The Hacker News
FCC Just Killed Net Neutrality—What Does This Mean? What Next?
December 15th, 2017, 12:58 PM
Net neutrality is DEAD—3 out of 5 federal regulators voted Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs
TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage
December 15th, 2017, 12:58 PM
Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that
Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet
December 14th, 2017, 12:58 PM
The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old
Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices
December 14th, 2017, 12:58 PM
Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take
Password Stealing Apps With Over A Million Downloads Found On Google Play Store
December 13th, 2017, 12:58 PM
Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services, malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from
ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced
December 12th, 2017, 12:58 PM
A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on
Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online
December 12th, 2017, 12:58 PM
Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released
Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak
December 12th, 2017, 12:58 PM
As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks
December 11th, 2017, 12:58 PM
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker, which has been
Get the Ultimate 2018 Hacker Bundle – Pay What You Want
December 11th, 2017, 12:58 PM
Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical
THN Weekly Roundup — Top 10 Stories You Should Not Miss
December 11th, 2017, 12:58 PM
Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft's Windows operating
Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
December 10th, 2017, 12:58 PM
Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim's PC. Enabled by default, Microsoft Malware Protection Engine offers the core cybersecurity capabilities, like scanning, detection, and cleaning, for the company's
Pre-Installed Keylogger Found On Over 460 HP Laptop Models
December 9th, 2017, 12:58 PM
HP has an awful history of 'accidentally' leaving keyloggers onto its customers' laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes by
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
December 9th, 2017, 12:58 PM
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to
Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL
December 7th, 2017, 12:58 PM
A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The vulnerability was discovered by researchers of the Security and Privacy Group at the University of Birmingham, who tested hundreds of different banking apps—both iOS and Android—and found that several of
Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions
December 7th, 2017, 12:58 PM
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal
Largest Crypto-Mining Exchange Hacked; Over $70 Million in Bitcoin Stolen
December 7th, 2017, 12:58 PM
Bitcoin is breaking every record—after gaining 20% jump last week, Bitcoin price just crossed the $14,800 mark in less than 24 hours—and there can be no better reason for hackers to put all of their efforts to steal skyrocketing cryptocurrency. NiceHash, the largest Bitcoin mining marketplace, has been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at
Uber Paid 20-Year-Old Florida Hacker $100,000 to Keep Data Breach Secret
December 7th, 2017, 12:58 PM
Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber's system last year and was paid a huge amount by the company to destroy the data and keep the incident secret. Just last week, Uber announced that a massive data breach in October 2016 exposed
New TeamViewer Hack Could Allow Clients to Hijack Viewers' Computer
December 6th, 2017, 12:58 PM
Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of
Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers
December 6th, 2017, 12:58 PM
Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to steal files and execute malicious code on vulnerable systems remotely. The issue was discovered by
Feds Shut Down 'Longest-Running' Andromeda Botnet
December 5th, 2017, 12:58 PM
In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called "one of the longest-running malware families in existence" known as Andromeda. Andromeda, also known as Win32/Gamarue, is an infamous HTTP-based modular botnet that has been around for several years now, and infecting computers with it's malicious
Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
December 5th, 2017, 12:58 PM
In the digital age, one of the most popular sayings is—if you're not paying, then you're not the customer, you're the product. While downloading apps on their smartphones, most users may not realize how much data they collect on you. Believe me; it’s way more than you can imagine. Nowadays, many app developers are following irresponsible practices that are worth understanding, and we don't
MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients
December 5th, 2017, 12:58 PM
If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms. <!--
Young Hacker, Who Took Over Jail Network to Get Friend Released Early, Faces Prison
December 5th, 2017, 12:58 PM
Well, "a friend in need is a friend indeed" goes a long way, but in this case, this phrase hardly makes any sense. A 27-year-old Michigan man who hacked into the government computer system of Washtenaw County Jail to alter inmate records and gain early release for his friend is now himself facing federal charges after getting caught. Konrads Voits from Ann Arbor, Michigan, pleaded guilty in
Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests
December 4th, 2017, 12:58 PM
The United States Department of Homeland Security (DHS) has recently accused Da-Jiang Innovations (DJI), one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has begun circulating online more recently