The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser. TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded. TOR Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the user's anonymity via Tor and Vidalia. In 2015, the FBI seized computer servers running the world's largest dark web child pornography site 'Playpen' from a web host in Lenoir, No...

How to Hack an Android device? It is possibly one of the most frequently asked questions on the Internet. Although it's not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access. Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor. Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide. Simple Backdoor Exploit to Hack Android Devices All you need to do to gain root access of an affected Android device is… Send the text " rootmydevice " to any undocumented debugging process. The local privileges escalation  backdoor code for debugging ARM-powered Android devices managed to make its way in shipped firmware after fir...

Mr. Robot was the biggest 'Hacking Drama' television show of 2015 and its second season will return to American TV screens on Wednesday 13th of July 2016. However, the new promotional website for season two of Mr. Robot has recently patched a security flaw that could have easily allowed a hacker to target millions of fans of the show. A White Hat hacker going by the alias Zemnmez discovered a Cross-Site Scripting (XSS) vulnerability in Mr. Robot website on Tuesday, the same day Mr. Robot launched a promo for its second series. The second season of the television show had already received praise from both critics and viewers for its relatively accurate portrayal of cyber security and hacking, something other cyber crime movies and shows have failed at badly. The new series also features a surprising yet welcome guest: President Barack Obama , who is giving a speech about a cyber threat faced by the nation. The flaw Zemnmez discovered on the show's website coul...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

With the growing number of cyber attacks and data breaches, a significant number of companies and organizations have started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get a reward. Now, even pornography sites are starting to embrace bug bounty practices in order to safeguard its user's security. The world's most popular pornography site PornHub has launched a bug bounty program for security researchers and bug hunters who can find and report security vulnerabilities in its website. Partnered with HackerOne, PornHub is offering to pay independent security researchers and bug hunters between $50 and $25,000, depending upon the impact of vulnerabilities they find. Also Read: 10-year-old Boy becomes the youngest Bug Bounty Hacker . HackeOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even th...

Hacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment? Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices. Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised. Facebook  CTF Video Demo: Since 2013, Facebook has itself hosted CTF competitions at events across the world and now, it is opening the platform to masses by releasing its source code on GitHub. "...

The most popular messaging app WhatsApp now has a fully functional desktop app – both for Mac as well as Windows platform. Facebook-owned WhatsApp messaging software has been a mobile-only messaging platform forever, but from Tuesday, the company is offering you its desktop application for both Windows and OS X. Few months back, WhatsApp launched a Web client that can be run through your browser to use WhatsApp on your desktop, but now users running Windows 8 or Mac OS 10.9 and above can use the new desktop app that mirrors WhatsApp messages from a user's mobile device. According to the company's blog post , the WhatsApp desktop app is similar to WhatsApp Web with synchronized conversations and messages Since WhatsApp desktop app is native for both Windows and OS X platform, it can support desktop notifications and keyboard shortcuts. WhatsApp has been rising at an extraordinary pace recently. The service has over 1 Billion monthly active users. At the beginning...

In Brief Britain's top crime fighting force has failed in a legal attempt to force alleged hacker Lauri Love to hand over his hard disk's encryption keys. In a landmark case, District Judge Nina Tempia said the investigative agency should have used the normal police powers rather than a civil action to obtain the evidence. Lauri Love, a 31-year-old hacker, has been accused of aiding cyber-attacks against U.S. targets, including NASA, FBI, US Army and US Federal Reserve networks. The National Crime Agency (NCA) has failed in a legal attempt to force the British citizen and political hacktivist Lauri Love to hand over the keys to encrypted data that has been seized from his home two years ago. At a Tuesday hearing in Court Seven at Westminster Magistrates' Court, the NCA's application to make Love disclose his encrypted computer passwords was refused by the judge. Hacker Fighting Extradition to U.S. Love, 31, is currently fighting extradition to the Uni...

There is no doubt that data breaches are on the rise. Hardly a day goes without headlines about any significant data breach. According to the latest ' Cyber Security Breaches Survey 2016 ' report published by UK government, two-thirds of the biggest firm in the UK have experienced at least a cyber attacks or data breaches within the past 12 months. Here's today, I am writing about top 4 data breaches reported in last 24 hours, threatened your data privacy and online security. 1. Kiddicare Hacked! 794,000 Accounts Leaked Kiddicare has admitted that the company has suffered a data breach, which led to the theft of sensitive data belonging to 794,000 users, including phone numbers and residential addresses. Kiddicare, company that sells child toys and accessories across the United Kingdom, became aware of the data breach after its customers started receiving suspicious text messages – most likely part of a phishing campaign – that attempted to pilfer them to click on a li...

A security researcher responsibly disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday. Security researcher David Michael Levin, 31, of Estero, Florida was charged with three counts of gaining unauthorized access to a computer, network, or electronic instrument. On 19 December last year, Levin tested the security of Lee County website and found a critical SQL injection vulnerability in it, which allowed him to access site's database, including username and password. Levin was reportedly using a free SQL testing software called Havij for testing SQL vulnerabilities on the state elections website. According to Levin, he responsibly reported vulnerabilities to the respective authorities and helped them to patch all loopholes in the elections website. Video Demonstration of the Elections Website Hack Meanwhile, Levin demonstrates his finding via...

In Brief The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible. The Smartphone patch update mechanism is broken, and someone has to fix it. Most smartphone models are not receiving available security patches, and the risk of vulnerabilities , malware infections , and data loss are leaving consumers vulnerable to attacks and putting businesses and corporate networks at risk. The United States federal regulators want to know how and when mobile phone manufacturers and cell phone carriers release security updates to assure its users' security, amid mounting concerns over security vulnerabilities. The Federal Communications Commission (FCC) in partnership with the Federal Trade Commission (FTC) have launched its own, parallel inquiry into mobile devic...