The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Your driver's license photo could be scarier than it actually looks — Well, here's why: With the help of state driver's license data, U.S. law enforcement agencies have created a huge a face-recognition database of more than 117 Million American adults that are regularly scanned in the course of police investigations. What's even worse? Most of those people who are scanned by police without prior knowledge are law-abiding citizens. According to a 150-page study published Tuesday by the Center for Privacy & Technology at the Georgetown University, ID photographs of more than 117 Million adult US citizens — that's about half of the US population — are now part of the " Perpetual Line-up ," which can be searched using facial-recognition software. In the past few years, Facial Recognition technology has improved enormously. Even big technology companies like Facebook have developed so powerful facial recognition software that they can even ide...

When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,...

Don't believe everything you read on Facebook. Despite so many awareness about Facebook hoaxes, online users fall for them and make them viral. One such viral post is circulating on Facebook that suggests everything that you have ever posted on the social media platform will become public tomorrow. Don't worry — it's a hoax. Yes, it's still a hoax. The latest Facebook privacy hoax message looks like this: Deadline tomorrow !!! Everything you've ever posted becomes public from tomorrow. Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook's privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past, and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any oth...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested software, like the ones that operate SCADA Systems, medical devices, and aviation software, have flaws. Vulnerabilities are an unfortunate reality for every software product, but there is always space for improvements. Due to the enormous popularity of VeraCrypt, security researchers from the OSTIF (The Open Source Technology Improvement Fund) agreed to audit VeraCrypt independently and hired researchers from QuarksLab in August to lead the audit. And it seems like VeraCrypt is not exactly flawless either. Now after one month of the audit, researchers have discovered a number of security issues, including 8 critical, 3 medium, and 15 low-severity vulnerabilities in the popular...

Early Monday, Whistleblowing site WikiLeaks tweeted that the internet connection of its co-founder, Julian Assange, was intentionally cut down , for which it blamed an unidentified " state party ." But most surprisingly, it was Ecuador who was behind the act. WikiLeaks has confirmed that its founder Julian Assange 's Internet access was cut down in its London embassy by the government of Ecuador on Saturday. The move was in response to the organization's publication of another batch of leaked emails related to US presidential candidate Hillary Clinton. "We can confirm Ecuador cut off Assange's internet access Saturday, 5 pm GMT, shortly after [the] publication of Clinton's Goldman Sachs [speeches]," WikiLeaks tweeted . Assange has been living in Ecuador's London embassy since June 2012, when he was granted asylum by the Ecuador government after a British court ordered his extradition to Sweden to face questioning on a rape allegation....

Don't worry — Julian Assange is alive and kicking! But his Internet connection is dead. Earlier today, Wikileaks tweeted that its co-founder, Julian Assange, had his internet connection intentionally cut by an unidentified " state party ." The non-profit organization said it had " activated appropriate contingency plans ," giving no further explanation. The tweet came after Wikileaks posted a series of three cryptic tweets , each containing a 64-character code. In no time, the tweets sparked bizarre rumors that Julian Assange has died. The tweets referenced Ecuador, Secretary of State John Kerry and the United Kingdom's Foreign Commonwealth Office. What exactly are those Mysterious Wikileaks Tweets? Some users on Twitter, Reddit, and various discussion forums speculated that the tweets in question were the result of a " dead man's switch " that has been triggered in the event of Julian Assange's untimely death. Users on Twitter a...

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed " The GCHQ Puzzle Book ," the book features more than 140 pages of codes, puzzles, and challenges created by expert code breakers at the British intelligence agency. Ranging from easy to complex, the GCHQ challenges include ciphers and tests of numeracy and literacy, substitution codes, along with picture and music challenges. Writing in the GCHQ Puzzle Book's introduction, here's what GCHQ Director, Robert Hannigan says: "For nearly one hundred years, the men and women of GCHQ, both civilian and military, have been solving problems. They have done so in pursuit of our mission to keep the United Kingdom safe. GCHQ has a proud history of valuing and supporting individuals who think differently; without them, we would be of little value to the country. Not all are geniuses ...

Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l...

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det...

Are your internet-connected devices spying on you? Perhaps. We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services. But, these connected devices are not just limited to conduct DDoS attacks ; they have far more potential to harm you. New research [ PDF ] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices. The hackers then turn, what researchers call, these " Internet of Unpatchable Things " into proxies for malicious traffic to attack internet-based targets and 'internet-facing' services, along with the internal networks that host them. Unlike recent attacks via Mirai botnet , the new targeted attack, dubbed SSHowDowN Proxy , specifically ma...