The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In Brief The Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public. Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple's iOS and OS X operating system and was patched nine months ago, with the release of iOS 9 for iPhones and Mac OS X El Capitan, according to Apple. The FBI informed Apple of a vulnerability in its iPhone and Mac software on April 14, but it's not the one used to unlock an iPhone of one of the San Bernardino shooters, Reuters  reported . But, Why didn't the FBI disclose the hack used to get data off the San Bernardino iPhone ? Well, the answer came from the FBI is not much complicated. According to the FBI Director James Comey, the FBI is still assessing whether the hack used to unlock Farook...

In Brief A group of pro-ISIS hackers calling themselves the United Cyber Caliphate (UCC) has issued a "Kill List" containing the names of dozens of U.S. government personnel at the Pentagon, Department of Homeland Security, State Department, and several other federal agencies. Meanwhile, the US military's Cyber Command has announced to launch its first attack against ISIS' digital infrastructure in an effort to disrupt the terrorist's communications and other core functions. The announcement came earlier this week when President Barack Obama discussed the war on ISIS ( Islamic State ) in Hanover, Germany, where he met with world leaders and represented this new cyber initiative, according to the sources from New York Times. On the other side, the Kill List was distributed Monday by the United Cyber Caliphate (UCC) hackers over the popular end-to-end encrypted messaging app Telegram through which the ISIS communicate with their followers and spread terro...

1. Spotify Hacked! Change your Password ASAP If you are one of the millions of people around the world who love to listen to music on Spotify, you may need to change your password immediately. Has Spotify been hacked? The company says no, but some Spotify users have claimed their profiles were hijacked, and details were changed without knowledge, including passwords and email addresses, TC  reported . Spotify apparently suffered a security breach that leaked hundreds of Spotify accounts details, including emails, usernames, passwords and account type, which was published last week to the popular anonymous file sharing website Pastebin. Spotify is investigating the Pastebin leaks of Spotify user information. 2. Over 1 Million Android Apps Are Coming to Chrome OS Google is ready to integrate millions of Android applications onto its Chrome OS platform by bringing the entire Play Store to it. Redditor 'TheWiseYoda' first spotted a new option to "Enable And...

In Brief US-based Intelligence Advanced Research Projects Activity (IARPA) agency is sponsoring a program to build portable laser sensors that could detect explosives, narcotics and other dangerous chemical weapons from 100 feet away. Dubbed SILMARILS ( Standoff Illuminator for Measuring Absorbance and Reflectance Infrared Light Signatures ), the program aims to identify biological agents as well as chemical and explosive substances in real-time. The Bombs are often planted in public areas, so it is important to detect them in a way that does not harm the surrounding infrastructure and human lives. The new technology could make the front line and home front safer for everyone. The agency has funded five companies via the US Air Force, including LGS Innovations, Physical Sciences, Photonics, Block Engineering, and Leidos, through its SILMARILS program . Currently, the technology used to detect narcotics, explosives, and other dangerous chemicals requires physical...

In Brief Cyber crooks find a new and ingenious way to make hundreds of thousands of dollars with no effort. An unknown cyber gang, pretending to be Armada Collective , has made more than $100,000 in less than two months simply by threatening to launch DDoS attack on websites, but never actually launched a single attack. A group of Cyber Extortionists is sending threatening emails to businesses across the globe involves the launching of powerful distributed denial-of-service (DDoS) attacks against victim's website unless a ransom is paid. But, the group never actually launched a single DDoS attack. In a typical scenario, attackers disrupt a targeted website with a short-term DDoS attack in order to demonstrate its power, followed by an e-mail containing ransom note threatening further disruption, if the ransom does not get paid. Armada Collective is the same criminal gang that was responsible for one of largest DDoS attacks against ProtonMail in November 2015 and ext...

In Brief Investigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system. The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system. The Bangladesh Bank hackers, who managed to steal $81 Million from the bank last month in one of the largest bank heists in history, actually made their tracks clear after hacking into SWIFT, the heart of the global financial system. SWIFT , stands for the Society for Worldwide Interbank Financial Telecommunications, is a global messaging network used for most international money and security transfers. More than 11,000 Global Banks on HIGH ALERT! Nearly 11,000 Banks and other financial institutions around the World use SWIFT system to send securely and receive payment ...

Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se...

In Brief Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network. When it was reported last month that an unknown hacking group attempted to steal $1 Billion from Bangladesh's Federal Reserve bank account with the help of a malware and, in fact, successfully stole over $80 Million , the investigators would not say how the hackers managed to bypass the security solutions on its network. But in reality, there was no security solution installed to help protect against increasingly sophisticated attacks. This lack of security practices made it incredibly easier for the hackers to break into the system and steal $81 Million, though a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds. The network computers that we...

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr...

In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s...