The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

1. Spotify Hacked! Change your Password ASAP If you are one of the millions of people around the world who love to listen to music on Spotify, you may need to change your password immediately. Has Spotify been hacked? The company says no, but some Spotify users have claimed their profiles were hijacked, and details were changed without knowledge, including passwords and email addresses, TC  reported . Spotify apparently suffered a security breach that leaked hundreds of Spotify accounts details, including emails, usernames, passwords and account type, which was published last week to the popular anonymous file sharing website Pastebin. Spotify is investigating the Pastebin leaks of Spotify user information. 2. Over 1 Million Android Apps Are Coming to Chrome OS Google is ready to integrate millions of Android applications onto its Chrome OS platform by bringing the entire Play Store to it. Redditor 'TheWiseYoda' first spotted a new option to "Enable And

In Brief US-based Intelligence Advanced Research Projects Activity (IARPA) agency is sponsoring a program to build portable laser sensors that could detect explosives, narcotics and other dangerous chemical weapons from 100 feet away. Dubbed SILMARILS ( Standoff Illuminator for Measuring Absorbance and Reflectance Infrared Light Signatures ), the program aims to identify biological agents as well as chemical and explosive substances in real-time. The Bombs are often planted in public areas, so it is important to detect them in a way that does not harm the surrounding infrastructure and human lives. The new technology could make the front line and home front safer for everyone. The agency has funded five companies via the US Air Force, including LGS Innovations, Physical Sciences, Photonics, Block Engineering, and Leidos, through its SILMARILS program . Currently, the technology used to detect narcotics, explosives, and other dangerous chemicals requires physical contact

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

In Brief Cyber crooks find a new and ingenious way to make hundreds of thousands of dollars with no effort. An unknown cyber gang, pretending to be Armada Collective , has made more than $100,000 in less than two months simply by threatening to launch DDoS attack on websites, but never actually launched a single attack. A group of Cyber Extortionists is sending threatening emails to businesses across the globe involves the launching of powerful distributed denial-of-service (DDoS) attacks against victim's website unless a ransom is paid. But, the group never actually launched a single DDoS attack. In a typical scenario, attackers disrupt a targeted website with a short-term DDoS attack in order to demonstrate its power, followed by an e-mail containing ransom note threatening further disruption, if the ransom does not get paid. Armada Collective is the same criminal gang that was responsible for one of largest DDoS attacks against ProtonMail in November 2015 and ext

In Brief Investigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system. The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system. The Bangladesh Bank hackers, who managed to steal $81 Million from the bank last month in one of the largest bank heists in history, actually made their tracks clear after hacking into SWIFT, the heart of the global financial system. SWIFT , stands for the Society for Worldwide Interbank Financial Telecommunications, is a global messaging network used for most international money and security transfers. More than 11,000 Global Banks on HIGH ALERT! Nearly 11,000 Banks and other financial institutions around the World use SWIFT system to send securely and receive payment

Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se

In Brief Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network. When it was reported last month that an unknown hacking group attempted to steal $1 Billion from Bangladesh's Federal Reserve bank account with the help of a malware and, in fact, successfully stole over $80 Million , the investigators would not say how the hackers managed to bypass the security solutions on its network. But in reality, there was no security solution installed to help protect against increasingly sophisticated attacks. This lack of security practices made it incredibly easier for the hackers to break into the system and steal $81 Million, though a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds. The network computers that we

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr

In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s

In Brief: Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users. Sony confirmed to Polygon today that it is planning to introduce two-factor verification to its PlayStation Network widely soon after a Twitter user saw a reference to it in the latest 4.80 firmware update for the PlayStation 3. Although there is no official announcement from the company revealing when two-step authentication will be implemented in PSN, the representative told sources that "more details will be shared at a later date." Microsoft has been providing two-step verification to its Xbox Live users since 2013. The feature is also used on Battle.net and Steam. Two-Factor authentication, also known as two-step verification, is a process that requires you to submit two different forms of verification when logging into a service: One is your

In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's  legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's announcement last month that it bought a hacking tool to break into the locked iPhone 5C belonging to the alleged San Bernardino shooter Syed Farook. At the time, the FBI did not disclose the name of the third party neither it revealed the cost of the hacking tool. But yesterday while speaking at the Aspen Security Forum in London, FBI Director James Comey gave a hint on the price it gave to the unnamed "outside party" for the hacking solution after Apple refused to help the agency bypass the iPhone's security mechanisms. The FBI Paid Over $1.3 MILLION f