Hacking News

Development platform GitHub has launched a new service that searches project dependencies in JavaScript and Ruby for known vulnerabilities and then alerts project owners if it finds any. The new service aims to help developers update project dependencies as soon as GitHub becomes aware of a newly announced vulnerability. Read more

Scheduled security updates to resolve serious server vulnerabilities, some of which have achieved top severity ratings.On Thursday, ERPScan revealed the details of the vulnerabilities, which affect the Oracle application server Tuxedo. The company said that five bugs were found in total, and two of them received incredibly high CVSS ratings of 10.0 and 9.9. Read

Google and Amazon have rolled out patches for their respective smart home speakers, Home and Echo, to plug the widespread Bluetooth flaws known as BlueBorne. BlueBorne, a set of eight Bluetooth flaws, was already known to affect billions of phones and computers running iOS, Android, Windows, and Linux. The flaws were discovered by security vendor

The federal government on Tuesday issued an alert detailing the North Korean government’s use of malware known as FALLCHILL, warning that North Korea has likely been using the malware since 2016 to target the aerospace, telecommunications, and finance industries. The alert — issued jointly by the FBI and the US Computer Emergency Readiness Team (US-CERT),

A publication on Friday by Bkav, a Vietnamese cybersecurity firm, that it had broken Apple’s Face ID, and A video apparently showing an iPhone being opened when pointed at a mask, was greeted with some skepticism. Ngo Tuan Anh, Bkav’s vice president, gave News several demos, first unlocking the phone with his face and then

Elliot Anderson (mobile security researcher) has found a pre-installed factory app in all OnePlus devices running OxygenOS that could enable anyone to gain root access to the devices.OnePlus devices (most of them) come preinstalled with an app called EngineerMode that can be used to root the device and may be turned into a completely-fledged backdoor

Newly uncovered vulnerabilities in a popular brand of indoor internet connected cameras could be exploited by attackers in order to gain complete control of the device. Security issues with the Foscam C1 Indoor HD Camera could allow hackers to remotely access the device, according to researchers. Read more

Mobile devices, being valuable, expensive, and both thin and light enough for sticky fingers, are a constant target for thieves worldwide. Smartphones and tablets are an investment and over time they have become a key to our digital kingdom with connected email accounts, social media, and cloud services — rendering their value not only in

For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. Read more