Category Archives: Hacking News

Windows 10 October Update Brings Back Old Mapped Drives Bug

After a lot of chaos and problems, Microsoft has resumed the Windows 10 1809 rollout. While the recent October update

Windows 10 October Update Brings Back Old Mapped Drives Bug on Latest Hacking News.

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities

This week, Adobe released its monthly scheduled update bundle addressing vulnerabilities within its different products. The Adobe patch Tuesday November

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities on Latest Hacking News.

Latest Hacking News Podcast #165

Kids miSafes watch vulnerabilities put children at risk, Firefox to display a warning on sites with data breaches and Japan's cybersecurity minister says he's never used a computer on episode 165 of our daily podcast.

Latest Hacking News Podcast #165 on Latest Hacking News.

iPhone X, Xiaomi Mi 6 & Samsung Galaxy S9 hacked at Pwn2Own

By Waqas

White hat hackers and IT security researchers have once again proved their elite skills at Pwn2Own 2018 after exposing critical security vulnerabilities in products developed by popular vendors like Apple, Samsung, and Xiaomi. Pwn2Own is organized by cybersecurity giant Trend Micro’s Zero Day Initiative in Tokyo where hackers took part in exploiting zero-day flaws in products developed by […]

This is a post from HackRead.com Read the original post: iPhone X, Xiaomi Mi 6 & Samsung Galaxy S9 hacked at Pwn2Own

Man Sends Bomb to Cryptopay for Denying a Password Change Request

Last week a Swedish Man was sentenced to a term of 7 years for trying to murder two employees of

Man Sends Bomb to Cryptopay for Denying a Password Change Request on Latest Hacking News.

iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo 2018

iPhone X, Samsung Galaxy S9, and Xiaomi Mi 6 fall prey to hacking in the Pwn2Own hacking competition in Tokyo

Trend Micro-sponsored Pwn2Own, the annual hacking contest, that took place at the PacSec security conference in Tokyo, saw hackers successfully exploit iPhone X, Samsung Galaxy S9, and Xiaomi Mi6. Other handsets such as Google Pixel 2 and Huawei P20 too were involved in the contest.

For those unaware, Trend Micro, a global leader in cyber-security solutions, hosts Pwn2Own in an effort to promote its Zero Day Initiative (ZDI) program, that is designed to reward security researchers to exploit the latest and most popular mobile devices and demonstrate and disclose major zero-day vulnerabilities to tech companies. Following the contest, vendors will have 90 days to produce patches for these bugs.

Day 1 at the Pwn2Own Tokyo 2018

At the start of day one, Amat Cama and Richard Zhu from the “Fluoroacetate” team were the first to hack Xiaomi Mi 6 with the help of NFC component.

They used the touch-to-connect feature to force-open the web browser on the phone and navigate to their specially crafted webpage following which the webpage exploited an Out-Of-Bounds write in WebAssembly to get code execution. This hack earned them $30,000 USD and 6 Master of Pwn points.

“During the demonstration, we didn’t even realize that action was occurring until it was too late. In other words, a user would have no chance to prevent this action from happening in the real world,” ZDI reports in a blog post.

Later, the Fluoroacetate team went on to exploit another handset, Samsung Galaxy S9. They used a heap overflow in the baseband component to get code execution on the device. This hack earned the team another $50,000 USD and 15 more points towards Master of Pwn. Fluoroacetate also hacked iPhone X via Wi-Fi using a pair of bugs – a JIT (Just-In-Time) vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. This hack fetched them another $60,000 USD and 10 additional Master of Pwn points.

Besides the Fluoroacetate team, another team MWR Labs (Georgi Geshev, Fabi Beterke, and Rob Miller) from UK too tried their luck on Xiaomi 6 and Samsung Galaxy S9. In the case of Xiaomi 6, they used a code execution exploit via Wi-Fi that forced the default web browser to navigate to a portal page. They then chained additional bugs together to silently install an application via JavaScript, bypass the application whitelist, and automatically start the application. This hack earned the MWR team $30,000 USD and 6 Master of Pwn points.

The MWR Labs team also combined three different bugs to successfully exploit the Samsung Galaxy S9 over Wi-Fi. They forced the phone to a captive portal without user interaction, then used an unsafe redirect and an unsafe application load to install their custom application. Although they failed in their first attempt, they successfully hacked in its second attempt, which earned the team $30,000 USD and 6 more Master of Pwn points.

Michael Contreras, a researcher who was last entry of the day, received $25,000 USD and 6 Master of Pwn points for hacking the Xiaomi Mi 6 browser via JavaScript type confusion flaw.

Day 2 at the Pwn2Own Tokyo 2018

The second day at the Pwn2Own Tokyo 2018 started with Fluoroacetate team exploiting one more zero-day vulnerabilities in iPhone X and Xiaomi Mi 6.

Their first iPhone X zero-day combined a JIT bug in the browser along with an out-of-bounds access that resulted in a deleted photo getting exfiltrated from the targeted phone. This hack fetched them a $50,000 USD.

In the case of Xiaomi Mi6, the team used an integer overflow vulnerability that allowed them to exfiltrate a picture from the device, earning them an additional $25,000 USD.

MWR Labs too successfully hacked the Xiaomi Mi6 on the second day. They loaded a custom application by combining a download bug along with a silent app installation and stole some pictures from the phone. They earned $25,000 USD for this hack.

Team Fluoroacetate with a total of 45 points and $215,000 USD in prizes won the title of Master of Pwn!

The post iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo 2018 appeared first on TechWorm.

Google Went Down After Facing BGP Mishap

On Monday, numerous Internet users in the USA faced trouble after Google went down for over an hour. Upon scratching

Google Went Down After Facing BGP Mishap on Latest Hacking News.

0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at the annual

Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild

Last month, researchers from a cybersecurity firm shared their findings on a bug in Microsoft Word online’s video feature that

Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild on Latest Hacking News.

Latest Hacking News Podcast #164

More Spectre and Meltdown attacks discovered, new US cybersecurity agency bill moves forward and Google and Target Twitter accounts hijacked for Bitcoin scam on the Latest Hacking News Podcast.

Latest Hacking News Podcast #164 on Latest Hacking News.

Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers

In September, Adobe patched numerous critical vulnerabilities in ColdFusion. However, a couple of weeks after Adobe released the patches, researchers

Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers on Latest Hacking News.

Red Dead Redemption 2 Glitch Lets You Get Any Horse Randomly

In a game set up in the Westernized era of the late 19th century, the main charm for the players

Red Dead Redemption 2 Glitch Lets You Get Any Horse Randomly on Latest Hacking News.

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity. <!-- adsense --> Two of the vulnerabilities

WordPress GDPR Compliance plugin hacked to spread backdoor

By Waqas

Update your GDPR Compliance plugin right now. Security researchers have identified a critical vulnerability in the popular WP GDPR Compliance plugin assisting over 100,000 website owners around the world to comply with European privacy regulations known as GDPR that was announced by European Union on May 25th, 2018. The vulnerability was discovered by researchers at Wordfence which allows hackers to […]

This is a post from HackRead.com Read the original post: WordPress GDPR Compliance plugin hacked to spread backdoor

Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty

A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service,

Here’s How Hackers Could Have Spied On Your DJI Drone Account

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by the

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform

Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine. The vulnerability occurs due to memory corruption issues and affects

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the 'Online Video' option in Word documents, a feature that allows users to embedded an online

New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS

HTTrack – Website Downloader Copier & Site Ripper Download

HTTrack – Website Downloader Copier & Site Ripper Download

HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.

HTTrack Website Downloader & Site Ripper

HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.

HTTrack arranges the original site’s relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.

Read the rest of HTTrack – Website Downloader Copier & Site Ripper Download now! Only available at Darknet.