The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices. One of the serious vulnerabilities is the  Stagefright Security Bug , where all it needed to install malicious code on the Android devices was a simple text message. Although Google patched these security holes in its latest Android update, manufacturers can take a long time to release their own updates, and it's even possible that older devices may not get the updates at all. So, even after the release of patches for these critical vulnerabilities, it is difficult to say which Android devices are at risk of what bugs. There is a one-click solution to this problem. One Android app can help educate you and help you know whether your devices is at risk. One-Click Solution to Check Your Device for All Critical Bugs Android Vulnerability Test Suite ( VT...

Since past few years, Ransomware has emerged as one of the catastrophic malware programs that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically to be paid in Bitcoin ) in exchange for a key to decrypt it. Until now cyber criminals were targeting computers, smartphones and tablets, but now it appears they are creating ransomware that makes the same impact but for Web Sites – specifically holding files, pages and images of the target website for Ransom. Dubbed Linux.Encoder.1 by Russian antivirus firm Dr.Web , the new strain of ransomware targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asking for 1 Bitcoin ( ~ $300 ) to decrypt the files. The ransomware threat is delivered to the target website through known vulnerabilities in website plugins or third-party software. Must Read: FBI Suggests Ransomware Victims — 'Just Pay th...

ISIS hackers have hacked tens of thousands of Twitter accounts, including the accounts of the members of CIA and the FBI, in revenge for the US drone strike that killed a British ISIS extremist in August. The Cyber Caliphate , a hackers group set up by British ISIS member Junaid Hussain , urged its supporters and followers to hack Twitter accounts in order to take revenge of Husain's death. Over 54,000 Twitter Accounts Hacked! As a result, the hackers were able to hack more than 54,000 Twitter accounts. Most of the victims targeted by Jihadis appear to be based in Saudi Arabia though some of the them are British. One of the victims based in Saudi Arabia, whose Twitter account was compromised by the ISIS extremists, said, "I am horrified at how they got hold of my details." The extremists not only hacked thousands of Twitter accounts, but they also posted hacked personal information, including phone numbers and passwords, of the heads of: The...

The Group of teenage hackers, which previously hacked into the personal email of the CIA director John Brennan and published a large trove of sensitive data, has now had its hands on even more important and presumably secure target. Hackers Accessed Law Enforcement Private Portal The hacking group, Crackas With Attitude ( CWA ), claims it has gained access to a Law Enforcement Portal through which one can access: Arrest records Tools for sharing information about terrorist events and active shooters The system in question is reportedly known as the Joint Automated Booking System ( JABS ), which is only available to the Federal Bureau of Investigation (FBI) and law enforcement. Hackers Gained Access to FBI's Real-Time Chat System Moreover, the hacking group also says it has gained access to another tool that is something like a real-time chat system for the FBI to communicate with other law enforcement agents around the US. Two days ago, CWA published...

Simply put, threat intelligence is knowledge that helps you identify security threats and make informed decisions. Threat intelligence can help you solve the following problems: How do I keep up to date on the overwhelming amount of information on security threats…including bad actors, methods, vulnerabilities, targets, etc.? How do I get more proactive about future security threats? How do I inform my leaders about the dangers and repercussions of specific security threats? Threat Intelligence: What is it? Threat intelligence has received a lot of attention lately. While there are many different definitions, here are a few that get quoted often: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. – Gartner   The set of data collected, assessed and app...

The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife. Yesterday, Cracka , a member of the teenage hacktivist group known as ' Crackas With Attitude ' (CWA) posted a new trove of information belong to thousands of government employees online; however they claim to have accessed far more than that. The hackers claimed to have obtained the personal information by hacking into AOL email accounts of the Giuliano and his wife. More Than 3,500 Government Employees Doxxed The published information includes more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel. Though the FBI officials couldn't immediately verify the claims, Infowars has confirmed the authenticity of several people listed, which includes everyone from local police officers to FBI and mili...

The Geneva-based encrypted email service ProtonMail was forced to pay a  Ransom of almost $6,000 to stop sustained Denial-of-service (DDoS) attacks that have knocked its service offline since Tuesday. ProtonMail – a full, end-to-end encrypted email service that launched last year – has been dealing with, what it called, the extremely powerful DDoS attack, and is still unavailable at the time of writing. ProtonMail Paid $6,000 to Stop DDoS In an official statement posted on a WordPress blog Thursday, officials of ProtonMail said the powerful DDoS attack by an unknown group of hackers forced them to pay 15 Bitcoins (about $5,850) in exchange for them halting the assault. However, even after paying the ransom amount, the crippling DDoS attacks continued to the ProtonMail service. DDoS Attack Continues Even After Paying Ransom ProtonMail officials said, "We hoped that by paying [ransom], we could spare other companies impacted by the [DDoS] attack again...

The online hacktivist group Anonymous has followed through on its promise to disclose the identities of hundreds of Ku Klux Klan members. On Monday, Anonymous vowed to release the full info dump of about  1,000 alleged Ku Klux Klan members with a chosen date of 5th of this November. As promised, Anonymous posted a link to a Pastebin account with the names, aliases, Google Plus profiles, Facebook accounts and other identifying information of roughly 1,000 individuals the group believes are members of the Ku Klux Klan. The hackers behind the leak tweeted a link to a Pastebin on a Twitter account, Operation KKK ( @Operation_KKK ) believed to be controlled by them. Ku Klux Klan (KKK) is classified as a White Supremacist Racist group by the Anti-Defamation League and the Southern Poverty Law Center, allegedly having total 5,000 to 8,000 members. "We hope Operation KKK will, in part, spark a bit of constructive dialogue about race, racism, racial terror and fr...

Police have arrested a fourth person, a 16-year-old boy , from London in connection with the high-profile hack of British telecoms giant TalkTalk. The investigating officers from the Metropolitan Police Cyber Crime Unit (MPCCU) arrested the teenager at his home in Norwich on suspicion of Computer Misuse Act offences. TalkTalk was subjected to a ' significant and sustained ' hacking attack on its official website two weeks back, which put the Bank Details and Personally Identifiable Information (PII) of its 4 Million customers at risk. The telco confirmed last week that at most 1.2 Million names, email addresses and phone numbers and around 21,000 unique bank account numbers and sort codes were compromised in the attack. However, TalkTalk said that the stolen credit card details were incomplete, so the payment cards could not be used for any false financial transactions. But, the company advised customers to remain vigilant against financial fraud. S...

Unless we are a human supercomputer, remembering a different password for every different site is not an easy task. But to solve this problem, there is a growing market of best password manager and lockers, which remembers your password for every single account and simultaneously provides an extra layer of protection by keeping them strong and encrypted. However, it seems to be true only until a hacker released a hacking tool that can silently decrypt and extract all usernames, passwords, as well as notes stored by the popular password manager KeePass . Dubbed KeeFarce , the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub  for free download. Hackers can execute KeeFarce on a computer when a user has logged into their KeePass vault, which makes them capable of decrypting the entire password archive and then dumping it to a file that attackers can steal remotely. How Does KeeFarce Work? KeeFarce obtains passwords by l...

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv...