The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Remember the Simjacker vulnerability? Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers. If you can recall, the Simjacker vulnerability resides in a dynamic SIM toolkit, called the S@T Browser , which comes installed on a variety of SIM cards, including eSIM, provided by mobile operators in at least 30 countries. Now, it turns out that the S@T Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorization—regardless of which handsets or mobile operating systems victims are using. WIB SIM ToolKit Also Leads To SimJacker Attacks Following the Simjacker revelation, Lakatos, a researcher at Ginno Security Lab, reached out to The Hacker News earli

An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a "permanent unpatchable bootrom exploit," in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip). Dubbed Checkm8, the exploit leverages unpatchable security weaknesses in Apple's Bootrom (SecureROM), the first significant code that runs on an iPhone while booting, which, if exploited, provides greater system-level access. "EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices," said axi0mX while announcing the publicly release of the exploit on Twitter. The new exploit came exactly a month after Apple released an emergency patch for another critical jailbreak vulnerability that works on Apple devices including the iPhone XS, XS Max, and XR and the 2019 iPad Mini and iPad Air, running iOS 12.4 and i

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Watch out Windows users! There's a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it. Why? That's because, first, it's an advanced fileless malware and second, it leverages only legitimate built-in system utilities and third-party tools to extend its functionality and compromise computers, rather than using any malicious piece of code. The technique of bringing its own legitimate tools is effective and has rarely been spotted in the wild, helping attackers to blend in their malicious activities with regular network activity or system administration tasks while leaving fewer footprints. Independently discovered by cybersecurity researchers at Microsoft and Cisco Talos, the malware — dubbed " Nodersok " and " Divergent " — is primarily being distributed via malicious online advertisements and infecting users using

Do you use DoorDash frequently to order your food online? If yes, you are highly recommended to change your account password right now . DoorDash—the popular on-demand food-delivery service—today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well. DoorDash is a San Francisco-based on-demand food delivery service (just like Zomato and Swiggy in India) that connects people with their local restaurants and get delivered food on their doorsteps with the help of contracted drivers, also known as "Dashers." The service operates in more than 4,000 cities across the United States and Canada. What happened? In a blog post published today, DoorDash said the company became aware of a security intrusion earlier this month after it noticed some "unusual activity" from a third-party service provider. Immediately after detecting the security intrusion, the comp

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web. Previously known as Outlook Web Application or OWA, "Outlook on the Web" is Microsoft's web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft's on-premises Exchange Server and cloud-based Exchange Online. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more. Now, the expanded block list will also include 38 new extensions

Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant "full access" permissions to enable some additional features through network access. However, in the brief security advisory , Apple says that an unpatched issue in iOS 13 and iPadOS could allow third-party keyboard apps to grant themselves "full access" permission to access what you are typing—even if you deny this permission request in the first place. It should be noted that the iOS 13 bug doesn't affect Apple's built-in keyboards or third-party keyboards that don't make use of full access. Instead, the bug only impacts users who have third-party keyboard apps—such as popular Gboard, Grammarl

An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. According to details published on the Full Disclosure mailing list, the hacker claims to have found a remote code execution vulnerability that appears to affect vBulletin versions 5.0.0 till the latest 5.5.4. The Hacker News has independently verified that the flaw works, as described, and affects the latest version of vBulletin software, which even

A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp, which, when opened, exploited web browser and privilege escalation vulnerabilities to install spyware on iOS and Android devices stealthily. "Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators posing as NGO workers, journalists, and other fake personas," the researchers say . What's more? The researchers said they found "technical overlaps" of Poison Carp with two recently discovered campaigns against the Uyghur community in China—the iPhone hacking campaign