The Hacker News

Syndikovat obsah The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Aktualizace: 17 min 57 sek zpět

Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday

14 Duben, 2018 - 10:37
Hackers have started exploiting a recently disclosed critical vulnerability in Drupal shortly after the public release of working exploit code. Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites. <!-- adsense
Kategorie: Hacking & Security

Hackers Found Using A New Code Injection Technique to Evade Detection

13 Duben, 2018 - 19:03
While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a "simple yet powerful" technique that allows attackers to inject malicious code into a legitimate process
Kategorie: Hacking & Security

Popular Android Phone Manufacturers Caught Lying About Security Updates

13 Duben, 2018 - 14:20
Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time. According to a new study, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates. In other words, most smartphone manufacturers
Kategorie: Hacking & Security

Hacker Can Steal Data from Air-Gapped Computers through Power Lines

12 Duben, 2018 - 17:36
Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have now shown how fluctuations in the current flow "propagated through the power lines"
Kategorie: Hacking & Security

Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password

12 Duben, 2018 - 09:29
A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users' Windows login credentials, just by convincing
Kategorie: Hacking & Security

How to Find Out Everything Facebook Knows About You

11 Duben, 2018 - 07:44
Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information. The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached. Facebook stores details of almost every action you have taken and interaction you have engaged in on its platform. <!-- adsense -
Kategorie: Hacking & Security

Warning: Your Windows PC Can Get Hacked by Just Visiting a Site

10 Duben, 2018 - 23:41
Can you get hacked just by clicking on a malicious link or opening a website? — YES. Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website. Microsoft has patched five
Kategorie: Hacking & Security

Facebook Offering $40,000 Bounty If You Find Evidence Of Data Leaks

10 Duben, 2018 - 21:46
Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal, the company today launched a bounty program to reward users for reporting "data abuse" on its platform. The move comes as Facebook CEO Mark Zuckerberg prepares to testify before Congress this week amid scrutiny
Kategorie: Hacking & Security

Flaw in Emergency Alert Systems Could Allow Hackers to Trigger False Alarms

10 Duben, 2018 - 18:51
A serious vulnerability has been exposed in "emergency alert systems" that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms. The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes
Kategorie: Hacking & Security

Authentication Bypass Vulnerability Found in Auth0 Identity Platform

9 Duben, 2018 - 20:01
A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media
Kategorie: Hacking & Security

Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

9 Duben, 2018 - 16:46
A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide
Kategorie: Hacking & Security

Here's how hackers are targeting Cisco Network Switches in Russia and Iran

9 Duben, 2018 - 11:48
Since last week, a new hacking group, calling itself 'JHT,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—"Do not mess with our elections" with an American flag (in ASCII art). MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches
Kategorie: Hacking & Security

Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords

6 Duben, 2018 - 20:16
Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports. Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business
Kategorie: Hacking & Security

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

6 Duben, 2018 - 13:41
Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and
Kategorie: Hacking & Security

Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now

6 Duben, 2018 - 09:58
Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. <!-- adsense --> In an
Kategorie: Hacking & Security

Intel Admits It Won't Be Possible to Fix Spectre (V2) Flaw in Some Processors

5 Duben, 2018 - 16:46
As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the
Kategorie: Hacking & Security

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

5 Duben, 2018 - 16:21
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines
Kategorie: Hacking & Security

Facebook admits public data of its 2.2 billion users has been compromised

5 Duben, 2018 - 11:17
Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information. On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion
Kategorie: Hacking & Security

Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

4 Duben, 2018 - 16:49
Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in
Kategorie: Hacking & Security

New Android Malware Secretly Records Phone Calls and Steals Private Data

3 Duben, 2018 - 16:25
Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender." Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls. Talos
Kategorie: Hacking & Security