The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes , which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination. According to a recent report ' Spoiled Onions: Exposing Malicious Tor Exit Relays ', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques. Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called " exitmap " and detected su...

Facebook has paid out its largest Bug Bounty ever of $33,500 to a Brazilian security researcher for discovering and reporting a critical Remote code execution vulnerability, which potentially allows the full control of a server. In September, ' Reginaldo Silva' found an XML External Entity Expansion vulnerability affecting the part of Drupal that handled OpenID, which allows attacker to read any files on the webserver. As a feature, Facebook allows users to access their accounts using OpenID in which it receives an XML document from 3rd service and parse it to verify that it is indeed the correct provider or not i.e. Receives at https://www.facebook.com/openid/receiver.php  In November 2013, while testing Facebook's ' Forgot your password ' functionality, he found that the OpenID process could be manipulated to execute any command on the Facebook server remotely and also allows to read arbitrary files on the webserver. In a Proof-of-Concept , ...

How many of you use Google Chrome for surfing the Internet and feel safe while working on it? I think many of you. Chrome is one of the most trusted Web Browsers that provide a user friendly environment and cyber security, but this we all know that every product has its negative side too, and so has Google's Chrome. Chrome has a 'Voice Recognition' feature, that use your system's microphone and allows you to speak instead of typing into any text box, to make hands-free web searches, quick conversions, and audio translator also work with them. Google's browser is also not immune to bugs and this time the new bug discovered in Chrome is capable to listen and record your whole private conversations without your knowledge, by abusing the voice recognition feature. While working on ' Annyang ', a voice to text software for websites, the web developer ' Tal Ater ' discovered a vulnerability that can be exploited and lets malicious sites to turn your Go...

Privacy is "workings of your mind". We share our personal moments captured in images, credit card details, thoughts that are personal or professional with a person or a certain group at different instances of time and want it to be safe and secure. We use an electronic gadget to share something trusting blindly the service provider company which may have to obey some unveiled laws of that country to which it belong and our data might be at risk. The surveillance programs can force these companies to store the information and share it with the Government and can even sniff all the data passing through the channels i.e. Wire or Air, and hence compromise our privacy. Though surveillance programs were in existence before Snowden's leaks, but after the revelation of NSA's surveillance programs, we need to think twice when it comes to our privacy. 28% of all Internet users, i.e. 415 Million people say that they use some sort of privacy tool for their Internet browsing sessio...

" Guccifer " arrested in Romania, the infamous hacker who was responsible for breaching the social media and email accounts of numerous high profile US and Romanian Politicians. Romanian authorities collaborated with US services to catch him and the officers of the Directorate for Investigating Organized Crime and Terrorism (DIOCT) raided His House last Wednesday. His well known leaks included the emails of former secretary of state ' Colin Powell ', suggested that he was having an affair, which was later denied by Colin. He was also responsible for breaking into the Bush family e-mails . The Hacker also infiltrated the email from George Maior , chief of the Romanian Intelligence Service (SRI). Guccifer is a 40-year-old Marcel Lazar Lehel , a resident of Arad , who was convicted of several other computer crimes in 2012, according to Romanian media report . But those charges stemmed from Lazăr Lehel's attacks on dozens of Romanian officials between O...

A New day begins with a Cup of Coffee and with new massive Data Breach News. This time in Germany, the Digital identities of about 16 million online users had been stolen, and posing a risk to their accounts linked to social media and other services. Federal Office for Information Security (BSI) discovered a security breach after running an analysis of the botnet network of computers infected with malware . The compromised accounts have email addresses as their username and also the passwords were stolen, that could also be sold to spammers and people looking to " phish " account holders. Until now it hasn't been known that how and when the analysis was carried out and who exactly were involved behind this massive data breach, as the BSI refused to give details on the source of the information. Authorities have set up a German-language website which allows users to enter their email address and check whether their email accounts are compromised or not. ...

Cyber Criminals will not let any way out without making Money. Another huge Credit Card theft and this time they targeted Gas Stations. 13 men were suspected and charged for stealing banking information, using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. They made more than $2 Million by downloading the ATM information, as well as PIN numbers from the gas pumps and then used the data to draw cash from the ATMs in Manhattan. Manhattan District Attorney Cyrus R. Vance explained the operation that the skimming devices were internally installed so was undetectable to the people who paid at the pumps and the devices were Bluetooth enabled, so it did not need any physical access in order to obtain the stolen personal identifying information. " By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country. Cybercriminals and ident...

China has always tried to support its homegrown tech industry and even the security concerns over U.S. secret surveillance which gives Chinese Government another reasons to trust domestic vendors.Many other countries are also in favor to develop their own technology industries to reduce their dependence on U.S. The Government of China is not too fond of foreign mobile operating systems and therefore are trying to break the monopoly of Microsoft, Apple and Google in the country. This week at an event in  Beijing,  China has unveiled its own Linux-based mobile platform, dubbed China Operating System (COS) , developed as a joint effort between a company ' Shanghai Liantong ', ISCAS ( Institute of Software at the Chinese Academy of Sciences ) and the Chinese Government. According to  COS website , it is designed for PCs, Smartphones, tablets, TVs, set-top boxes and other smart appliances. It runs Java applications, supports HTML5 and can run ov...

In the previous reports of Cyber Intelligence firm ' IntelCrawler ' named Sergey Tarasov , a 17-year-old teenager behind the nickname " ree[4] ", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110 million consumers' Credit-Debit cards, and personal information from the TARGET . Later Researchers's investigation revealed that the original coder of BlackPOS Malware was actually a 23-year-old young hacker named Rinat Shabayev and the teen, Sergey Taraspov is the incharge for the technical support department. In an interview with Russian channel ' LifeNews ', Rinat Shabayev admitted that he had developed the BlackPOS crimeware kit. He clarified that the program developed by him was not meant for any kind of data theft, instead the program was written for the security testing. He developed the malware with the he...

In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ' Sefnit '. In an effort to takedown of the Sefnit botnet to protect windows users, Microsoft r emotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner. Last year in August, after Snowden revelations about the National Security Agency's ( NSA ) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks. In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called ' Sefnit malware ', which was infecting millions of computers for click fraud and bitcoin mining. To achieve the maximum number...

Yesterday Night Microsoft has faced another targeted attack by the Syrian Electronic Army (SEA), a group supposed to be aligned with Syrian President Bashar al-Assad . The SEA group is popular for its advance phishing attack and using the same technique they also hacked into the Official Twitter account of Microsoft News, Xbox Support, Skype and also defaced the Microsoft, Skype Official Blog pages in the past few weeks. Yesterday, Just after the Microsoft uploaded the newly designed website of it ' Microsoft Office ' blog, the Syrian Electronic Army gang again compromised it successfully. SEA uploaded the hacked blog screenshots on their twitter account, with a defacement article titled " Hacked by the Syrian Electronic Army ", as shown. Before, they also taunted Microsoft that " changing the CMS will not help you if your employees are hacked and they don't know about that ." The Group kept their promise to continue their attacks...

Last year in the month of December the Security-focused Unix-like distribution ' OpenBSD ' Foundation announced that it was facing shut down due to lack of funds to pay their electricity bills and dedicated Internet line costs. Theo de Raadt , the founder of the OpenBSD project, and Bob Beck (Developer) announced : " In light of shrinking funding, we do need to look for a source to cover project expenses. If need be the OpenBSD Foundation can be involved in receiving donations to cover project electrical costs. But the fact is right now, OpenBSD will shut down if we do not have the funding to keep the lights on. " Just after a month, a Bitcoin billionaire from Romania has stepped in and sorted OpenBSD out! Mircea Popescu , the creator of the MPEx Bitcoin stock exchange has offered $20,000 donations to the OpenBSD Foundation and saved the existence of OpenBSD development from being stopped. Like each open source project, OpenBSD production servers we...