FGF-College-Work / Noticias

:bookmark_tabs: Uma lista de link e descrições sobre noticias do mundo tecnológico. Um agregador inicial
MIT License
5 stars 4 forks source link

[2018] The Hacker News - JAN #132

Closed marcialwushu closed 6 years ago

marcialwushu commented 6 years ago

THN

JAN 1

The Hacker News Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017.

Although the company did not yet specify the total number of its customers affected by the breach, it did confirm that malware was installed on some point of sale (POS)


JAN 2

The Hacker News 15-Year-Old Apple macOS 0-Day Kernel Flaw Disclosed, Allows Root Access

A security researcher on New Year's eve made public the details of an unpatched security vulnerability in Apple's macOS operating system that can be exploited to take complete control of a system.

On the first day of 2018, a researcher using the online moniker Siguza released the details of the unpatched zero-day macOS vulnerability, which he suggests is at least 15 years old, and


The Hacker News Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords

Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices.

The major concern is that the same loophole could allow malicious actors to steal your saved usernames and passwords from browsers


The Hacker News Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases

A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link.

Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and


JAN 3

The Hacker News Huge Flaw Found in Intel Processors; Patch Could Hit 5-30% CPU Performance

The first week of the new year has not yet been completed, and very soon a massive vulnerability is going to hit hundreds of millions of Windows, Linux, and Mac users worldwide.

According to a blog post published yesterday, the core team of Linux kernel development has prepared a critical kernel update without releasing much information about the vulnerability.

Multiple researchers on


JAN 4

The Hacker News Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.

Disclosed today by Google Project Zero, the vulnerabilities potentially impact all major CPUs, including those from AMD,


The Hacker News Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers

Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services.

The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as 'Trackmageddon' in a


JAN 5

The Hacker News [Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products.

The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20


The Hacker News Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device.

Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files,


JAN 10

The Hacker News Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3).

WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices every day, including smartphones, laptops and Internet of things.

However, WPA2 has long been


The Hacker News Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

If you think that only CPU updates that address this year's major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to.

Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been


The Hacker News WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.

Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.

The primary purpose of having


JAN 11

The Hacker News [Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all).

A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all.


The Hacker News macOS Malware Creator Charged With Spying on Thousands of PCs Over 13 Years

The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years.

According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged author of FruitFly malware that was found targeting Apple Mac users earlier last year worldwide,


JAN 12

The Hacker News Skype Finally Adds End-to-End Encryption for Private Conversations

Good news for Skype users who are concerned about their privacy.

Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger.

End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages.

Signal Protocol is an open source cryptographic protocol


The Hacker News New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

It's been a terrible new-year-starting for Intel.

Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access


The Hacker News Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018.

Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.

DNSChanger malware typically changes DNS server settings on infected


JAN 13

The Hacker News Fourth Fappening Hacker Admits to Stealing Celebrity Pics From iCloud Accounts

Almost three years after the massive leakage of high-profile celebrities' nude photos—well known as "The Fappening" or "Celebgate" scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities.

A federal court has accused George Garofano, 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by


JAN 15

The Hacker News New Mirai Okiru Botnet targets devices running widely-used ARC Processors

The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018.

Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet.

Security researchers have spotted a new variant of infamous Mirai


The Hacker News OnePlus Site’s Payment System Reportedly Hacked to Steal Credit Card Details

This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store.

The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was


JAN 16

The Hacker News Flaw in Popular Transmission BitTorrent Client Lets Hackers Control Your PC Remotely

A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users' computers and take control of them.

The vulnerability has been uncovered by Google's Project Zero vulnerability reporting team, and one of its researchers Tavis Ormandy has also posted a proof-of-concept attack—just 40


The Hacker News LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit.

According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that


The Hacker News Skygofree — Powerful Android Spyware Discovered

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely.

Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years.

Since 2014, the Skygofree implant has gained several


JAN 17

The Hacker News Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office.

Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services.

Active since early 2016, Zyklon is


marcialwushu commented 6 years ago

JAN 18

The Hacker News

Facebook Password Stealing Apps Found on Android Play Store

Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store.

Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users.

Discovered independently

marcialwushu commented 6 years ago

JAN 19

The Hacker News

Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012 (http://feedproxy.google.com/~r/TheHackersNews/~3/SjDk4ODgYSo/dark-caracal-android-malware.html)

A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet.

It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers.

The advanced persistent threat (APT) group, dubbed Dark Caracal,


The Hacker News

OnePlus confirms up to 40,000 customers affected by Credit Card Breach (http://feedproxy.google.com/~r/TheHackersNews/~3/6LdtcSbwArg/oneplus-credicard-hacking.html)

OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website.

In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between

marcialwushu commented 6 years ago

JAN 20

The Hacker News

15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information (http://feedproxy.google.com/~r/TheHackersNews/~3/77npa6qHfh0/crackas-with-attitude-hacker.html)

Remember "Crackas With Attitude"?

A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015.

Believe or not, the leader of this hacking group was just 15-years-old when he used "social

marcialwushu commented 6 years ago

JAN 22

The Hacker News

Nearly Half of the Norway Population Exposed in HealthCare Data Breach (http://feedproxy.google.com/~r/TheHackersNews/~3/G60mAIafEWU/healthcare-data-breach.html)

Cybercriminals have stolen a massive trove of Norway's healthcare data in a recent data breach, which likely impacts more than half of the nation's population.

An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million Norwegians out of the country's total