The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The only clue the unnamed bank's specialists found from the ATM's hard drive was — two files containing malware logs. The log files included the two process strings containing the phrases: "Take the Money Bitch!" and "Dispense Success." This small clue was enough for the researchers from the Russian security firm Kaspersky, who have been investigating the ATM heists, to find malware samples related to the ATM attack. In February, Kaspersky Labs reported that attackers managed to hit over 140 enterprises, including banks, telecoms, and government organizations, in th...

It's an impressive milestone for Google — For the first time in decades, Android has been crowned as the world's most popular operating system in terms of Internet usage, knocking Microsoft Windows off the top spot. According to a new report from web traffic analytics firm StatCounter, Google's Android is the most popular operating system worldwide in terms of total internet usage across desktop, laptop, tablet, and mobile combined. Looking at overall internet usage, Android represented 37.93 percent of the global OS Internet usage market share in March, while Windows accounted for 37.91 percent. Although Windows is still not far behind, Android taking the lead is being described by StatCounter CEO Aodhan Cullen as a "milestone in technology history." This achievement is due to the fact that mobile devices are used to connect to the Internet far more frequently than desktops and laptops, and people are spending more time on smartphones surfing the Inter...

Microsoft has announced to shut down CodePlex -- its website for hosting repositories of open-source software projects -- on December 15, 2017. Launched in 2006, CodePlex was one of the Microsoft's biggest steps towards the world of open source community -- where any programmer, anywhere can share the code for their software or download and tweak the code to their liking. However, Microsoft says that the service has dramatically fallen in usage and that fewer than 350 projects seeing a source code commit over the last 30 days, pointing to GitHub as the "de-facto place for open source sharing." GitHub – 'Facebook for Programmers' In a blog post published Friday, Microsoft Corporate VP Brian Harry wrote that the shutdown of CodePlex is because the open source community has almost entirely moved over to GitHub, which provides similar functionality for sharing code that people can collaborate on. "Over the years, we have seen a lot of amazing opti...

The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration   The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost...

WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed " Marble ," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware. The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation. The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games. "Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributin...

Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling . And what's interesting? Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence. No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls. Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes. However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way ...

Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites. All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire face, as if they were taking a selfie, in order to unlock their phone. Biometric technology – that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA – is now being integrated into more consumer devices for improved security. But, we have seen a number of hacks involving Biometric security systems in the past, which prove that fingerprint scanner and IRIS scanner  are less secure than a passcode and can be fooled by anyone, perhaps, using a photograph of the user. But how secure is the built-in sensor from Samsung to allow for facial recognition? Not so much...at least for now...

If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data. The telecom giant has partnered with Evie Launcher to bring a new application called ' AppFlash ' — a universal search bar that will come pre-installed on the home screens of all Verizon Android handsets for quickly finding apps and web content. AppFlash is simply a Google search bar replacement, but instead of collecting and sending telemetry data including what you search, handset, apps and other online activities to Google, it will send to Verizon. What's worse? Just like other pre-installed bloatware apps, Android users can't uninstall AppFlash quickly, unless they have rooted their phone. AppFlash allows you to search inside apps or browse through listings of nearby restaurants and entertainment. The built-in Google Search ...

Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie , the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit architectures, download additional malware on infected systems, and self-destruct when ordered to. The malware has largely flown under the radar for the past three years – Thanks to its stealthy command and control methods. The threat was discovered in the mid of January this year when it was targeting multiple owners of Github repositories via phishing emails, but cyber-security firm Palo Alto, who reported the campaign on Tuesday, says the attacks started a few weeks before. Here's How the Attack Works: The attack starts by spamming the email inboxes of active GitHub users with booby-trap...

The British authority has reportedly arrested a 20-years-old young man – potentially one of the member of a cyber criminal gang ' Turkish Crime Family ' who threatened Apple last week to remotely wipe data from millions of iOS devices unless Apple pays a ransom of $75,000. The UK's National Crime Agency (NCA) arrested a young man from London on Tuesday on suspicion of " Computer Misuse Act and extortion offences, " who according to Motherboard , " may be connected to the ongoing attempted extortion of Apple by a group calling itself the Turkish Crime Family. " Last week, the hacking group claimed to have access to over 300 million iCloud accounts and threatened Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards. Motherboard broke the story after one of the members of Turkish Crime Family shared screenshots of emails between the hacking gro...