The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Linux is considered as one of the most favorite operating systems for hackers and security researchers. The open source operating system is often used for building technologies as it offers developers much room for modifications. Linux is used on many hardware platforms, servers, gaming platforms, and much more. So it is essential for anyone, who want to become a Linux pro or seeking a career in system administrator, to understand Linux. But Are you tired of searching multiple resources to fully understand Linux? This process is not just time-consuming, but also expensive as one has to pay for different courses to know and learn how to setup, maintain and operate a fully backend infrastructure powered by Linux Operating System. Not now! You don't need to waste your time and money, as today's THN Deals will help you choose an excellent course specifically designed to teach you all thing Linux. Deal Of the Day — Linux Essentials Bundle (82% Discount) Linux Essentials ...

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices. It's not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks. However, when it comes to security, people generally ignore to protect all these connected devices and focus on securing their PCs and smartphones with a good antivirus software or a firewall application. What if any of these connected devices, that are poorly configured or insecure by design, get hacked? It would give hackers unauthorized access to your whole network allowing them to compromise other devices connected to the same network, spy on your activities and steal sensitive information by using various sophisticated hacks. There have already been numerous cases of attackers hacking home appliances, industrial control, automotive, medic...

If you came across a celebrity sex video on Facebook featuring Jessica Alba or any other celebrity, just avoid clicking it. Another Facebook scam is circulating across the social networking website that attempts to trick Facebook users into clicking on a link for a celebrity sex tape that instead downloads malware onto their computers. Once installed, the malware would force web browsers to display aggressive advertising web pages which include sites with nudity and fake lotteries. The spam campaign was uncovered by researchers at Cyren, who noted that a malicious Google Chrome extension is spreading nude celebrity PDFs through private messages and posts on various Facebook groups. If opened, the PDF file takes victims to a web page with an image containing a play button, tricking users that the PDF may contain a video. Once clicked, the link redirects users of Internet Explorer, Firefox, or Safari to a web page with overly-aggressive popups and advertisements related to ...

In his final month in office, President Barack Obama has ordered U.S. intelligence agencies to conduct a "full review" of pre-election cyber attacks against Democratic Party organizations that many believe affected the outcome of the 2016 presidential election. The United States intelligence agencies have attributed those series of cyber-attacks to Russia that shook the US election season. "The President earlier this week instructed the intelligence community to conduct a full review of the pattern of malicious cyber activity related to our presidential election cycle," White House spokesman Eric Schultz told reporters. At an event hosted by the Christian Science Monitor, White House's counterterrorism adviser Lisa Monaco announced that the president had "directed the Intelligence Community to conduct a full review of what happened during the 2016 election process." President is expecting a full report before the end of his term, and Pres...

Bad news for consumers with Netgear routers: Two popular Netgear routers are vulnerable to a critical security bug that could allow attackers to run malicious code with root privileges. Netgear's R7000 and R6400 routers, running current and latest versions of firmware, are vulnerable to arbitrary command injection attacks, though the number of users affected by the flaw is still unclear. In an advisory published on Friday in Carnegie Mellon University's public vulnerability database (CERT), security researchers said that all an attacker needs to do is trick a victim into visiting a website that contains specially crafted malicious code to exploit the flaw. As soon as the victim lands on the page, the malicious commands would execute automatically with root privileges on affected routers. A working exploit leveraging the vulnerability has also been publicly released so that anyone can carry out attacks against the vulnerable routers. Researchers warned that othe...

Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75...

Uber was in controversies at the mid of this year for monitoring the battery life of its users, as the company believed that its users were more likely to pay a much higher price to hire a cab when their phone's battery is close to dying. Uber is now tracking you even when your ride is over, and, according to the ride-hailing company, the surveillance will improve its service. Uber recently updated its app to collect user location data in the background. So, if you have updated your Uber app recently, your app's location tracking permissions have changed, allowing the app to monitor your location before and five minutes after your trip ends, even if you have closed the app. A popup on the Uber app will ask you, "Allow 'Uber' to access our location even when you are not using the app?" You can click " Allow " or " Don't Allow " in response to this request. If you don't allow it, Uber won't track you. According to t...

Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. This issue is because Yahoo Mail failed to properly filter potentially malici...

The Russian government has introduced a draft bill that proposes prison sentences as punishment for hackers and cyber criminals creating malicious software used in targeting critical Russian infrastructure, even if they have no part in actual cyber attacks. The bill, published on the Russian government's website on Wednesday, proposes amendments to the Russian Criminal Code and Criminal Procedure Code with a new article titled, "Illegal influence upon the critical informational infrastructure of the Russian Federation." The article introduces punishment for many malicious acts, including the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems." When suspects found as part of any hacking operation, they will face a fine between 500,000 and 1 Million rubles (about $7,700 to $15,400) and up to five years in prison, even if the hacking causes little or no harm. Also R...

DDoS has become a game now that could knock any service offline. A Turkish hacking group is encouraging individuals to join its DDoS-for-Points platform that features points and prizes for carrying out distributed denial-of-service (DDoS) attacks against a list of predetermined targets. The points earned can later be redeemed for various online click-fraud and hacking tools. Dubbed Sath-ı Müdafaa , translated as Surface Defense in English, this DDoS-for-Points platform is advertised via local Turkish hacking forums, including Turkhackteam and Root Developer. Surface Defense prompts other hackers in Turkey to sign up and asks them to attack political websites using a DDoS tool known as Balyoz , translated as Sledgehammer. According to Forcepoint security researchers, who discovered this program, Balyoz works via Tor and requires a username and password to log in. The tool then uses a DoS technique to flood targets with traffic. Here's How the Balyoz Tool Works On...