Category Archives: Hacking News

LockerGoga Ransomware – Another Threat To Businesses

Recently, Lockergoga ransomware made it to the news after repeated attacks on different organizations. The ransomware first became known after

LockerGoga Ransomware – Another Threat To Businesses on Latest Hacking News.

Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients' chests) that gives a patient's heart an electric

Google Disallows VPN Ads Targeting Chinese Users Due To ‘Local Legal Restrictions’

China is already known for its strict policies regarding internet censorship. It is also among those few countries who have

Google Disallows VPN Ads Targeting Chinese Users Due To ‘Local Legal Restrictions’ on Latest Hacking News.

Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security

On episode 245 of our daily cybersecurity podcast we discuss the physical aspect of cybersecurity with Brent White and Tim Roberts, senior security consultants with NTT Security.

Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security on Latest Hacking News.

Panic after hackers take control of emergency tornado alarms in Texas

By Waqas

On March 12th, at around 2:30 a.m., residents of two Texas towns panicked after hearing tornado alarm that went off until 4:00 a.m. They were disturbed because the alarms repeatedly went on and off for about one and a half hours, thanks to hackers – Finally, related authorities were able to turn them off. See: […]

This is a post from HackRead.com Read the original post: Panic after hackers take control of emergency tornado alarms in Texas

Microsoft Launch Application Guard Extension For FireFox and Chrome

Earlier, Microsoft introduced a dedicated Windows Defender browser extension for its browser Microsoft Edge with Windows 10. The extension, named

Microsoft Launch Application Guard Extension For FireFox and Chrome on Latest Hacking News.

E Hacking News – Latest Hacker News and IT Security News: Hackers Tracking Location History via Google Photos Vulnerability


A vulnerability has been found in the web version of Google photos which lets malicious websites access the sensitive information related to the photos such as date and geographic coordinates.

On the basis of this metadata information of your photos, they will be tagged by Google photos automatically.

The metadata of any photo allows details to be moved along with the photograph file which is readable by end users, hardware and software.

How the Hack Functions

To begin with, the hackers have to befool the user and trick him into accessing the malicious website while he is logged into his Google Photos account.

As soon as the malicious website opens in the web browser, it generates answers to the questions the attacker has by stealthily generating requests to the Google Photos search endpoint.

As stated in a report by Imperva, the hacker can keep a record of the queries which have been already asked and resume the process from there on upon your next visit onto any of his infectious websites.

Reportedly, the vulnerability has been patched by Google after Imperva brought it to their knowledge.






E Hacking News - Latest Hacker News and IT Security News

Hackers Tracking Location History via Google Photos Vulnerability


A vulnerability has been found in the web version of Google photos which lets malicious websites access the sensitive information related to the photos such as date and geographic coordinates.

On the basis of this metadata information of your photos, they will be tagged by Google photos automatically.

The metadata of any photo allows details to be moved along with the photograph file which is readable by end users, hardware and software.

How the Hack Functions

To begin with, the hackers have to befool the user and trick him into accessing the malicious website while he is logged into his Google Photos account.

As soon as the malicious website opens in the web browser, it generates answers to the questions the attacker has by stealthily generating requests to the Google Photos search endpoint.

As stated in a report by Imperva, the hacker can keep a record of the queries which have been already asked and resume the process from there on upon your next visit onto any of his infectious websites.

Reportedly, the vulnerability has been patched by Google after Imperva brought it to their knowledge.




Aluminum Producer – Norsk Hydro Victim Of LockerGoga Ransomware

Once again, a ransomware attack paralyzed the usual business operations of a giant firm. This time, the aluminum producer Norsk

Aluminum Producer – Norsk Hydro Victim Of LockerGoga Ransomware on Latest Hacking News.

Google Launches New Policy Manager To Tackle Bad Ads

Every year, Google shares updates about how they handle malicious and scam advertisements. This year, Google announced the launch of

Google Launches New Policy Manager To Tackle Bad Ads on Latest Hacking News.

Latest Hacking News Podcast #244

Google Photos flaw, EU fines Google $1.7 billion, VeryMal campaign using Google Firebase, and tech support scammer pleads guilty on episode 244 of our daily cybersecurity podcast.

Latest Hacking News Podcast #244 on Latest Hacking News.

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of

New Hacking Method Extracts BitLocker Encryption Keys

A researcher has found a new attack method that can extract BitLocker encryption keys. As a result, the attack puts

New Hacking Method Extracts BitLocker Encryption Keys on Latest Hacking News.

Latest Hacking News Podcast #243: Social Engineering with Chris Hadnagy

On episode 243 of our daily cybersecurity podcast we interview Chris Hadnagy, founder and CEO of Social-Engineer, LLC. Chris talks about what social engineering is, what it means in the age of social media, and who should be aware of it.

Latest Hacking News Podcast #243: Social Engineering with Chris Hadnagy on Latest Hacking News.

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and

Security Lapse Exposed Sensitive Customer Records In Gearbest Data Breach

Here is another report of a massive data leak from an online retailer. The Chinese e-commerce firm Gearbest inadvertently exposed

Security Lapse Exposed Sensitive Customer Records In Gearbest Data Breach on Latest Hacking News.

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library

Latest Hacking News Podcast #242

Ad trackers found on 89% of EU government sites and hacker puts forth collection of stolen databases up for sale on episode 242 of our daily cybersecurity podcast.

Latest Hacking News Podcast #242 on Latest Hacking News.

18-year-old hacker arrested for stealing over $130k in cryptocurrency

Japanese teenager gets arrested for stealing over $130k in cryptocurrency

An 18-year-old Japanese teenager has been arrested for stealing roughly 15 million Yen ($134,310) worth of MonaCoin virtual currency.

For those unaware, Monappy is an online wallet service for storing cryptocurrency and the virtual currency MonaCoin (MONA) is Litecoin hard fork.

The boy, a minor from Utsunomiya, Tochigi Prefecture, north of Tokyo, is facing computer fraud and concealment of criminal proceeds charges, reports Japan Times. According to the Tokyo Metropolitan Police Department (MPD), this is the first ever case in Japan where a hacker is facing criminal charges for stealing cryptocurrencies.

As reported by Japan Times, the teenager allegedly breached a vulnerability of Monappy and stole 93078.7316 MonaCoins from 7735 Monappy users between August 14 and September 1, 2018 last year. For the hack, he used a smartphone and software called Tor for internet anonymity to access the websites. However, the police were able to track him down after analyzing the cryptocurrency transaction details left on the hacked website’s server.

The boy who confessed being behind the Monappy attacks was quoted by the police as saying “I felt like I’d found a trick no one knows and did it as if I were playing a video game.”

The hacker exploited one of the features of the website that allows users to transfer the currency to another user. Apparently, the wallet was experiencing numerous glitches caused by the site overload. The teenager was fully aware that the system would breakdown if transfers were repeated over a short period of time. As a result, he took advantage of the flaw and submitted repeated currency transfer requests to himself, overwhelming the system and allowing him to register more money in his account.

He then put the stolen MonaCoin in an anonymous, dividend-bearing account at a cryptocurrency exchange overseas. By the time of his arrest, he had collected 100,000 Yen in dividends, which he had used to purchase smartphones and other items, the police said.

The stolen MonaCoins were kept using a system with an always-on internet connection, and those kept offline were not stolen, said the operator of Monappy. More than 7,000 users were affected due to the hack but the platform has accepted to repay them.

The official website of Monappy currently states that they have suspended their services “due to external attacks.”

The post 18-year-old hacker arrested for stealing over $130k in cryptocurrency appeared first on TechWorm.

Google Launched Numerous Privacy Features In Android Q

The new Android version of Google not only brings new features but rather it also heightens user privacy. Recently, Google

Google Launched Numerous Privacy Features In Android Q on Latest Hacking News.

39% of Counter Strike 1.6 Servers Found to be Delivering Malware

It has been roughly two decades since the launch of Counter Strike. Yet, the game continues to be popular among

39% of Counter Strike 1.6 Servers Found to be Delivering Malware on Latest Hacking News.

Latest Hacking News Podcast #241: Cyber Law with Steve Black, Professor of Law

On episode 241 of our daily cybersecurity podcast we are joined by Steve Black, Professor of Law at Texas Tech University School of Law. Steve discusses cyber law, the impact of technological developments on laws, and more.

Latest Hacking News Podcast #241: Cyber Law with Steve Black, Professor of Law on Latest Hacking News.

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of

Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs

Adobe has released the scheduled monthly update bundle for its products. This Adobe March Patch Tuesday addressed critical vulnerabilities in

Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs on Latest Hacking News.

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates

Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical

Microsoft March Patch Tuesday Addressed Multiple Flaws And Two Zero-Day Bugs

The scheduled Microsoft March Patch Tuesday update bundle has rolled-out. This update bundle also addresses numerous security flaws. In addition,

Microsoft March Patch Tuesday Addressed Multiple Flaws And Two Zero-Day Bugs on Latest Hacking News.

Latest Hacking News Podcast #240

Counter-Strike game clients used to create large botnet, WordPress patches XSS flaw, and school students hack system to change grades on episode 240 of our daily cybersecurity podcast.

Latest Hacking News Podcast #240 on Latest Hacking News.

Pakistani Govt’s passport application tracking site hacked with Scanbox framework

By Waqas

Hackers are after anyone seeking Pakistani passport while there is no response from the website’s administrator. Researchers at information security firm Trustwave have made a startling new discovery about data breach on a Pakistani government website involving the Scanbox Framework. It is worth noting that the Scanbox is a dangerous payload and this is the […]

This is a post from HackRead.com Read the original post: Pakistani Govt’s passport application tracking site hacked with Scanbox framework

Microsoft Working to Automatically Remove “Buggy Updates”

We have heard a lot about Windows 10 problems over the past few months, particularly, Microsoft’s struggle to release stable

Microsoft Working to Automatically Remove “Buggy Updates” on Latest Hacking News.

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers’ PCs

If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers. A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by

Latest Hacking News Podcast #239

Intel multiple vulnerabilities in it's Windows 10 graphics drivers, new POS malware being marketed, and critical flaw in Swiss and Australian e-voting system on episode 239 of our daily cybersecurity podcast.

Latest Hacking News Podcast #239 on Latest Hacking News.

Chinese Data Leak Contained Stats For ‘Breedready’ Women

The latest report about a Chinese data leak incident will certainly catch your attention. Allegedly, an open Chinese database left

Chinese Data Leak Contained Stats For ‘Breedready’ Women on Latest Hacking News.

Latest Hacking News Podcast #238

New Ursnif banking malware variant, Microsoft Patch Tuesday addressed 2 zero-days actively attacked, and Wordpress cart plugin XSS flaw under attack on episode 238 of our daily cybersecurity podcast.

Latest Hacking News Podcast #238 on Latest Hacking News.

Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions. Upon successful exploitation, both critical vulnerabilities could

Email Validation Service Left 2 Billion Records Exposed Online

Shortly after we reported about the Dalil app data leak, here comes another similar report. Once again, researchers have found

Email Validation Service Left 2 Billion Records Exposed Online on Latest Hacking News.

Multiple Adobe Sandbox Vulnerabilities Risked Integrity And Confidentiality Of Systems

One of the areas contributing to the rise of cyber attacks is the use of third-party services. While these services

Multiple Adobe Sandbox Vulnerabilities Risked Integrity And Confidentiality Of Systems on Latest Hacking News.

Latest Hacking News Podcast #237

US Senate report reveals new details on 2017 Equifax breach and Samsung Galaxy S10's face recognition seems to be a step backwards in security on episode 237 of our daily cybersecurity podcast.

Latest Hacking News Podcast #237 on Latest Hacking News.

BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the

Enterprise VPN Provider Citrix, Hacked; 6TB of Sensitive Data Stolen



Enterprise VPN provider, Citrix, was subjected to a hack which is doubted to have stolen private data pertaining to the company’s technology.

On Friday, Citrix told that FBI informed them about "international cyber criminals" working their way into the organization’s networks.

They were further told that most probably the criminals resorted to the technique of “password spraying” to break into the company’s networks. They did do by appropriately guessing the password to an account which belongs to the company.

The hackers involved are reported to be a part of an Iranian Hacking group which has attacked over 200 companies, along with multiple government agencies, technology firms and gas, and oil companies.

Referenced from a blog post by Resecurity, the cybersecurity firm contacted Citrix in an attempt to warn them about the hack which was on the way.

And, while refraining from telling the origins of the source from where the firm learned of the hack, it said that it "has shared the acquired intelligence with law enforcement and partners for mitigation."

While FBI denied commenting on the matter, Resecurity drew a connection between the hackers and a nation state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

Citrix expressed a probability of business documents being acquired and downloaded by the attackers and told in a notice, "The specific documents that may have been accessed, however, are currently unknown."

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company further included in the notice.


Severe Flaw Disclosed In StackStorm DevOps Automation Software

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows

Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents,"

Applicants data of 3 elite US colleges hacked for ransom

By Ryan De Souza

Recently it was reported that Chinese hackers are aiming to target around 26 leading research academies to steal research about maritime technology, the majority of which happen to be based in the USA. In the same week, three mainstream private colleges have claimed that their systems were hacked and hackers managed to gain access to […]

This is a post from HackRead.com Read the original post: Applicants data of 3 elite US colleges hacked for ransom

NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool

The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI)

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. <!-- adsense --> For a brief

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers

It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week. A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability