You are here


Subscribe to THN feed THN
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Updated: 1 hour 51 min ago

Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online

Thu, 08/11/2018 - 07:25
An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine. The vulnerability occurs due to memory corruption issues and affects

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Wed, 07/11/2018 - 07:01
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the

The Pirate Bay Like 9 Best Torrent Sites (Updated Nov 2018)

Tue, 06/11/2018 - 16:35
The Pirate Bay torrent search engine is one of the world's most famous and best torrent sites. But it has been caught second time mining digital currencies using visitors' computers. Like many popular torrent sites, the pirate bay also uses mining to make money without informing its users. But this time a tiny message on its homepage clarifies some terms of service but gives no option to

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

Tue, 06/11/2018 - 07:21
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

Sun, 04/11/2018 - 07:24
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other

Accused CIA Leaker Faces New Charges of Leaking Information From Prison

Fri, 02/11/2018 - 07:16
Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

Thu, 01/11/2018 - 16:48
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including

Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Wed, 31/10/2018 - 11:26
Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its

New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

Tue, 30/10/2018 - 18:01
It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS

Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent

Tue, 30/10/2018 - 12:58
Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent. With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to run on any device running

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

Tue, 30/10/2018 - 08:16
Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the 'Online Video' option in Word documents, a feature that allows users to embedded an online

Signal Secure Messaging App Now Encrypts Sender's Identity As Well

Tue, 30/10/2018 - 06:18
Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON

Mon, 29/10/2018 - 12:51
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its

IBM Buys "Red Hat" Open-Source Software Company for $34 Billion

Mon, 29/10/2018 - 06:17
It's been quite a year for the open source platforms. Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion, and now IBM has just announced the biggest open-source business deal ever. IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion.

New Privilege Escalation Flaw Affects Most Linux Distributions

Fri, 26/10/2018 - 11:59
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Thu, 25/10/2018 - 11:26
Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK's Information Commissioner's Office (ICO) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

Thu, 25/10/2018 - 07:57
When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their customers. To deal with this issue, Google at its I/O Developer Conference May 2018 revealed the

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Wed, 24/10/2018 - 09:32
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety

Hacker Discloses New Windows Zero-Day Exploit On Twitter

Wed, 24/10/2018 - 06:53
A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege

Critical Flaw Found in Streaming Library Used by VLC and Other Media Players

Fri, 19/10/2018 - 11:12
Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to