The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Staminus Communications – a California-based hosting and DDoS (Distributed Denial of Service) protection company – is recovering a massive data breach after hackers broke down into its servers and leaked personal and sensitive details of its customers. Though the company acknowledged that there was a problem in a message posted to Twitter on Thursday morning, it did not specify a data breach. Staminus's website went offline at 8 am Eastern Time on Thursday, and on Friday afternoon, a representative said in a Twitter post that "a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable." What type of information? The dump of information on Staminus' systems includes: Customer usernames Hashed passwords E-mail addresses Customer real names Customer credit card data in plain text Customer support tickets Server logs data Chat logs Source code of some of the company's services including Intreppi...

The Department of Justice (DoJ) has warned Apple that it may force the tech giant for handing over the source code to the complete operating system if it does not help the Federal Bureau of Investigation (FBI) unlock the San Bernardino shooter's iPhone . Apple is battling with the FBI over iPhone encryption case. The federal investigators needs Apple's assistance to unlock an iPhone 5C belonging to San Bernardino shooter Syed Rizwan Farook. However, Apple CEO Tim Cook has said explicitly that providing a backdoor would likely open up the company's iPhones to not just the federal agents, but also to malicious hackers who could use it for evil purposes. On Thursday, Apple and the FBI head to another court hearing on the San Bernardino iPhone case. The DOJ's latest 43-page brief filing contains an implicit threat that if Apple does not create the vulnerable version of its iOS operating system needed to bypass the passcode protection on the terroris...

Microsoft reckoned Bitcoin was the future of payment system and added it as a payment option for Windows store at the end of 2014, but the company has silently pulled support for Bitcoin in the Windows 10 Store. In November 2014, Microsoft struck a deal with third-party bitcoin payment processor ' Bitpay ' that allowed people to use Bitcoin to purchase Microsoft's products and services from Windows Stores. However, Microsoft quietly updated the Windows Store FAQ that popped up " Microsoft Store doesn't accept Bitcoin. " The end of support for Bitcoin payments only applies to Windows 10 and Windows 10 Mobile stores.  "Microsoft Store doesn't accept Bitcoin. You can no longer redeem Bitcoin into your Microsoft account," the update reads. "Existing balances in your account will still be available for purchases from Microsoft Store, but can't be refunded." In short, you can make use of an existing balance in your accou...

The Federal Communication Commission (FCC) has put forward a proposal that aims to protect Internet user's privacy. The proposal [ pdf] will regulate the amount of customers' online data the Internet Service Providers (ISPs) are able to collect and sell to the advertising companies. Currently, there is no particular rule by law covering broadband providers and customer privacy, and if adopted, this would be the first privacy rule for ISPs. The FCC already governs how phone companies can use and resell customer data, and the Chairman Tom Wheeler believes similar rules should be applied to ISPs. Is Your ISP Tracking Your Web Surfing and Selling Data to Advertisers? Your complete Internet traffic passes through your Internet Service Provider, which gives it the ability to access to vast and potentially lucrative amount of your web-browsing activity. If you are using a mobile phone, your ISP can also track your physical location throughout the day in real time. ISPs ...

Typos are really embarrassing, but this time it saved the Bangladesh Central Bank and the New York Federal Reserve by preventing a nearly $1 Billion ( £700 Million ) heist. Last month, some unknown hackers broke into Bangladesh's central bank, obtained credentials needed for payment transfers and then transfer large sums to fraudulent accounts based in the Philippines and Sri Lanka . But… A single spelling mistake in an online bank transfer instruction prevented the full theft, according to Reuters . Here's what actually was happened: Nearly three dozen requests hit the Federal Reserve Bank of New York on 5 February using the Bangladesh Bank's SWIFT code, out of which four resulted in successful transfers, for a total value of about $81 million. However, when the hackers attempted to make their fifth transfer of $20 Million to a Sri Lankan non-governmental organization called the Shalika Foundation , they made a typo by attempting a transfer to the Shalika " ...

Android N Developer Preview, an early beta of Google's new mobile operating system that was expected to launch on Google I/O in mid-May, is unexpectedly launching right now. Android N Developer Preview for the Nexus 6P, Nexus 5X, Nexus 6, Pixel C Nexus 9, the Nexus Player and the General Mobile 4G, an Android One device has been made available as an over-the-air update by Google on Wednesday. So, you can test out Android N Developer Preview on your smartphone and tablet right now from developer.android.com/preview . The good news is that the Google Android team has brought meaningful features to your smartphone and tablet in just five months. "As we look to the next release of Android, N, you'll notice a few big changes aimed at you as developers: it's earlier than ever, it's easier to try and we're expanding the ways for you to give us feedback," Hiroshi Lockheimer, Google's SVP for Android writes . "We hope these changes will ensure that you are heard an...

Let's Encrypt has achieved another big milestone by issuing 1 million free Transport Layer Security (TLS) SSL Certificates to webmasters who wish to secure the communications between their users and domains. Let's Encrypt   – operated by the Internet Security Research Group (ISRG) – is an absolutely free, and open source certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. It is just three months and five days since Let's Encrypt launched a beta version of the service, and the group has crossed 1 Million certificates in use across the Web, Let's Encrypt said in a blog post on Tuesday. Let's Encrypt allows anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers. Backed by companies including EFF, Akamai and Mozilla, the Let's Encrypt project started offering Free HTTPS certs to everyone fro...

Upon the request of US authorities, Marcel Lazar Lehel, well known as Guccifer , has finally been approved to extradite to the United States to face Computer Intrusion and Identity Theft Charges for 18 months. Guccifer is an infamous Romanian hacker who was arrested in Romania for hacking into the emails and social networking accounts of numerous high profile the US and Romanian Politicians. Romania's top court has approved a request by US authorities to extradite Guccifer to the United States, a source within Romania's DIICOT anti-organized crime and terrorism unit told Reuters. Guccifer's well known political targets included: Bill Clinton (Former President) Hillary Clinton (U.S Presidential Candidate) George W. Bush (Former U.S. President) Colin Powell (former U.S. Secretary) George Maior (chief of the Romanian Intelligence Service) John Tenet (State Director of Central Intelligence for the United States CIA) Richard Armitage (Republican politici...

A Romanian card skimmer arrested for being part of an international cybercrime group that used malware to plunder US$217,000 from ATMs has escaped from a Bucharest prison on Sunday morning (6th March). Renato Marius Tulli , 34, was being held at Police Precinct 19 in Bucharest, the capital of Romania, after being arrested together with 7 other suspects as part of a joint Europol, Eurojust, and DIICOT investigation on January 5, 2016. Tulli was part of a criminal gang specialized in robbing NCR-based ATMs. According to the federal authorities, the gang allegedly used a piece of malware, dubbed Tyupkin , to conduct what's known as Jackpotting attack and made Millions by infecting ATMs across Europe and beyond. Using Tyupkin malware, the criminals were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad. Authorities announced on Monday that Tulli escaped with Grosy Gostel , 38, a man held for robbery charges, while both o...

Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account , but an Indian hacker just did it. A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can. Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability , a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password. Here's How the Flaw Works The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests. Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit c...