You are here


Subscribe to THN feed THN
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers
Updated: 1 hour 51 min ago

Instagram Adds 3 New Security Tools to Make its Platform More Secure

Wed, 29/08/2018 - 05:43
Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You

Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)

Tue, 28/08/2018 - 07:30
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system." The vulnerability is a privilege

Critical Flaw in Fortnite Android App Lets Hackers Install Malware

Mon, 27/08/2018 - 04:17
Security researchers from Google have publicly disclosed an extremely serious security flaw in the first Fortnite installer for Android that could allow other apps installed on the targeted devices to manipulate installation process and load malware, instead of the Fortnite APK. Earlier this month, Epic Games announced not to make its insanely popular game 'Fortnite for Android' available

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen

Fri, 24/08/2018 - 07:55
T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that

NSA Leaker 'Reality Winner' Gets More Than 5 Years in Prison

Fri, 24/08/2018 - 05:18
A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison. Reality Winner, a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International,

Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data

Thu, 23/08/2018 - 09:33
Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker's App Store guidelines on data collection. For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their mobile data usage and acquired by Facebook from an

New Android Malware Framework Turns Apps Into Powerful Spyware

Thu, 23/08/2018 - 06:43
Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

Wed, 22/08/2018 - 11:33
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including

Adobe Issues Emergency Patches for Critical Flaws in Photoshop CC

Wed, 22/08/2018 - 08:45
Adobe released an out-of-band security update earlier today to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Microsoft Windows and Apple macOS machines. According to the security advisory published Wednesday by Adobe, its Photoshop CC software is vulnerable to two critical memory corruption vulnerabilities, which could allow a remote attacker to

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Wed, 22/08/2018 - 05:27
Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the

Dark Tequila Banking Malware Uncovered After 5 Years of Activity

Tue, 21/08/2018 - 12:37
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark Tequila has

Google Sued Over Misleading Users About Location Tracking Feature

Tue, 21/08/2018 - 07:34
Google was in the news last week for a misleading claim that "with Location History off, the places you go are no longer stored," which is not true. Now, the search engine giant is once again in the news after a San Diego man has filed the first lawsuit against Google over this issue. Last week, the Associated Press investigation revealed that the search engine giant tracks movements of

Microsoft Detects More Russian Cyber Attacks Ahead of Mid-Term Election

Tue, 21/08/2018 - 05:29
Microsoft claims to have uncovered another new Russian hacking attempts targeting United States' Senate and conservative think tanks ahead of the 2018 midterm elections. The tech giant said Tuesday that the APT28 hacking group—also known as Strontium, Fancy Bear, Sofacy, Sednit, and Pawn Storm, which is believed to be tied to the Russian government—created at least six fake websites related