The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Apple has finally released iOS 8 , the latest version of its operating system, for free to iPhone, iPad and iPod touch users. The company has assured that the latest iOS 8 update is a significant step away up from iOS 7. You can grab the new update through an over-the-air update accessible by going to Settings > General > Software Update . If you don't want to download the update wirelessly due to a limited or restricted data plan, you can also download the update by connecting your phone to the latest version of iTunes . iOS 8 was first revealed publicly at the Apple's Worldwide Developer Conference (WWDC) in June, showing off an improved Notification Centre. Apart from the security patches, iOS 8 has a number of new features and functions tied to your location. Additionally, it has new privacy settings, which allow users to limit how long data is stored for, such as message expiry features and new private browsing settings. VULNERABILITIES PATCHED A

Since we are living in an era of Mass surveillance conducted by Government as well as private sector industries, and with the boom in surveillance technology, we should be much worried about our privacy. According to the companies that create surveillance solutions for law enforcement and intelligence agencies, the surveillance tools are only for governments. But, reality is much more disappointing. These surveillance industries are so poorly regulated and exceedingly secretive that their tools can easily make their way into the hands of repressive organizations. Private surveillance vendors sell surveillance tools to governments around the world, that allows cellular networks to collect records about users in an effort to offer substantial cellular service to the agencies. Wherever the user is, it pinpoint the target's location to keep every track of users who own a cellphone — here or abroad. We ourselves give them an open invitation as we all have sensors in our

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

If you came across a Kindle e-book download link from any suspicious sources or somewhere other than Amazon itself, check twice before you proceed download. As downloading an eBook could put your personal information at risk. A security researcher has uncovered a security hole in Amazon's Kindle Library that could lead to cross-site scripting ( XSS ) attacks and account compromises when you upload a malicious ebook. AMAZON CREDENTIALS – BOON FOR HACKERS The flaw affects the " Manage Your Content and Devices " and " Manage your Kindle " services in Amazon's web-based Kindle Library, which could allow a hacker to inject and hide malicious lines of code into into e-book metadata, such as the title text of an eBook, in order to compromise the security of your Amazon account. Gaining access to your Amazon account credentials is one of the biggest boons for hackers, as they can set-up new credit cards in your account or max out the current ones on file with some big

Apple's iPhone 6 FREE ? Of course not ! It's only a hoax, but scammers have announced the just release iPhone 6 free. Another Facebook scam is circulating across the popular social networking website just days after Apple unveiled its upcoming iPhone 6 and iPhone 6 Plus, as scammers take advantage of all the hype and use them to lure Facebook users. THREE SIMPLE STEPS AND iPHONE 6 IS YOURS — REALLY? As usual, This new scam promises a chance to Win a free iPhone 6 to those users who complete a series of steps, as reported by Hoax-Slayer. You just need to go through "three easy steps" to get a chance to win the device: Like the Facebook page created to propagate the scam Share the page with your Facebook friends Download a "Participation Application" But before you proceed to the last step, a pop-up window leads you to participate in a survey before you can download the application. The survey will ask you to share your name, address, p

A Serious vulnerability has been discovered in the Web browser installed by default on a large number (Approximately 70%) of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploit targets vulnerability ( CVE-2014-6041 ) in Android versions 4.2.1 and all older versions and was first disclosed right at the start of September by an independent security researcher Rafay Baloch, but there has not been much public discussion on it. The Android bug has been called a " privacy disaster " by Tod Beardsley, a developer for the Metasploit security toolkit, and in order to explain you why, he has promised to post a video that is " sufficiently shocking ." " By malforming a javascript: URL handler with a prepended null byte, the AOSP, or Android Open Source Platform (AOSP) Browser) fails to enforce the Same-Origin Policy (SOP) browser secur

At the beginning of this month, just like other social networks, Twitter also started paying individuals for any flaws they uncover on its service with a fee of $140 or more offered per flaw under its new Bug Bounty program, and here comes the claimant. An Egyptian Security Researcher, Ahmed Mohamed Hassan Aboul-Ela , who have been rewarded by many reputed and popular technology giants including Google, Microsoft and Apple, have discovered a critical vulnerability in Twitter's advertising service that allowed him deleting credit cards from any Twitter account. FIRST VULNERABILITY Initially, Aboul-Ela found two different vulnerabilities in ads.twitter.com, but both the flaws was having the " same effect and impact. " First flaw exists in the Delete function of credit cards in payments method page, https://ads.twitter.com/accounts/[account id]/payment_methods By choosing the Delete this card function, an ajax POST request is sent to the server. The post parameters se