in 2014 amid concerns about security and US surveillance. Even in the wake of that, China had been pushing its custom version of Windows XP and its forked version of Ubuntu Linux . To deal with this issue and target the world's largest market, Microsoft's CEO for the Greater China region last year confirmed that the company was working on a Chinese version of Windows 10 that included "more management and security controls" and less bloatware. Now, Microsoft has just announced a new version of its Windows 10, which is now ready for Chinese government agencies to use. In its event in Shanghai on Tuesday, Microsoft announced Windows 10 China Government Edition specifically designed for the Chinese government.The OS is based on Windows 1

Samsung recently launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, with both Facial and IRIS Recognition features, making it easier for users to unlock their smartphone and signing into websites. We already knew that the Galaxy S8's facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a simple way to bypass the iris-based authentication, which Samsung wants you to think is unbeatable. All it took for German hacking group Chaos Computer Club (CCC) to break the Galaxy S8's iris-recognition system was nothing but a camera, a printer, and a contact lens. The white hat hacking group also published a video showing how to defeat Samsung's iris scanner. Video Demonstration — Bypassing Iris Scanner The process was very simple. The CCC group simply used the night mode setting on a Sony digital camera to capture a medium range photo of their subject. Since the iris

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Do you watch movies with subtitles? Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer. Though that film was excellent, this morning a new research from Checkpoint scared me. I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie. Yes, you heard that right. A team of researchers at Check Point has discovered vulnerabilities in four of the most popular media player applications, which can be exploited by hackers to hijack " any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device " with malicious codes inserted into the subtitle files. " We have now discovered malicious subtitles could be created and delivered to millions of devices automatically, bypassing security software and giving the attacker full control of the infected device and the data it holds, " he added. These

The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot." Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that assisted the massive investigation. The collaboration resulted in the arrest of 16 members of the Cron group in November 2016, while the last active members were apprehended in April 2017, all living in the Russian regions of Ivanovo, Moscow, Rostov, Chelyabinsk, and Yaroslavl and the Republic of Mari El. Targeted Over 1 Million Phones — How They Did It? Group-IB first learned of the Cron malware gang in March 2015, when the criminal gang was distributing the Cron Bot malware disguised as Viber and Google Play apps. The Cron malware gang abused the popularity of SMS-banking

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This popular image-processing library made headline last year with the discovery of the then-zero-day vulnerability, dubbed ImageTragick , which allowed hackers to execute malicious code on a Web server by uploading a maliciously-crafted image. Now, just last week, security researcher Chris Evans demonstrated an 18-byte exploit to the public that could be used to cause Yahoo servers to leak other users' private Yahoo! Mail image attachments. 'Yahoobleed' Bug Leaks Images From Server Memory The exploit abuses a security vulnerability in the ImageMagick library, which Evans dubbed