The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

WordPress administrators are once again in trouble. WordPress version 4.9.3 was released earlier this week with patches for a total 34 vulnerabilities, but unfortunately, the new version broke the automatic update mechanism for millions of WordPress websites. WordPress team has now issued a new maintenance update, WordPress 4.9.4 , to patch this severe bug, which WordPress admins have to install manually. According to security site WordFence , when WordPress CMS tries to determine whether the site needs to install an updated version, if available, a PHP error interrupts the auto-update process. If not updated manually to the latest 4.9.4 version, the bug would leave your website on WordPress 4.9.3 forever, leaving it vulnerable to future security issues. Here's what WordPress lead developer Dion Hulse explained about the bug: "#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human e

Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems. Since the new POS malware relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of credit card information, security researchers at Forcepoint Labs, who have uncovered the malware, dubbed it UDPoS . Yes, UDPoS uses Domain Name System (DNS) queries to exfiltrate stolen data, instead of HTTP that has been used by most POS malware in the past. This malware is also thought to be first of its kind. Besides using 'unusual' DNS requests to exfiltrate data, the UDPoS malware disguises itself as an update from LogMeIn —a legitimate remote desktop control service used to manage computers and other systems remo

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Since most of us rely upon the Internet for day-to-day activities, hacking and spying have become a prime concern today, and so have online security and privacy. The governments across the world have been found to be conducting mass surveillance and then there are hackers and cybercriminals who are always looking for ways to steal your sensitive and personal data from the ill-equipped networks, websites, and PCs. Even most online services and websites today collect your personal data, including search histories, location data, and buying habits, and makes millions by sharing them with advertisers and marketers. In short, we have no or very little online privacy. This is why schools, colleges, hospitals and other small and big businesses are moving towards adopting a solution that allows them to store and access their personal data securely. The solution: Virtual Private Network. Virtual Private Network, or VPN, serves as an encrypted tunnel that secures your computer's Int

A team of security researchers—which majorly focuses on finding clever ways to get into air-gapped computers by exploiting little-noticed emissions of a computer's components like light, sound and heat —have published another research showcasing that they can steal data not only from an air gap computer but also from a computer inside a Faraday cage. Air-gapped computers are those that are isolated from the Internet and local networks and so, are believed to be the most secure devices that are difficult to infiltrate. Whereas, Faraday cages are metallic enclosures that even blocks all electromagnetic signals, such as Wi-Fi, Bluetooth, cellular and other wireless communications, making any device kept inside the cage, even more, isolate from outside networks. However, Cybersecurity Research Center at Israel's Ben Gurion University, directed by 38-year-old Mordechai Guri, has developed two techniques that helped them exfiltrate data from computers placed inside a Faraday

After leaving million of devices at risk of hacking and then rolling out broken patches, Intel has now released a new batch of security patches only for its Skylake processors to address one of the Spectre vulnerabilities (Variant 2). For those unaware, Spectre ( Variant 1, Variant 2 ) and Meltdown ( Variant 3 ) are security flaws disclosed by researchers earlier last month in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft. Shortly after the researchers disclosed the Spectre and Meltdown exploits , Intel started releasing microcode patches for its systems running Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. However, later the chip maker rollbacked the firmware updates and had to tell users to stop using an earlier update due to users complaining of frequent reboots and other unpredictable system behavior after installing patches. Although it should be a bit quicker, Intel i