1. News
  2. The Hacker News
520,872 followers   •   2,148 following   •   Internet   •   http://thehackernews.com
The HackerNews – Attracting over 10 million monthly readers, #THN is a leading & trusted news source for Hackers, Technologists & Nerds. #Hacking #Security

Latest Scoops

NEW → Critical RCE flaw (CVE-2019-3462) found in #Linux apt/apt-get, which could allow remote MiTM hackers to trick systems into installing altered or malicious packages as #root


Exploitation of such flaw could have been mitigated if APT was using HTTPS
Remember #Drammer Attack? Researchers have released source code for drammer app → https://t.co/cKmR1JXfTZ

“It allows you to test whether an #Android device is vulnerable to the #Rowhammer bug,” via @lindorferin

News→ https://t.co/L6wpW4vYV6
Google has been FINED $57 million by French data protection watchdog for "lack of transparency and consent" in its data collection practices that violate #GDPR law


It is the largest penalty to date under the new EU #privacy law.
A comprehensive guide to #SIEM (Security Information and Event Management) Tools https://t.co/KlwUPUhtrW
DarkHydrus APT group found using a new RogueRobin #malware against potential Middle East targets that uses #Google Drive as its alternative command-and-control (C&C) server to receive commands and send data

Alleged Russian Hacker Aleksandr Zhukov Pleads Not Guilty After Extradition to United States


He was arrested last year in Bulgaria after authorities shut down "3ve," one of the largest digital ad-fraud schemes that infected over 1.7 million PCs worldwide
Demo for DLL hijacking #vulnerability (CVE-2018-18333) that Trend Micro #Antivirus patches recently has been released. It could allow a malicious program to manipulate a specific DLL and escalate privileges on a vulnerable system.


Interesting. A malicious #MySQL server can request any local file from the client’s system it is connected to.


“The server has to know the full path of the file on the client for it to succeed.”

via @gwillem
Backchannel Communication Leaks → A researcher finds that even with "strict content-security policy" (CSP) enabled, Google Chrome (other browsers untested yet) permits pre-rendering feature (rel="preload") to load content from non-permitted domains.

PCI SSC has introduced new software security standards as part of a new PCI Software #Security Framework:

→ PCI Secure Software Standard
→ PCI Secure Software Lifecycle (Secure SLC) Standard

Total(1) => 0.085815906524658 f_f_QM(2) => 0.082179069519043 indS(2) => 0.023298978805542 indM(2) => 0.056502103805542 indM_1(2) => 0.0099520683288574 indM_2(2) => 0.0027890205383301 indM_4(2) => 0.0069301128387451 indM_5(2) => 0.0069580078125 indM_6(2) => 0.0018260478973389 indM_7(2) => 0.0041861534118652 indM_8(2) => 0.0013878345489502 indM_9(2) => 0.012371778488159 indM_10(2) => 0.0097379684448242 f_f_pTL(2) => 0.0026230812072754 f_f_dT(20) => 0.0024642944335938