The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A notable number of cell phone towers around the United States are rogue that, according to latest report, could spoof legitimate towers and intercept calls. The research carried out by ESD America , a defense and law enforcement technology firm based in Las Vegas, shows that a rogue cell phone towers, also known as "interceptors", may process the call. ESD America, the company that makes the super-secure CryptoPhone, makes one of the oldest and most expensive high-security cell phones in the market. It provides equipment and training to more than 40 countries with a goal to provide technical security assistance to government and corporate clients across Asia. SEVERAL ROGUE CELL PHONE TOWERS DISCOVERED While field-testing its secure Android handset, the CryptoPhone 500 , the firm came across the existence of a series of fake base stations along the Eastern seaboard of the US. Les Goldsmith, the CEO of ESD America, told the US publication Popular Science tha...

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c...

With a need to give more controls in users' hands, LinkedIn has introduced a few new security features that the company says will help users of the social network for professionals keep their accounts and data more secure. SESSION ALERTS Just like Google, Facebook, Yahoo and other online services, LinkedIn has added a new option within the settings tab that allows users to see where and on what devices they are logged into their account. From there, users can sign out of various sessions with one click. This will include details about the users' current sessions, the browser name, operating system, carrier and IP address, which is used to give an approximate location of the device through which the session is occurring. Just like the Facebook feature, LinkedIn lets people to approve the devices to be used, and if somebody accesses a user's LinkedIn account from an unapproved device it will alert user. PASSWORD ALERTS LinkedIn has also introduced its password c...

Good news for Firefox lovers! The Mozilla Foundation has introduced a bunch of new features in Firefox to improve browser security with the launch of Firefox 32, now available for Windows, Mac, Linux, and Android platforms. The new version of Firefox makes the browser even more competitive among others. Firefox version 32 has some notable security improvements, including a new HTTP cache for improved performance, public key pinning - a defense that would help protect its users from man-in-the-middle and other attacks, and easy language switching on Android. PUBLIC KEY PINNING ENABLED BY-DEFAULT In the latest Firefox version 32, Mozilla has enabled Public Key Pinning support by default that will protect its users from man-in-the-middle-attacks and rogue certificate authorities. Public key pinning is a security measure that ensures people that they are connecting to the websites they intend to. Pinning allows users to keep track of certificates in order to specify wh...

LA-based domain name registrar and hosting company Namecheap warned its customers on Monday that cybercriminals have begun accessing their accounts by using the list of credentials gathered from third-party websites. The Hosting company confirmed the security breach and informed that the hackers have compromised some of its customers' accounts, probably using the " biggest-ever " password theft via Russian Hackers that disclosed list of 1.2 billion usernames and passwords compiled by Russian CyberVor Gang . RUSSIAN GROUP BEHIND THE ATTACK - CYBERVOR The CyberVor Gang allegedly stolen a vast cache of compromised login credentials for " 1.2 billion " accounts, belonging to over half a billion e-mail addresses, warned Hold Security , a Milwaukee-based security company that tracks stolen data on underground cybercriminal forums. The gang appears to have broken into at least 420,000 websites vulnerable to SQL injection attacks, among other techniques, ...

Now this gonna be the height of Privacy Breach! Images of several high-profile persona including actors, models, singers and presenters have been made available online in a blatant hacking leak linked to the Apple iCloud service. The recent privacy breach appears to be one of the biggest celebrity privacy breaches in history and represents a serious offense and violation of privacy. A hacker allegedly breached Apple's iCloud service and copied the personal photos of at least 100 high-profile stars. WHO IS BEHIND IT The anonymous hacker, using the name Tristan , sparked the scandal on Sunday after dumping a large cache of female celebrities' alleged naked photographs onto the 4chan online forum, an online message board used for sharing pictures. The list of those celebrities allegedly affected, whose photographs are supposedly in this cache, is very long that includes Jenny McCarthy, Rihanna, Kristin Dunst, Kate Upton, the American actress Mary E Winstead , and the...

A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft's Silverlight platform. The world's largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight. As part of this campaign, users of several high-profile websites including Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl , last week were redirected to websites serving malicious advertisements that infected visitors by installing botnet ma...

Microsoft today reissued a security update for Windows to the faulty update that previously caused PCs to suffer Blue Screens of Death (BSoD) . The new security update comes almost two weeks after reports emerged that the dodgy update crippled users' computers with the infamous "Blue Screens of Death." The company later advised people to uninstall the update, but now it has fixed the issue. " This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates ," Tracey Pretorius, director of Microsoft Trustworthy Computing, wrote in a blog post .   " As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these available to download. We then began working on a plan to re-release the affected updates." The offending Microsoft patch identified as MS14-045 , fixes Windows kernel vulnerabilities in 47 of Micro...

Hackforums - one of the popular hacking forum in the world - has been hacked and defaced by the famous Egyptian hacker with the online handle Eg-R1z . HackForums is popular among both whitehats and blackhats. On one end of the spectrum, HackForums helps over 110,000 hacking community members to remove dangerous malware off of their computers, as well as promotes research and learning of various malwares. But on the other end, it servers as a great platform for hackers and cyber thieves as well, who posts infected material in order to victimize others. The website is hosted in Europe on a server and expected to be earning an estimated $7,316 USD on a daily basis. Last night, hackforums.net went dark with a defacement message that reads: "[403 Forbidden Error] - You might be blocked by your IP, Country, or ISP." That's really nasty msg guys , don't u think so?! Just sending greets from Egypt i-Hmx , H3ll C0D3 , Egyptian.H4x0rZ ./Eg-R1z Cr3w It i...

Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic. The routers are sold under the brand name Netcore in China, and Netis in other parts of the world , including South Korea, Taiwan, Israel and United States. According to Trend Micro , the backdoor — a semi-secret way to access the device — allows cybercriminals the possibility to bypass device security and to easily run malicious code on routers and change settings. Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling. The Netcore and Netis routers have an open UDP port listening at port 53413 , which can be accessed from the Internet side of the router . The password needed to open up this backdoor is hardcoded into the router's firmware. ...