1. News
  2. The Hacker News
520,872 followers   •   2,148 following   •   Internet   •   http://thehackernews.com
The HackerNews – Attracting over 10 million monthly readers, #THN is a leading & trusted news source for Hackers, Technologists & Nerds. #Hacking #Security

Latest Scoops

NEW → Critical RCE flaw (CVE-2019-3462) found in #Linux apt/apt-get, which could allow remote MiTM hackers to trick systems into installing altered or malicious packages as #root

https://t.co/MZJwXC1c6Z

Exploitation of such flaw could have been mitigated if APT was using HTTPS
Remember #Drammer Attack? Researchers have released source code for drammer app → https://t.co/cKmR1JXfTZ

“It allows you to test whether an #Android device is vulnerable to the #Rowhammer bug,” via @lindorferin

News→ https://t.co/L6wpW4vYV6
Google has been FINED $57 million by French data protection watchdog for "lack of transparency and consent" in its data collection practices that violate #GDPR law

https://t.co/j50IjCT9r0

It is the largest penalty to date under the new EU #privacy law.
A comprehensive guide to #SIEM (Security Information and Event Management) Tools https://t.co/KlwUPUhtrW
DarkHydrus APT group found using a new RogueRobin #malware against potential Middle East targets that uses #Google Drive as its alternative command-and-control (C&C) server to receive commands and send data



https://t.co/1qKCPPcoou#cybersecurity#infosec
Alleged Russian Hacker Aleksandr Zhukov Pleads Not Guilty After Extradition to United States

https://t.co/xBPfSskabT

He was arrested last year in Bulgaria after authorities shut down "3ve," one of the largest digital ad-fraud schemes that infected over 1.7 million PCs worldwide
Demo for DLL hijacking #vulnerability (CVE-2018-18333) that Trend Micro #Antivirus patches recently has been released. It could allow a malicious program to manipulate a specific DLL and escalate privileges on a vulnerable system.

https://t.co/ouc2ZrdPDt

https://t.co/7MwnKnr9Sl
Interesting. A malicious #MySQL server can request any local file from the client’s system it is connected to.

https://t.co/xLqwjLU9fz

“The server has to know the full path of the file on the client for it to succeed.”

via @gwillem
Backchannel Communication Leaks → A researcher finds that even with "strict content-security policy" (CSP) enabled, Google Chrome (other browsers untested yet) permits pre-rendering feature (rel="preload") to load content from non-permitted domains.

https://t.co/d4mcecbOOm
PCI SSC has introduced new software security standards as part of a new PCI Software #Security Framework:

→ PCI Secure Software Standard
→ PCI Secure Software Lifecycle (Secure SLC) Standard

https://t.co/fuI0F9D1Lf
Total(1) => 0.085815906524658 f_f_QM(2) => 0.082179069519043 indS(2) => 0.023298978805542 indM(2) => 0.056502103805542 indM_1(2) => 0.0099520683288574 indM_2(2) => 0.0027890205383301 indM_4(2) => 0.0069301128387451 indM_5(2) => 0.0069580078125 indM_6(2) => 0.0018260478973389 indM_7(2) => 0.0041861534118652 indM_8(2) => 0.0013878345489502 indM_9(2) => 0.012371778488159 indM_10(2) => 0.0097379684448242 f_f_pTL(2) => 0.0026230812072754 f_f_dT(20) => 0.0024642944335938