The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

As far sci-fi movies have been entertaining the public, but their ideas have always been a matter of adoption in real life. Just like in any other sci-fi movie, simply touching a laptop can be enough to extract the cryptographic keys used to secure data stored on it. A team of computer security experts at Tel Aviv University (Israel) has come up with a new potentially much simpler method that lets you steal data from computers — Just Touch it — literally. WAYS TO ATTACK ENCRYPTION There are different ways of attacking encryption systems. On one side, there are security vulnerabilities and weakness in the encryption algorithms themselves that make it possible to figure out the cryptographic keys. On the other side, there are flaws and weaknesses in the people themselves that make it easier than it should be to force them to offer up the keys to decrypt something. But, Flaws and weaknesses in neither of which is necessarily quick or easy to find out, as there are seve

The United States National Security Agency ( NSA ) is using a massive information sharing platform that allows multiple law enforcement agencies to infiltrate more than 850 billion communications records detailing e-mails, phone calls, instant messages, and phone geolocation, according to the classified documents disclosed by former intelligence contractor Edward Snowden. The NSA has built ICREACH, a Google-like search engine that secretly provides data — metadata of both foreigners and citizens on US soil — to nearly two dozen U.S. government agencies, including the DEA, FBI, and CIA, The Intercept reported . Many of those surveilled data had not been accused of any illegal activity as well. But until now, it is unclear that exact what mechanism was used by the US intelligence agency to share the massive amounts of surveillance data, as well as number of government agencies it was sharing information with. Although, the classified documents show that the FBI and the D

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

It's been a bad weekend for Sony Playstation. The entire PlayStation Network was down much of the day after a dedicated distributed denial-of-service (DDoS) attack by online attackers, which left the network inaccessible to users. It's possible that EVE Online and Guild Wars 2 have also been hit by the attackers. Developers on the EVE Online forums have announced DDoS issues, and many users on the Guild Wars 2 forums have been reporting login issues. Sony's PlayStation Network is an online service that connects PlayStation 3 and PlayStation 4 video game consoles to the Internet and to over-the-top video services such as Netflix. What's weird about this attack is that it also includes a security threat against the American Airlines plane in which the President of Sony Online Entertainment, John Smedley, was traveling today. The aircraft along with a full load of passengers was diverted to Phoenix due to a bomb threat. WHO BRING DOWN SONY PLAYSTATION NETWORK? Tw

A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of

Along with a dream to make Internet access available to everyone across the world, Facebook founder Mark Zuckerberg is working to make the Internet a more secure place as well. Till now, a number of large technology companies have bug bounty programs to reward researchers and cyber enthusiast who contribute in the security of Internet by finding out security holes in software or web platforms, and the social networking giant Facebook is the latest one to do so. Facebook and Usenix have together implemented the Internet Defense Prize — an award recognizing superior quality research that combines a working prototype with great contributions to securing the Internet, Facebook announced Thursday at the annual USENIX Security Symposium in San Diego. Also, Facebook announced the first award under its Internet Defense Prize, and crowned a pair of German researchers for their paper , " Static Detection of Second-Order Vulnerabilities in Web Applications " — a seemingly viabl

Pebble, a wristwatch that can connect to your phone - both iOS and Android - and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely. Pebble Smartwatch , developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers. A security enthusiast Hemanth Joseph  claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it. HOW PEBBLE SMARTWATCH WORKS Before proceeding towards how he did this, let me explain how Peb

The United States division of Samsung has been charged with deceiving the US government into believing that several of its products met the necessary US government policies, resulting in the US government buying unauthorised Chinese-made electronics . The South Korean electronics giant has agreed to pay the Government $2.3 million in fines to settle the charges of violating trade agreements, the Justice Department announced Tuesday. Under federal contracting rules, Government agencies are only required to purchase products made in the United States or in countries that have a trade agreement with the United States. Federal agencies purchased products from Samsung through authorised resellers, believing they were manufactured in South Korea or Mexico, comply with government procurement rules — namely the US trade agreement act. SAMSUNG LIED TO U.S GOVERNMENT Despite complying with the terms of the contract, Samsung was found to have breached the US government bet