The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed. This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim's network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted. As explained by the researchers, though there are variati

Following its efforts to take legal action against those misusing its social media platform, Facebook has now filed a new lawsuit against a Hong Kong-based advertising company and two Chinese individuals for allegedly abusing its ad platform to distribute malware and Ad fraud. Facebook filed the lawsuit on Thursday in the Northern District of California against ILikeAd Media International Company Ltd. as well as a Chinese software developer and a marketing director working for the firm, Chen Xiao Cong and Huang Tao. All three defendants have been alleged to have deceived people into installing malware on their systems, enabling them to compromise user's Facebook accounts and then using those hacked accounts to advertise counterfeit goods and diet pills—which is clearly in violation of Facebook's Terms and Advertising Policies. "The suit seeks to hold accountable ILikeAd Media International Company Ltd. and Chen Xiao Cong and Huang Tao for creating the malware, tr

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years. Maksim Yakubets , the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as ' Bugat ' and ' Cridex ' — through multi-million email campaigns and targeted numerous organizations around the world. The State Department has also announced a reward of up to $5 million—the largest offered bounty to date for a cybercrime suspect—for providing information that could lead to the arrest of Yakubets, who remains at large. "Bugat is a multifunction malware package designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers," the DoJ said in its press release . &qu

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users, respectively. The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for OpenBSD 6.5 and OpenBSD 6.6 just yesterday—that's in less than 40 hours. Here's a brief explanation of all four security vulnerabilities in OpenBSD—a free and open-source BSD-based Unix-like operating system—along with their assigned CVE identifiers OpenBSD Authentication Bypass (CVE-2019-19521) The authentication bypass vulnerability resides in the way OpenBSD's auth

Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups— APT34 , also known as ITG13 and Oilrig, and Hive0081 , also known as xHunt. A team of researchers at IBM who discovered the ZeroCleare malware says that the new wiper malware shares some high-level similarities with the infamous Shamoon, one of the most destructive malware families known for damaging 30,000 computers at Saudi Arabia's largest oil producer in 2012. Just like the Shamoon wiper malware , ZeroCleare also uses a legitimate hard disk driver called 'RawDisk by ElDos' to overwrite the master boot record (MBR) and disk partitions of targeted computers running the Windows operating system. Though EldoS driver is not s

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them. The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5. According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks. The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be

In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects. Among other things, the seized domains reportedly offered various counterfeit goods and pirated products and services, including pirated movies, illegal television streaming, music, electronics, cracked software downloads, counterfeit pharmaceuticals, and other illicit products. However, it should be noted that the seized web domains do not include any major pirate websites on the Internet. During the investigation, international law enforcement officials: shut down a total of 30,506 web domains, arrested three suspects, seized 26,000 luxury clothes and perfumes, seized 363 liters of alcoholic beverages, and seized an unspecified number of hardware devices. The officials also identified and froze more than €150,000 from several bank accounts and online payment platforms. Th

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history. Most of you might not even remember downloading and installing these extensions on your web browser, and that's likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users' browsers. Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from variou