The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple announced one huge change at WWDC 2016: The company is replacing the HFS+ file system on MacOS, iOS, tvOS and WatchOS with a new file system. The company has introduced its brand new file system called The Apple File System — or APFS for short — for iOS, OS X, tvOS, and WatchOS, making security its centerpiece. " The Apple File System (APFS) is the next-generation file system designed to scale from an Apple Watch to a Mac Pro. APFS is optimized for Flash/SSD storage, and engineered with encryption as a primary feature, " according to an entry in the WWDC 2016 schedule. Yes, the Apple File System is optimized for Flash and SSD-based storage solutions that are used in iPhones, iPads, MacBooks, AppleTV set-top boxes, and others Apple gadgets. APFS supports "nearly" all features the HFS+ file system provides while offering improvements over the previous system in the process. Apple describes APFS as a modern file system that includes " strong enc...

Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets. Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems. The cyber attack was designed to lay for a long term period against its rival, authorities in Seoul said. The South Korean police were on high alert against cyberattacks by the North Korean hackers, especially after North Korea successfully tested a miniaturized hydrogen bomb in January and a long-range rocket launch in February, Reuters reports . According to the police, the hacking attack began in 2014 but was detected only in February this year, after North Korea managed to steal information from two companies: the SK and Hanjin Group. The documents stolen from the two companies included blueprints for the wi...

Breaking News for today: Microsoft has announced that it is planning to acquire LinkedIn, the social network for professionals, for $26.2 Billion in cash. Yes, Microsoft announced today that it would buy LinkedIn for $196 per share in an all-cash transaction valued at $26.2 BILLLLLLION. It is so far the biggest acquisition made by Microsoft, which has made 8 takeovers, including Skype in 2011 and Nokia in 2013, worth more than $1 Billion. According to the tech giant, LinkedIn will retain its own brand and product, and also LinkedIn's existing CEO Jeff Weiner will remain as the company's chief executive. LinkedIn will now become a part of Microsoft's productivity, and business processes segment and Weiner will report directly to Microsoft CEO Satya Nadella. Here's what Nadella said about the deal: "The LinkedIn team has grown a fantastic business centered on connecting the world's professionals. Together we can accelerate the growth of Linked...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

How many more data dumps does this hacker have with him that has yet to be exposed? Well, no one knows the answer, but we were recently made aware of another data breach from Peace – the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . The hacker under the nickname "Peace" (or Peace_of_mind) is now selling over 51 Million records obtained from iMesh – now defunct peer-to-peer file sharing service. The New York-based iMesh was one of the first and most popular file sharing services that allowed users to share multimedia files with their friends via the peer-to-peer (or P2P) protocol. Launched in the late 90s, iMesh became the third-largest service in the United States in 2009, but the service was unexpectedly closed down last month. LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that the comp...

The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points. Although it's not the hackers alone, the NSA is also behind the Internet of Things. We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013. But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers. During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now." Ledgett totally agreed o...

This year, Microsoft impressed the world with 'Microsoft loves Linux' announcements, like developing a custom Linux-based OS for running Azure Cloud Switch, selecting Ubuntu as the operating system for its Cloud-based Big Data services and bringing the popular Bash shell to Windows 10 . Now, the next big news for open-source community: Microsoft has released its own custom distribution of FreeBSD 10.3 as a "ready-made" Virtual Machine image in order to make the operating system available directly from the Azure Marketplace. FreeBSD (Berkeley Software Distribution) is an open source Unix-like advanced computer operating system used to power modern servers, desktops as well as embedded systems. Until now, the only way for Azure customers to run FreeBSD was to make use of a custom image from outside of Azure (from the FreeBSD Foundation). However, the new release makes it easier for Azure users to launch FreeBSD directly from the Azure Marketplace and get...

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn , MySpace , Tumblr , Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace. However, these are only data breaches that have been publicly disclosed by the hacker. I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released. The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter. Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800). LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com ...

If you are a torrent lover and have registered on  BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords. The BitTorrent team has announced that its community forums have been hacked, which exposed private information of hundreds of thousands of its users. As of now, BitTorrent is the most visited torrent client around the world with more than 150 Million monthly active users. Besides this, BitTorrent also has a dedicated community forum that has over hundreds of thousands of registered members with tens of thousands of daily visitors. A recent security alert by the team says the forum database has been compromised by hackers who were able to get their hands on its users' passwords, warning its users to update their passwords as soon as possible. The vulnerability is believed to be originated at one of its vendors, who alerted the BitTorrent team about the issue ...

Hackers and geeks always tinkered with their devices, regardless of their operating system, and are always behind the ways to run Android on iPhone, iOS on Android phones, or Dual-Boot iOS and Android together in a single device. Though there are many solutions available on the Internet to solve these queries, but recently a hardware hacker has demonstrated a new way to run Android OS virtually on iPhone within an app i.e. without booting the iOS device. Nick Lee, the CTO of mobile development firm Tendigi, has created a specialized iPhone case, that when connected to your iPhone, will let your iPhone run a full-fledged version of Android operating system. This hack is not the first weird thing Lee did; he previously was able to get his Apple Watch to run Windows 95. Lee showed how everything from WiFi to the Google Play Store to the calculator app worked fine. To run Android on iPhone, Lee first cloned the Android Open Source Project and built his own version of Android M...

What's the worst that could happen when a Ransomware malware hits University? Last month, the IT department of the University from where I have done my graduation called me for helping them get rid of a Ransomware infection that locked down all its student's results just a day before the announcement. Unfortunately, there was no decrypter available for that specific ransomware sample, but luckily they had the digital backup for the examination results in the form of hundreds of excel sheets. So, somehow backup helped administrator to re-compile complete result once again into the database, but this delayed the announcement for over 30 days. However, the situation is not same every time. Recently, the University of Calgary in Alberta  paid a ransom of $20,000 to decrypt their computer systems' files and regain access to its own email system after getting hit by a ransomware infection. The University fell victim to ransomware last month, when the malware instal...