#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

Jan 29, 2018
Every one of us now has at least one internet-connected smart device, which makes this question even more prominent —how much does your smart device know about you? Over the weekend, the popular fitness tracking app Strava proudly published a " 2017 heat map " showing activities from its users around the world, but unfortunately, the map revealed what it shouldn't—locations of the United States military bases worldwide. Strava which markets itself as a "social-networking app for athletes" publicly made available the global heat map, showing the location of all the rides, runs, swims, and downhills taken by its users, as collected by their smartphones and wearable devices like Fitbit. Since Strava has been designed to track users' routes and locations, IUCA analyst Nathan Ruser revealed that the app might have unintentionally mapped out the location of some of the military forces around the world, especially some secret ones from the United States. Wi
Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Jan 29, 2018
Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users. Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could also be configured to store website credentials and authenticate site via fingerprint. In addition to fingerprint data, the software also stores users sensitive information like their Windows login credentials—all of which are encrypted using a weak cryptography algorithm. According to the company, Fingerprint Manager Pro version 8.01.86 and earlier contains a hard-coded password vulnerability, identified as CVE-2017-3762 , that made the software accessible to all users with local non-administrative access. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Nearly 2000 WordPress Websites Infected with a Keylogger

Nearly 2000 WordPress Websites Infected with a Keylogger

Jan 29, 2018
More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange

Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange

Jan 26, 2018
Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets (nearly $420 million in NEM tokens and $112 in Ripples ). In 2014, Mt Gox , one of the largest bitcoin exchange at that time, filed for bankruptcy after admitting it had lost $450 million worth of Bitcoins. Apparently, the cryptocurrency markets reacted negatively to the news, which resulted in 5% drop in Bitcoin price early this morning. In a blog post published today, the Tokyo-based cryptocurrency exchange confirmed the cyber heist without explaining how the tokens were stolen, and abruptly froze most of its services, including deposits, withdrawals and trade of almost all cryptocurrencies, except Bitcoin. Coincheck also said the exchange had even stopped deposits into NEM cryptocurrencies, which resulted in 16.5% drop in NEM coin value, as well as other deposit methods including credit cards. Durin
Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

Jan 25, 2018
Are you using Linux or Mac OS? If you think your system is not prone to viruses, then you should read this. Wide-range of cybercriminals are now using a new piece of 'undetectable' spying malware that targets Windows, macOS, Solaris and Linux systems. Just last week we published a detailed article on the report from EFF/Lookout that revealed a new advanced persistent threat (APT) group, called Dark Caracal , engaged in global mobile espionage campaigns. Although the report revealed about the group's successful large-scale hacking operations against mobile phones rather than computers, it also shed light on a new piece of cross-platform malware called CrossRAT (version 0.1), which is believed to be developed by, or for, the Dark Caracal group. CrossRAT is a cross-platform remote access Trojan that can target all four popular desktop operating systems, Windows, Solaris, Linux, and macOS, enabling remote attackers to manipulate the file system, take screenshots, ru
Yikes! Three armed men tried to rob a Bitcoin Exchange in Canada

Yikes! Three armed men tried to rob a Bitcoin Exchange in Canada

Jan 25, 2018
As many non-tech savvy people think that Bitcoin looks like a Gold coin as illustrated in many stock images, perhaps these robbers also planned to rob a cryptocurrency exchange thinking that way. All jokes apart, we saw one such attempt on Tuesday morning, when three men armed with handguns entered the offices of a Canadian Bitcoin exchange in Ottawa, and restrained four of its employees. The intruders then struck one of the employees in the head with a handgun, asking them to make an outbound transaction from the cryptocurrency exchange. A fifth employee in another cabin, who remained unseen in an office, called the police before any assets could be taken, and the robbers left empty-handed. One of the suspects arrested later Wednesday after arriving police officers saw him run into a ravine north of Colonnade Road and deployed "extensive resources," including K-9 unit officers, to find him, CBC News reports . "Police are looking for two additional suspects,
EU Antitrust Regulators Fine Qualcomm $1.2 Billion Over Apple Deal

EU Antitrust Regulators Fine Qualcomm $1.2 Billion Over Apple Deal

Jan 25, 2018
The antitrust fine has hit Qualcomm badly. The European Commission has levied a fine of €997 Million, approximately $1.2 Billion, against U.S. chipmaker Qualcomm Inc. for violating antitrust laws in a series of deals with Apple by "abusing its market dominance in LTE baseband chipsets." According to the European Union (EU), Qualcomm paid Apple billions of dollars to make the iPhone-maker exclusively use its 4G chips in all its iPhones and iPads, reducing competition from other competing manufacturers in the LTE baseband chip industry like Intel. The European Commission launched an investigation in 2015, which revealed that Qualcomm abused its market dominance in LTE baseband chipsets and struck a deal with Apple in 2011, which meant the iPhone maker would have to repay Qualcomm if it decided to use a rival's chipsets until the end of 2016, hurting innovation in the chip sector. "This meant that no rival could effectively challenge Qualcomm in this market,
Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Jan 24, 2018
A critical remote code execution vulnerability has been reported in Electron —a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, Wordpress and Slack—that allows for remote code execution. Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform. The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://. "Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API," Electron says in an advisory published Monday. The Electron team has also confirmed that applications
Cybersecurity Certification Courses – CISA, CISM, CISSP

Cybersecurity Certification Courses – CISA, CISM, CISSP

Jan 23, 2018
The year 2017 saw some of the biggest cybersecurity incidents—from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya . The year ended, but it did not take away the airwaves of cybersecurity incidents, threats, data breaches, and hacks. The scope and pace of such cybersecurity threats would rise with every passing year, and with this rise, more certified cybersecurity experts and professionals would be needed by every corporate and organisation to prevent themselves from hackers and cyber thieves. That's why jobs in the cybersecurity field have gone up 80 percent over the past three years than any other IT-related job. So, this is the right time for you to consider a new career as a cybersecurity professional. But before getting started, you need to gain some valuable cyber security certifications that not only boost yo
Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

Jan 23, 2018
Don't install Intel's patches for Spectre and Meltdown chip vulnerabilities. Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches , which Linux creator Linus Torvalds calls 'complete and utter garbage.' Spectre and Meltdown are security vulnerabilities disclosed by researchers earlier this month in many processors from Intel, ARM and AMD used in modern PCs, servers and smartphones (among other devices), which could allow attackers to steal your passwords, encryption keys and other private information. Since last week, users are reporting that they are facing issues like spontaneous reboots and other 'unpredictable' system behaviour on their affected computers after installing Spectre/Meltdown patch released by Intel. Keeping these problems in mind, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors as well as end users to stop deploying the current versions of it
Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

Jan 23, 2018
A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers' computers. Played every month by half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment . To play Blizzard games online using web browsers, users need to install a game client application, called ' Blizzard Update Agent ,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, and " accepts commands to install, uninstall, change settings, update and other maintenance related options. " Google's Project Zero team researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the " DNS Rebinding " attack that allows any website to act as a bridge between the external server and your localhost. Just last week, Ormandy revealed a simi
Nearly Half of the Norway Population Exposed in HealthCare Data Breach

Nearly Half of the Norway Population Exposed in HealthCare Data Breach

Jan 22, 2018
Cybercriminals have stolen a massive trove of Norway's healthcare data in a recent data breach, which likely impacts more than half of the nation's population. An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million Norwegians out of the country's total 5.2 million inhabitants. Health South-East RHA is a healthcare organisation that manages hospitals in Norway's southeast region, including Østfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder. The healthcare organisation announced the data breach on Monday after it had been alerted by HelseCERT, the Norwegian CERT department for its healthcare sector, about an "abnormal activity" against computer systems in the region. HelseCERT also said the culprits behind the data breach are "advanced and professional" hacke
15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information

15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information

Jan 20, 2018
Remember " Crackas With Attitude "? A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents , 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015. Believe or not, the leader of this hacking group was just 15-years-old when he used "social engineering" to impersonate CIA director and unauthorisedly access highly sensitive information from his Leicestershire home, revealed during a court hearing on Tuesday. Kane Gamble , now 18-year-old, the British teenager hacker targeted then CIA director John Brennan , Director of National Intelligence James Clapper , Secretary of Homeland Security Jeh Johnson, FBI deputy director Mark Giuliano , as well as other senior FBI figures. Between June 2015 and February 2016, Gamble posed as Brennan and tricked call centre and helpline staff into giving away broadband and
OnePlus confirms up to 40,000 customers affected by Credit Card Breach

OnePlus confirms up to 40,000 customers affected by Credit Card Breach

Jan 19, 2018
OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website. In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between mid-November 2017 and January 11, 2018. According to the company, the attacker targeted one of its systems and injected a malicious script into the payment page code in an effort to sniff out credit card information while it was being entered by the users on the site for making payments. The malicious script was able to capture full credit card information, including their card numbers, expiry dates, and security codes, directly from a customer's browser window. " The malicious script operated intermittently, capturing and sending data directly from the user's browser. It ha
Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

Jan 19, 2018
A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers. The advanced persistent threat (APT) group, dubbed Dark Caracal , has claimed to have stolen hundreds of gigabytes of data, including personally identifiable information and intellectual property, from thousands of victims in more than 21 different countries, according to a new report from the Electronic Frontier Foundation (EFF) and security firm Lookout. After mistakenly leaking some of its files to the internet, the shadowy hacking group is traced back to a building owned by the Lebanese General Directorate of General Security (GDGS), one of the country's intelligence agencies, in Beirut. "Based on the available evidence, it's likely
Facebook Password Stealing Apps Found on Android Play Store

Facebook Password Stealing Apps Found on Android Play Store

Jan 18, 2018
Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam , in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users. Discovered independently by two cybersecurity firms, Trend Micro and Avast , the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps. Like most malware apps, these Android apps themselves don't contain any malicious code, which is why they managed to end up on Google's official Play Store. Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to
Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Jan 17, 2018
Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon , the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is an HTTP botnet malware that communicates with its command-and-control servers over Tor anonymising network and allows attackers to remotely steal keylogs, sensitive data, like passwords stored in web browsers and email clients. Zyklon malware is also capable of executing additional plugins, including secretly using infected systems for DDoS attacks and cryptocurrency mining. Different versions of the Zyklon malware has previously been found being advertised on a popular underground marketplace for $75 (normal build) and $125 ( Tor-enabled build). According to a recently published report
Skygofree — Powerful Android Spyware Discovered

Skygofree — Powerful Android Spyware Discovered

Jan 16, 2018
Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree , the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years. Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs. The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers. Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution ca
Cybersecurity Resources