The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer. Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk." The popular chipmaker released a security advisory on Monday admitting that its Management Engine (ME), remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple severe security issues that place millions of devices at risk. The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to " load and execute code outside the visibility of the user and operating system. " The

Again some bad news for cryptocurrency users. Tether, a Santa Monica-based start-up that provides a dollar-backed cryptocurrency tokens, has claimed that its systems have been hacked by an external attacker, who eventually stole around $31 million worth of its tokens. With a market capitalization of $673 million, Tether is the world's first blockchain-enabled platform to allow the traditional currency to be used like digital currency. Tether serves as a proxy for the US dollar, Euro (and soon Japanese yen) that can be sent between exchanges including Bitfinex, Poloniex, Omni, GoCoin and other markets. According to an announcement on the company's official website posted today, the unknown hacker stole the tokens (worth $30,950,010) from the Tether Treasury wallet on November 19 and sent them to an unauthorized Bitcoin address. The stolen tokens will not be redeemed, but the company is in the process of attempting token recovery in order to prevent them from enter

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google Play Store users, of which one spreads a new version of BankBot , a persistent family of banking Trojan that imitates real banking applications in efforts to steal users' login details. BankBot has been designed to display fake overlays on legitimate bank apps from major banks around the world, including Citibank, WellsFargo, Chase, and DiBa, to steal sensitive information, including logins and credit card details. With its primary purpose of displaying fake overlays, BankBot has the ability to perform a broad range of tasks, such as sending and intercepting SMS messages, making calls, tracking infected devices, and stealing contacts. Google removed at least four previous versions

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages. However, researchers at security firm Bitdefender have discovered that the banking Trojan has now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user. Terdot banking trojan does this by using a highly customized man-in-the-middle (MITM) proxy that allows the malware to intercept any traffic on an infected computer. Besides this, the new variant of Terdot

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi