The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Windows 8 PCs contain a new technology called Secure Boot that only boots devices that have been verified by Microsoft. Also Microsoft's own Offline Defender won't boot on Windows 8 PCs with Secure Boot on. Neither will Norton's Bootable Recovery Tool. We asked the guys at FixMeStick how their external hardware-based anti-malware device can boot on brand new Windows 8 hardware with Secure boot on, as well as 10 year old PCs with 32 processors running XP. Here's their answer: 1. It got a Master Boot Record. : In other words, it boots on BIOS-based PCs, essentially all PCs prior to Windows 8. 2. and it got UEFI boot partition : It also got a UEFI boot partition, so it will boot on PCs with the latest UEFI firmware too. 3. It's 32 bit : There's a 32 bit operating system on the stick so it will work with 32 bit microprocessors. Most rescue ISOs\disks are 32 bit only, so by default they work on 32 bit processors and 64 bit processors. 4. and it's 64...

If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform messaging app, WhatsApp. According to a whitehat hacker Mohammed Saeed , Whatsapp media server ( media.whatsapp.com ) interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. Flaw allowed hacker to gather usernames via an " /etc/passwd " file and also another sensitive files like log files i.e   "/apache/logs/error.log" or " /apache/logs/access.log ". Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week. If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at  support@whatsapp.com .

A YouTube video posted by a group calling themselves Anonymous is getting a lot of attention online, claims to have outed two men who allegedly tried to lure underaged girls over the internet. In a video posted on Friday, a member of Anonymous describes a sting operation in which two Edmonton-area men were allegedly caught trying to meet up with 13- and 14-year-old girls for sex. Bob Andrews, the head of ALERT's Integrated Child Exploitation unit in Edmonton. "I think it's really important to let the police do their jobs, and not judge someone in a public forum. " Hacker also claims that they contacted Edmonton police about one meeting that was supposed to take place at West Edmonton Mall, but that police did nothing. " There has been no reply. This is unacceptable. Together, we must act, and we must act swiftly to protect our children. For your benefit, we will begin to reveal the identities of the people that were identified ," the video states. T...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spread...

The individual responsible for one of the most significant leaks in US political history is Edward Snowden , a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton . He's a high school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor and identify himself as the source of leaks about US surveillance programmes - PRISM . He is responsible for handing over material from one of the world's most secretive organisations the NSA. Verax was the name he chose for himself, " truth teller " in Latin. In an interview with The Guardian , Snowden publicly revealed himself as the source of documents outlining a massive effort by the U.S. National Security Agency to track cell phone calls and monitor the e-mail and Internet traffic of virtually all Americans.  Before his leak of U.S. intelligence, Snowden was living in paradise, working for a major U...

China has developed a new supercomputer known as Tianhe-2  which is twice as fast as US and Japanese systems has been measured at speeds of 30.65 petaflops or 74 percent faster than the current holder of the world's-fastest-supercomputer title. Titan, the U.S. Department of Energy's fastest supercomputer, has been clocked in at just 17.6 petaflops per second. Earlier reports said China is aiming for no lesser than a 100 Petaflops machine by 2015. China's National University of Defense Technology last week revealed about a massive machine in Changsha, that's expected to come out next weekend during the International Supercomputing Conference. Tianhe-2 is built with Intel Ivy Bridge and Xeon Phi processors. The powerful system was assembled by Chinese company Inspur using tens of thousands of the latest multicore chips produced by Intel, with an addition of some home-made technology. In total, the supercomputer is said to contain over 3 million proces...

Another member of the hacker collective Anonymous has been unmasked this week. FBI raided the home of Deric Lostutter in April. Two laptops, flash drives, CD's, an external hard-drive, cell phones and an Xbox were reportedly seized during the raid. Deric Lostutter, a 26-year-old from Winchester, is also known as KYAnonymous , a member of the hacktivist collective Anonymous who leaked a video showing the young men who raped an unconscious teenaged girl in Steubenville , Ohio, bragging about what they did in a disgustingly proud manner. In March, football stars Trent Mays, 17, and Ma'lik Richmond, 16, were convicted of the rape. They were sentenced to a minimum of one year in a juvenile detention institution with a maximum stay until they are 21. Lostutter, a self-employed IT security consultant and self-described Anonymous member, said that he'd just returned from a turkey hunt when he noticed what appeared to be a FedEx truck in his driveway. " As I open the doo...

The Pirate Bay co-founder Gottfrid Svartholm Warg a.k.a  'Anakata' is suspected of being involved in one of Denmark's biggest hack attacks. Gottfrid was arrested in Cambodia in September 2012 and has been extradited from Cambodia to Sweden last year, charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Now he is suspected in another hacking case, where he and a 20-year-old Danish hacker are suspected to have obtained access to, among other things Danish social security numbers as well as business numbers. Danish suspect was arrested on Wednesday. In January, police in Sweden told colleagues in Denmark about a Danish IP address they had found during an investigation into hacker attacks against a company handling sensitive information for the Swedish tax authority. Grave cases of hacking are punishable by up to six years...

The National Security Agency , part of the U.S. military reportedly has a direct line into the systems of some of the world's biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM , 6-year-old program which allows officials to collect real-time information and as well as stored material including search history, the content of emails, file transfers and live chats, according to reports in the Washington Post . Project PRISM may be the first of its kind and also  GCHQ , Britain's equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA. Later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism. Other services that are reportedly part of PRISM include PalTa...

A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs . Dubbed as Backdoor . AndroidOS . Obad . a , it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities , blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. It include complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices . There are two previously unknown Android vulnerabilities exploited by Obad . It can gain administrator privileges, making it virtually impossible for a user to delete it off a device. Another flaw in the Android OS relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application's structure, define its laun...