The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations. Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a loophole in WhatsApp's security protocols to change the content of the messages, allowing malicious users to create and spread misinformation or fake news from "what appear to be trusted sources." The flaws reside in the way WhatsApp mobile application connects with the WhatsApp Web and decrypts end-to-end encrypted messages using the protobuf2 protocol . The vulnerabilities could allow hackers to misuse the 'quote' feature in a WhatsApp group conversation to change the identity of the sender, or alter the content of someone else's reply to a group chat, or even send private messages to one of

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx , who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description " Source Code for SnapChat ," publishing the code of what purported to be Snapchat's iOS app. The underlying code could potentially expose the company's extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app. Snapchat's parent company, Snap Inc., responded to the leak by filing a copyright act request under the Digital Millennium Copyright Act (DMCA), helping it takedown the online repository hosting the Snapchat code. SnapChat Hack: Github Took Down Repository After DMCA Notice Though it is not clear

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make the web a more secure place, forcing website administrators to switch to HTTPS. TLS 1.3 is the newest and most secure cryptographic protocol of the Transportation Layer Security (TLS), the successor to Secure Sockets Layer (SSL), which encrypts data in transit between clients and servers to prevent data theft or tampering. To make internet traffic more secure, TLS 1.3 incorporates several new features like encrypting handshake messages to keep certificates private, redesigning the way secret keys are derived, and a zero round-trip (0-RTT) connection setup, making certain requests faster than TLS 1.2. Written in C++ 14, Fizz is a reliable and highly performant TLS library that

Taiwan Semiconductor Manufacturing Company (TSMC)—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry —a massive ransomware attack that wreaked havoc across the world by shutting down hospitals, telecom providers, and many businesses in May 2017. TSMC shut down an entire day of production this weekend after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones, which could impact revenue by approx $256 million. According to the semiconductor manufacturer, its computer systems were not direct attacked by any hacker, but instead, were exposed to the malware "when a supplier installed tainted software without a virus scan" to TSMC&

If you have bet on Peppermint, Pancake or Pastry for "P" in the next version of Google's mobile operating system, sorry guys you lose because Android P stands for Android Pie . Yes, the next version of sugary snack-themed Android and the successor to Android Oreo will now be known as Android 9.0 Pie , and it has officially arrived, Google revealed on Monday. Android 9 Pie — 5 Best New Features Google says Android Pie comes with a "heaping helping of artificial intelligence baked in to make your phone smarter, simpler, and more tailored to you." 1.) AI-Powered Adaptive Battery Despite Google has made its efforts since it brought a power saving mode called Doze in  Android 6.0 Marshmallow , Battery life has always been a big concern for people. Android 9 Pie introduces a new feature called "Adaptive Battery," which uses machine learning to learn which apps you use most and prioritize battery for them accordingly. "Android 9 int

There's both good news and bad news for Fortnite game lovers. Fortnite, one of the most popular games in the world right now, is coming to Android devices very soon, but players would not be able to download Fortnite APK from the Google Play Store. Instead, Epic Games software development company has confirmed the Fortnite APK for Android will be available for download exclusively only through its official website, bypassing the Google Play Store. Why Fortnite for Android Bypassing Google Play Store? Epic Games CEO Tim Sweeney cites two main reasons for this decision. First, offering Fortnite APK downloads directly from its official website will allow the company to "have a direct relationship" with its consumers. Second, since Google takes a 30 percent cut of revenue each time a user makes an in-app purchase through its Play Store, the decision will allow the company to save millions. This should not be shocking as Fortnite on iOS made $15 million in j

Taiwan Semiconductor Manufacturing Company (TSMC)—Apple's sole supplier of SoC components for iPhones and iPads, and Qualcomm's major manufacturing partner—shut down several of its chip-fabrication factories Friday night after being hit by a computer virus. The world's largest makers of semiconductors and processors TSMC lost an entire day of production after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones. Though the popular chip maker has been attacked by viruses in the past, this is the first time a virus has affected TSMC's production lines, making the incident a real big deal. Without revealing many details, TSMC said a number of its computer systems and fabrication tools were infected by the virus on Friday night, but since then it has recovered 80% of its impacted equipment, though others will be recovered by tomorrow. According to TSMC, the comput

It's time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation component , which is being used in Drupal Core and affects Drupal 8.x versions before 8.5.6. Since Symfony—a web application framework with a set of PHP components—is being used by a lot of projects, the vulnerability could potentially put many web applications at risk of hacking. Symfony Component Vulnerability According to an advisory released by Symfony, the security bypass vulnerability originates due to Symfony's support for legacy and risky HTTP headers. "Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rew

Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing. The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time. The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router. The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 Mikro

Like many others, do you also believe that the popular system-cleaning tool CCleaner was performing well before Avast acquired the software from Piriform last year? If yes, then pop-up advertisements in the previous CCleaner software version was not the last thing you have to deal with. Avast has released a new version of CCleaner 5.45 that not only always runs in the background, but also collects information about your system without giving you a way to turn the feature off. CCleaner is a popular application, available in both free and premium versions, with over 2 billion downloads that allow users to clean up their Windows, Mac, and mobile devices to optimize and enhance performance. Last year, CCleaner made headlines when it suffered a massive supply-chain malware attack of all times, wherein hackers compromised its servers for over a month and replaced the original version of the software with the malicious one, infecting over 2.3 million users worldwide. CCleaner

Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday. The three suspects are believed to be members of the organized Russian cybercrime group known as FIN7 , the hackers group behind Carbanak and Cobalt malware and were arrested last year in Europe between January and June. The suspects—Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30—are all from Ukraine and accused of targeting 120 companies based in the United States, as well as U.S. individuals. The victims include Chipotle Mexican Grill, Jason's Deli, Red Robin Gourmet Burgers, Sonic Drive-in, Taco John's, Chili's, Arby's, and Emerald Queen Hotel and Casino in Washington state. Carbanak (FIN7) Group Charged for Stealing 15 Million Credit Cards According to the press release published

Another day, another significant data breach. This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators. Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords. According to Reddit, the unknown hacker(s) managed to gain read-only access to some of its systems that contained its users' backup data, source code, internal logs, and other files. In a post published to the platform Wednesday, Reddit Chief Technology Officer Christopher Slowe admitted that the hack was a serious one, but assured its users that the hackers did not gain access to Reddit systems. "[The attackers] were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API k

After an eight-year-long absence from the most populated country in the world, Google search is going to dramatically make a comeback in China. Google is reportedly planning to launch a censored version of its search engine in China that is going to blacklist certain websites and search terms to comply with Chinese government's attempts to censor the Internet, a whistleblower revealed. According to leaked documents obtained by The Intercept, CEO Sundar Pichai met with a Chinese government official in December 2017 to re-enter the world's largest market for internet users. Project Dragonfly — Censored Google Search Engine Since spring last year Google engineers have been secretly working on a project, dubbed " Dragonfly ," which currently includes two Android mobile apps named—Maotai and Longfei—one of which will get launched by the end of this year after Chinese officials approve it. The censored version of Google search engine in the form of a mobile app report

Amnesty International, one of the most prominent non-profit human rights organizations in the world, claims one of its staff members has been targeted by a sophisticated surveillance tool made by Israel's NSO Group. The NSO Group is an Israeli firm that's mostly known for selling high-tech spyware and surveillance malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world. The company's most powerful spyware called Pegasus for iPhone , Android , and other mobile devices has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates. Pegasus has been designed to hack mobile phones remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, emails, WhatsApp messages , user's location, microphone, and camera —all without the victim's knowl

Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses owned by the attackers mentioned on ransom notes of each SamSam version and found the attackers have received more than $5.9 million from just 233 victims, and their profits are still on the rise, netting around $300,000 per month. "In total, we have now identified 157 unique addresses which have received ransom payments as well as 89 addresses which have been used on ransom notes and sample files but, to date, have not received payments," the new report by Sophos reads. SamSam Ransomware Attacks > What makes SamSam stand out from other forms of ransomware is that SamSam is not distributed

Dixons Carphone's 2017 data breach was worse than initially anticipated. In an announcement on Monday, Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, admitted that the breach affected around 10 million customers, up from an initial estimate of 1.2 million people the company acknowledged back in June. The company, which has been investigating the hack since it was discovered in June this year, said the investigation is nearly over and now there is evidence that some of the data may have been taken from its systems. The Carphone Warehouse and Currys PC World owner said the hackers may have accessed personal information of its affected customers including their names, addresses and email addresses last year. The hackers also got access to 5.9 million payments cards used at Currys PC World and Dixons Travel, but nearly all of those cards were protected by the chip-and-pin system . However, Dixons Carphone assured its cust

An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposing private chats between 2015 and 2017. The leaked chats have been referenced by American media outlets earlier this year, but for the very first time, all 11,000 messages have been published online, allowing anyone to scroll through and read messages themselves. "The chat is presented nearly in its entirety, with less than a dozen redactions made to protect the privacy and personal information of innocent, third parties. The redactions don't include any information that's relevant to WikiLeaks or their activities," Best said. The leaked DMs of the private Twitter chat group, dubbed " Wikileaks +10 " by Best, show WikiLeak's strong Republican favoritism,

Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected 105,309 individuals , including patients and employees, at the Omaha-based medical organization. In a "Notice of Data Security Incident" published on its website, the Boys Town National Research Hospital admitted that the organization became aware of an abnormal behavior regarding one of its employees' email account on May 23, 2018. After launching a forensic investigation, the hospital found that an unknown hacker managed to infiltrate into the employee's email account and stole personal information stored within the email account as a result of unauthorized access. T