The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users' computers and take control of them. The vulnerability has been uncovered by Google's Project Zero vulnerability reporting team, and one of its researchers Tavis Ormandy has also posted a proof-of-concept attack—just 40 days after the initial report. Usually, Project Zero team discloses vulnerabilities either after 90 days of reporting them to the affected vendors or until the vendor has released a patch. However, in this case, the Project Zero researchers disclosed the vulnerability 50 days prior to the actual time limit because Transmission developers failed to apply a ready-made patch provided by the researchers over a month ago. "I'm finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that

This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was suspected of fraudulent activities. " The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website ," the customer wrote. Later a good number of users posted similar complaints on OnePlus, Twitter and Reddit forums, saying they also became a victim of credit card fraud. Many of the customers claimed that their credit cards had been compromised after they bought a new phone or some accessories directly from the OnePlus official website, indicating that the leak might have been through the company itself. Cybersecurity

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018. Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet. Security researchers have spotted a new variant of infamous Mirai IoT malware designed to hijack insecure devices that run on ARC embedded processors. Until now, Mirai and its variants have been targeting CPU architectures— including x86, ARM, Sparc, MIPS, PowerPC and Motorola 6800 —deployed in millions of Internet of Things (IoT) devices. Dubbed Okiru , the new Mirai variant, first spotted by @unixfreaxjp from MalwareMustDie team and notified by independent researcher Odisseus , is a new piece of ELF malware that targets ARC-based embedded devices running Linux operating system. " This is the FIRST TIME ever in the history of computer eng

Almost three years after the massive leakage of high-profile celebrities' photos—well known as " The Fappening " or " Celebgate " scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities. A federal court has accused George Garofano , 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by the FBI. Garofano has admitted to illegally obtaining credentials for his victims' iCloud accounts using a phishing scheme, which eventually allowed him to steal personal information on his victims, including sensitive and private photographs and videos. Among celebrities whose photographs were posted online back in 2014 are Jennifer Lawrence, Kim Kardashian, Kirsten Dunst, and Kate Upton. Also, female victims also include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O'Neil. Between April 2013 to Oct

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018. Dubbed OSX/MaMi , an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012. DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information. First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend's computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses. After looking at the post, ex-NSA hacker Patrick Wardle analysed the malware and found that it is indeed a ' DNS Hijacker, ' which also invokes security tools to install a new root certificate in an attempt to intercept encrypte

It's been a terrible new-year-starting for Intel. Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally. As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities , security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely. Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user's device in less than 30 seconds. AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation. The bug allows anyone with phy

Good news for Skype users who are concerned about their privacy. Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger. End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages. Signal Protocol is an open source cryptographic protocol that has become an industry-wide standard—which is used in  Facebook Messenger , Whatsapp , and Google Allo for secure messaging. Dubbed Private Conversations , the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. "Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family," the company announced .  "Private Conversations can only be betwe

The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years. According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged author of FruitFly malware that was found targeting Apple Mac users earlier last year worldwide, primarily in the United States. Interestingly, Durachinsky was just 14 years old when he programmed the first version of the FruitFly malware, and this full-fledged backdoor trojan went largely undetected for several years, despite using unsophisticated and antiquated code. The malware was initially discovered in January 2017 by Malwarebytes and then Patrick Wardle, an ex-NSA hacker, found around 400 Mac computers infected with the newer strain of FruitFly. However, Wardle believed the number of infected Macs would likely be much higher. The malware is capable of advanced surveillance

Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all). A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all. The impact of this vulnerability is nowhere as serious as the previously disclosed root login bug in Apple's desktop OS that enabled access to the root superuser account simply by entering a blank password on macOS High Sierra 10.13.1. As reported on Open Radar earlier this week, the vulnerability impacts macOS version 10.13.2 and requires the attacker to be logged in with an administrator-level account for this vulnerability to work. I checked the bug on my fully updated Mac laptop, and it worked by entering a blank password as well as any random password. If you're running latest macOS

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps. Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services. The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service. In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean. However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system. Researchers from Ruhr-Universität

If you think that only CPU updates that address this year's major security flaws— Meltdown and Spectre —are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild. Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. The zero-day vulnerability ( CVE-2018-0802 ), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months. The vulnerability, discovered by several researchers from Chinese com

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3). WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices every day, including smartphones, laptops and Internet of things. However, WPA2 has long been considered to be insecure due to its common security issue, that is " unencrypted " open Wi-Fi networks, which allows anyone on the same WiFi network to intercept connections on other devices. Most importantly, WPA2 has also recently been found vulnerable to KRACK (Key Reinstallation Attack) that makes it possible for attackers to intercept and decrypt Wi-Fi traffic passing between computers and access points. The new standard of Wi-Fi security, which will be available for both personal and enterprise wireless devices later this year, offers improved security and privacy. WPA3

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files, and automatically backup and sync them with various cloud and web-based services. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. Since these devices have been designed to be connected over the Internet, the hardcoded backdoor would leave user data open to hackers. GulfTech research and development team has recently published an advisory detailing a hardcoded backdoor and several vulnerabilities it found in WD My Cloud storage devices that could allow remote attackers to

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a

Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services. The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as ' Trackmageddon ' in a report , detailing the key security issues they have encountered in many GPS tracking services. Trackmageddon affects several GPS services that harvest geolocation data of users from a range of smart GPS-enabled devices, including children trackers, car trackers, pet trackers among others, in an effort to enable their owners to keep track of where they are. According to the researchers, the vulnerabilities include easy-to-guess passwords (such as 123456), exposed folders, insecure API endpoints, and insecure direct object reference (IDOR) issues. By exploiting these flaws, an unaut

Unlike the initial reports suggested about Intel chips being vulnerable to some severe 'memory leaking' flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. Disclosed today by Google Project Zero , the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel—threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. These hardware vulnerabilities have been categorized into two attacks , named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer. Both attacks take advantage of a feature in chips known as "speculative execution," a technique used by most modern CPUs to optimize performance. "In order to improve performance, many CPUs may choose t

UPDATE: Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre — which affect not only Intel but also systems and devices running AMD, ARM processors —allowing attackers to steal sensitive data from the system memory. ____________ The first week of the new year has not yet been completed, and very soon a massive vulnerability is going to hit hundreds of millions of Windows, Linux, and Mac users worldwide. According to a blog post published yesterday, the core team of Linux kernel development has prepared a critical kernel update without releasing much information about the vulnerability. Multiple researchers on Twitter  confirmed that Intel processors (x86-64) have a severe hardware-level issue that could allow attackers to access protected kernel memory, which primarily includes information like passwords, login keys, and files cached from disk. The security patch implements kernel page-table isolation (KP

A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security researcher, Ashutosh Barot , the vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x ( prior to 4.7.7 ). Cross-site request forgery vulnerability, also known as XSRF, is an attack wherein an attacker tricks an authenticated user into executing an unwanted action. According to an advisory released by phpMyAdmin, " by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc. " phpMyAdmin is a free and open source administration tool for MySQL and MariaDB and is widely used to manage the database for websites created with WordPress,