The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The United States' National Security Agency (NSA) is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco. The existence of the framework, dubbed GHIDRA, was first publicly revealed by WikiLeaks in CIA Vault 7 leaks, but the tool once again came to light after Senior NSA Adviser Robert Joyce announced to publicly release the tool for free in his RSA Conference session description. Reverse engineering tool is a disassembler, for example, IDA-Pro, that help researchers identify certain portions of a program to see how they work by reading information like its processor instructions, instruction lengths, and more. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux operating systems, and also supports a variety of processor

A massive data breach at the popular online role-playing game 'Town of Salem' has reportedly impacted more than 7.6 million players, the game owner BlankMediaGames (BMG) confirmed Wednesday on its online forum. With the user base of more than 8 million players, Town of Salem is a browser-based game that enables gamers (which range from 7 to 15 users) to play a version of the famous secret role game Town, Mafia, or Neutrals. The data breach was first discovered and disclosed on December 28 when a copy of the compromised Town of Salem database was anonymously sent to DeHashed, a hacked database search engine. Over 7.6 Million Users Accounts Compromised The database included evidence of the server compromise and access to the complete gamer database which contained 7,633,234 unique email addresses (most-represented of the email providers being Gmail, Hotmail, and Yahoo.com). After analyzing the complete database, DeHashed disclosed that the compromised data contained

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Germany has been hit with the biggest hack in its history. A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg's prime minister Dietmar Woidke, along with some German artists, journalists, and YouTube celebrities. The leaked data that was published on a Twitter account ( @_0rbit ) and dated back to before October 2018 includes phone numbers, email addresses, private chats, bills, credit card information and photos of victims' IDs. Although it is yet unclear who perpetrated this mass hack and how they managed to perform it, the leaked data appears to be collected unauthorizedly by hacking into their smartphones. The hack targeted all of Germany's political parties currently represented in the federal parliament, including the CDU, CSU, SPD, FDP, Left party (Die Linke) and Greens, except for the far-right Alternative for Germany (AfD). While Justice Minister

I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. Both the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt—from Trend Micro's Zero Day Initiative (ZDI). Critical Adobe Acrobat and Reader Vulnerabilities The first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead

A group of hackers has hijacked tens of thousands of Google's Chromecast streaming dongles, Google Home smart speakers and smart TVs with built-in Chromecast technology in recent weeks by exploiting a bug that's allegedly been ignored by Google for almost five years. The attackers, who go by Twitter handles @HackerGiraffe and @j3ws3r, managed to hijack Chromecasts' feeds and display a pop-up, spreading a security warning as well as controversial YouTube star PewDiePie propaganda. The hackers are the same ones who hijacked more than 50,000 internet-connected printers worldwide late last year by exploiting vulnerable printers to print out flyers asking everyone to subscribe to PewDiePie YouTube channel. This time, the hackers remotely scanned the internet for compatible devices, including Chromecasts, exposed to the internet through poorly configured routers that have Universal Plug and Play [UPnP] enabled by default. The hackers then exploited a design flaw in Chrome

Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities. The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android generates 'User Agent' string containing the Android version number and build tag information, which includes device name and its firmware build. This information is also sent to applications using WebView and Chrome Tabs APIs, which can be used to track users and fingerprint devices on which they are running. For example: Mozilla/5.0 (Linux; Android 5.1.1; Nexus 6 Build/LYZ28K ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.34 Mobile Safari/537.36 Yakov Shafranovich, a contributor at Nightwatch Cybersecurity firm, initially reported this issue to Google three years a

Once upon a time, there was an online portal named Kickass Torrents (KAT cr), celebrated globally for its extensive archive of movies, music, television, and additional media content. This platform was a goldmine for individuals searching for rare content and those seeking a platform to share their work. However, Kickass Torrents had its adversaries. Predominantly, the movie and music industries perceived the site as endangering their revenue and indicted it for encouraging copyright violation. Regardless, the Kickass Torrents team kept advocating for its user's rights, arguing that they were supplying an authentic service. The Downfall and Resurgence of Kickass Torrents In due course, the long arm of the law reached Kickass Torrents, and the site was deactivated. In July 2017, U.S. authorities took down the site as the owner, Artem Vaulin, had permitted copyrighted material. In the aftermath, a band of the site's devoted contributors founded the Katcr.co forum, aiming to