The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Chinese smartphone maker OnePlus who recently announced that the company is planning to launch its latest flying drone, OnePlus DR-1 , saying it would be a " Game Changer. " There have already been some speculations about a drone from OnePlus circulating on the Internet, but now the company has confirmed during a Reddit AMA (Ask Me Almost Anything) session that OnePlus DR-1 (aka DR-ONE ) will land on its online store next month. OnePlus also posted a Vine video on Tuesday with the caption " Feeling adventurous? The DR-1 is flying to our store next month. #OneGameChanger. " The six-second short video did not give much information about the new drone, but it hints more or less that the company is working on a drone. The product page of DR-1 sectioned impressive lines such as " innovating a whole new way of thinking about drones " and telling users to " experience the next age of aviation technology with effortless transportation and

Imagine — reaching into your pocket — and pulling out a computer ! Google has made it possible to put your whole computer into your pocket by introducing a whole new kind of Chrome device — a tiny stick that plugs into HDMI port of any display. Dubbed ChromeBit , a fully featured computer-on-a-stick from Asus that Google promises to retail for less than $100 when it comes out this summer. You just need to plug a Chromebit right into your TV or any monitor in order to turn it into a full-fledged Chrome OS -based computer. Google Chromebit is portable with an impressive look and will be available in three attractive colors — silver, blue and orange. It has a smarter clinch on the business end so that a user can easily plug it into practically any HDMI port without the need of any extension cable. SPECIFICATIONS This tiny little Google ChromeBit stick packaged with: Rockchip RK3288 (with quad-core Mali 760 graphics) 2GB of RAM 16GB of solid state storage memory

The famous cyber hacker group Anonymous has vowed an ' Electronic Holocaust ' against Israel in response to what the group calls 'crimes in the Palestinian territories'. In a spooky video " message to Israel " posted on YouTube March 4, Anonymous declared yet another cyber attack on April 7, which is one week before Holocaust Remembrance day. Totally in news delivering style, the video clip shows a man wearing an Anonymous mask and threatening to take down Israeli servers and websites related to critical infrastructure next week, promising to 'erase you from cyberspace'. " We will erase [Israel] from cyberspace in our electronic Holocaust ," says the video. " As we did many times, we will take down your servers, government websites, Israeli military sites, and Israeli institutions. " The cyber activist group declared Palestinians youths as a 'symbol of freedom', and urged them to "never give up. [Anonymous] are with

In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo

Two former Federal investigators who helped to shut down the infamous black-market website ' Silk Road ' accused of fraud and stealing more than a Million dollars in Bitcoins during their investigation. Silk Road, an infamous online drug market that hosted more than $200 Million in transactions, was seized by the FBI in 2013, but during that period two of FBI agents took advantage of their position. CHARGES AGAINST FEDS The US Department of Justice indictment charges 46-year-old former Drug Enforcement Agency (DEA) special agent Carl Force , and 32-year-old former Secret Service agent Shaun Bridges , with the following charges: Theft of government property Wire fraud Money laundering Conflict of interest MILLION DOLLAR EXTORTION Both Force and Bridges were part of Baltimore's Silk Road Task Force to investigate illegal activity in the black marketplace. The creator of Silk Road, Ross Ulbricht, was arrested and found guilty of running the Tor-h

Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks. This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world's leading web hosting companies. The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies. REASON BEHIND HACK According to SEA group, Endurance Group's BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their se

$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city. Two separate vendors on AlphaBay , a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports . Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file. Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses. Over on AlphaBay market, a vendor identified as " Courvoisier " is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ' x1 UBER ACCOUNT - WORLDWIDE TAXI!, ' anyone can buy a Uber account anonymously. Another vendor, identified as ThinkingFo

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True! A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think. The security researcher released a warning against the alarming approach: " Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days. " During their study, researchers monitored 23 Android smartphone users for three weeks. First Week - Participants were asked to use their smartphone apps as they would normally do. Second Week - An app called App Ops was installed to monitor and manage the data those apps were using. Third Week - The team of researchers started sending a daily " privacy nudge " alert that would ping particip

Thomas Jiřikovský , an alleged Owner of one of the most popular Darknet website ' Sheep Marketplace , ' has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ' Gwern Branwen ' doxed the owner, and the suspect was identified -- Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook

The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL ( secure sockets layer ) and TLS ( transport layer security ) protocols. The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm , which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today. BAR-MITZVAH ATTACK The attack, dubbed " Bar-Mitzvah ", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks. Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, " Attacking SSL when using RC4 " at the Black Hat Asia security conference Thursday in Singapore. Bar Mitzv

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night. It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu , the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x . "A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight La

Google want to save its users' bandwidth at home. The company has released a " Data Saver extension for Chrome , " bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. If you are unaware of it, the data compression proxy service by Google is designed to save users' bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. REDUCE AS MUCH AS 50% OF DATA USAGE  Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. " Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,

There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot. If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel's Wi-Fi network, as it may expose you to hackers. Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks. The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel's keycard systems and reservation. HACKING GUEST WIFI ROUTER Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware. The se

Yesterday at its annual F8 Developer Conference in San Francisco, Facebook officially turned its Messenger app into a Platform. Facebook's Messenger Platform allows third-party app developers to integrate their apps with Facebook messenger app. However, other popular messaging apps are already offering similar features, like Chinese WeChat, but Facebook release is much bigger than any other platform. At F8 Developer Conference, Facebook released SDK v4.0 for iOS and Android along with Graph API v2.3 that enable app developers to add new messenger platform features to their custom apps quickly. Facebook users can install these compatible third-party apps from the messenger app, which offers users to send animated GIFs, images, videos, and more content within the Facebook Messenger app easily. BOON FOR BOTH FACEBOOK AND THIRD PARTY DEVELOPERS Facebook Messenger Platform will offer third party app developers to reach out Facebook's 600 Millions of users. So, the move will be a

Security researcher has discovered some new features in the most dangerous Vawtrak , aka Neverquest , malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network . The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis ( PDF ) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence. Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks. HOW VAWTRAK SPREADS ? AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to ste

An air-gapped computer system isolated from the Internet and other computers that are connected to external networks believes to be the most secure computers on the planet -- Yeah?? You need to think again before calling them 'safe'. A group of Israeli security researchers at the Cyber Security Labs from Ben Gurion University have found a new technique to hack ultra-secure air-gapped computers and retrieve data using only heat emissions and a computer's built-in thermal sensors. WHAT IS AIR-GAPPED COMPUTERS ? Air-gapped computers or systems are considered to be the most secure and safest computer systems. These systems are isolated from the Internet or any other commuters that are connected to the Internet or external network. Air-gapped systems are used in situations that demand high security because it's very difficult to siphon data from these systems, as it requires a physical access to the machine which is possible by using removable device such as a US

The Supreme Court of India today struck down Section 66A of the Information Technology Act -- a controversial law that allowed law enforcement officials to arrest people for posting "offensive" comments on social networks and other internet sites. After hearing a clutch of petitions by defenders of free speech, the Supreme Court described the 2009 amendment to India's Information Technology Act known as section 66A as vague and ambiguous and beyond ambit of the constitutional right to freedom of speech. " Section 66A is unconstitutional and we have no hesitation in striking it down, " said Justice R F Nariman, reading out the judgement. " The public's right to know is directly affected by section 66A. " SECTION 66A OF THE IT ACT The Information Technology Act 2000 was amended in the year 2008 and this amended act contains the 66A section. Under this section, " Any person who sends, by means of a computer resource or a communi

A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these

You might be not aware of the companies that know pretty much everything related to your email activities like when you've opened email sent by one of their clients, where you are located, what device you're using, what link you click, all without your consent, even if you haven't click any link provided in that email. Companies like Yesware , Bananatag, and Streak track emails , usually by adding small pixels or images to those emails which inform the companies that when and where their emails have been opened by the recipients. If you find this something different then let you know that this sort of email tracking is very common practice adopted by many companies. However, in order to detect these tracking emails, now you have a simple but effective tool. UGLY EMAIL -- DETECT EMAIL TRACKERS Dubbed " Ugly Email ", a new Chrome extension warns you when an email you receive in your Gmail inbox have the ability to track you, and it even works before opening t

A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number