You are here

THN

Subscribe to THN feed THN
The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
Updated: 1 hour 52 min ago

China Blocks Microsoft's Bing Search Engine, Despite Offering Censored Results

Thu, 24/01/2019 - 06:19
China has blocked Microsoft-owned search engine Bing, the company confirmed after receiving complaints from users throughout the country who took to social media beginning late Wednesday to express concerns. So, Bing becomes the latest service to be shut down by Chinese government behind its so-called Great Firewall of China, which blocks thousands of websites originating in the west

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X

Wed, 23/01/2019 - 12:09
Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims' iPhoneX running iOS 12.1.2 and before versions. To do so, all an attacker needs to

Someone Hacked PHP PEAR Site and Replaced the Official Package Manager

Wed, 23/01/2019 - 07:43
Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

Wed, 23/01/2019 - 05:31
The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with "

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Tue, 22/01/2019 - 14:50
Just in time… Cybersecurity experts this week fighting over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification just because APT on Linux also does the same. Just today, a security researcher revealed details of a critical remote code execution flaw in Linux APT, exploitation of which could have been mitigated if the

Google fined $57 million by France for lack of transparency and consent

Mon, 21/01/2019 - 16:54
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data

New malware found using Google Drive as its command-and-control server

Mon, 21/01/2019 - 13:37
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

Mon, 21/01/2019 - 07:42
A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York. Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was

New Android Malware Apps Use Motion Sensor to Evade Detection

Fri, 18/01/2019 - 09:37
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have

A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years

Fri, 18/01/2019 - 04:49
Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook. When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your Tweets. Fortunately, Twitter also gives you control of your

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Thu, 17/01/2019 - 07:37
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

Unprotected Government Server Exposes Years of FBI Investigations

Thu, 17/01/2019 - 05:45
A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the

Hackers infect e-commerce sites by compromising their advertising partner

Wed, 16/01/2019 - 16:04
Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as "Magecart Group 12," recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Wed, 16/01/2019 - 10:56
Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles. Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

Wed, 16/01/2019 - 08:58
Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Wed, 16/01/2019 - 07:21
A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

Wed, 16/01/2019 - 05:15
A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme

Tue, 15/01/2019 - 17:34
The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online filing system wherein companies submit their financial filings. The system processes around 1.7

Reminder: Microsoft to end support for Windows 7 in 1-year from today

Tue, 15/01/2019 - 13:29
A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system. So it's time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that's precisely one year from today. After that date, the tech giant will no longer

36-Year-Old SCP Clients' Implementation Flaws Discovered

Tue, 15/01/2019 - 10:32
A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a

Pages