The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Get ready for faster Internet because the WiFi you know today is about to change and get much, much faster. The WiFi Alliance, a self-described "worldwide network of companies that brings you Wi-Fi," has finally certified " WiGig ," an ultra-fast, short-range wireless network technology that will nearly double Wi-Fi's current top speed. As many as 180 Million devices, including routers, smartphones, laptops, tablets, and other devices, arriving by the end of next year will support WiGig or multi-gigabit Wi-Fi 802.11ad on the 60 gigahertz band, the Alliance announced . This certification program aims to encourage the production of devices and hardware that not only operate in the "less congested" 60 GHz spectrum but can also fall back to the regular Wi-Fi – 2.4 or 5 gigahertz bands – for maximum interoperability. "Wi-Fi has delighted users for more than 15 years, and WiGig now gives users even higher performance in a rich variety of appl...

Just last month, researchers explained how an attacker can knock the 911 service offline in an entire state by launching automated Distributed Denial of Service (DDoS) attacks using a botnet of just 6000 smartphones. But, doing so, in reality, could not only land public in danger but the attacker as well. The same happened to an 18-year-old teen from Arizona, who was arrested this week following a severe disruption of 911 emergency systems caused due to one of his iOS exploits. Meetkumar Hiteshbhai Desai discovered an iOS vulnerability that could be exploited to manipulate devices, including trigger pop-ups, open email, and abuse phone features, according to a press release from the Cyber Crimes Unit of Maricopa County Sheriff's Office. In order to prove the flaw, Desai allegedly created several exploits and posted a link to one of his JavaScript exploits on his Twitter account and other websites. People accessing the exploit link from their iPhones and iPads were ...

The infamous botnet that was used in the recent massive distributed denial of service (DDoS) attacks against the popular DNS provider Dyn, causing vast internet outage  last Friday, itself is flawed. Yes, Mirai malware, which has already enslaved millions of Internet of Things (IoT) devices across 164 countries, contains several vulnerabilities that might be used against it in order to destroy botnet's DDoS capabilities and mitigate future attacks. Early October, the developer of the malware publically released the source code of Mirai , which is designed to scan for IoT devices – mostly routers, cameras, and DVRs – that are still using their default passwords and then enslaves them into a botnet, which is then used to launch DDoS attacks. However, after a close look at the source code, a researcher discovered three vulnerabilities, one of which could be used to shut down Mirai's ability to flood targets with HTTP requests. A stack buffer overflow vulnerability wa...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs). Yes, it's time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules. On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy rules on Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent. In a 3-2 vote, the FCC approved the new rules by which many privacy advocates seem pleased, while some of them wanted the Commission to even apply the same rules to web-based services like Google and Facebook as well. Initially proposed earlier this year, the new rule says : "ISPs are required to obtain affirmative 'opt-in' consent from consumers to use and share sensitive information." What does 'sensitive' information mean h...

Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows operating system, even Windows 10, in a manner that no existing anti-malware tools can detect, threaten millions of PCs worldwide. Dubbed " AtomBombing ," the technique does not exploit any vulnerability but abuses a designing weakness in Windows. New Code Injection Attack helps Malware Bypass Security Measures AtomBombing attack abuses the system-level Atom Tables, a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis. And since Atom are shared tables, all sorts of applications can access or modify data inside those tables. You can read a more detailed explanation of Atom T...

The hacker who stole photographs of female celebrities two years ago in a massive data breach — famous as " The Fappening " or "Celebgate" scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday. 36-year-old Lancaster, Pennsylvania man Ryan Collins was arrested in March and charged with hacking into "at least 50 iCloud accounts and 72 Gmail accounts," most of which owned by Hollywood stars, including Jennifer Lawrence, Kim Kardashian, and Kate Upton. Now, a judge in Harrisburg, Pennsylvania, on Wednesday sentenced Collins to 18 months in federal prison after violating the Computer Fraud and Abuse Act. Here's How Collins Stole Celebrities' Photos Federal prosecutors said Collins ran phishing scheme between November 2012 and September 2014 and hijacked more than 100 people using fake emails disguised as official notifications from Google and Apple, asking victims for their account credentials. ...

Now you can hijack nearly any drone mid-flight just by using a tiny gadget. Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device. Andersson, who is the manager of Trend Micro's TippingPoint DVLab division, demonstrated this new hack at this year's PacSec security conference in Tokyo, Japan on Wednesday. Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx. DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars. This is not the first hardware that can hijack drones mid-flight . There are jamming devices available in...

The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro's Zero Day Initiative (ZDI) in Tokyo, Japan. Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple's iPhone 6S as well as Google's Nexus 6P phones. Hacking iPhone 6S For hacking Apple's iPhone 6S, Keen Lab exploited two iOS vulnerabilities – a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device, for which the team was awarded $52,500 . The iPhone 6S exploit successfully worked despite the iOS 10 update rolled out by Apple this week. Earlier this week, Marco Grassi from Keen Lab was credited by Apple for finding a serious remote code execution flaw in iOS that could compromise a victim's phone by just viewing "a maliciously crafted JPEG" image. However, a...

Guess how many devices participated in last Friday's massive DDoS attack against DNS provider Dyn that caused vast internet outage? Just 100,000 devices. I did not miss any zeros. Dyn disclosed on Wednesday that a botnet of an estimated 100,000 internet-connected devices was hijacked to flood its systems with unwanted requests and close down the Internet for millions of users. Dyn executive vice president Scott Hilton has issued a statement , saying all compromised devices have been infected with a notorious Mirai malware that has the ability to take over cameras, DVRs, and routers. "We're still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints," Hilton said. "We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets." Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those...

The world's largest online professional network LinkedIn could face a ban in Russia after the company has failed to comply with a Russian data localization law that compels companies to keep data on Russian users in their country. If you are not aware, LinkedIn is the only major social network which is not banned in China, because the company agreed to cooperate with the Chinese government and remove controversial content. However, LinkedIn could be the first social network in Russia to be blocked by the Russian state's federal media regulator, called Roskomnadzor, for not complying with the rules. In July 2014, the Russia approved amendments to the Russian Personal Data Law which came into force in 1st September 2015, under which foreign tech companies were required to store the personal data of its citizens within the country. However, Russia was not the first country to enforce such law on foreign tech companies. A few months ago, Iran also imposed new regulations...