The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After the huge success of Samsung galaxy S3, Samsung Galaxy S4 and Samsung Tablets, the world's most successful Android manufacturer is going to reveal its brand new Smartphone Samsung Galaxy S5 next week at Mobile World. Early in 2014, rumors suggested that Samsung Galaxy S5 will have Fingerprint Scanning technology like iPhone 5s . Fingerprint scanners are slowly becoming a popular feature for high-end Smartphones, and just yesterday the rumors turned out to be true and SamMobile has confirmed that Samsung Galaxy S5 device will come with a Biometric sensor capable of taking Fingerprint scans to unlock the Smartphone device. How it will work?  Samsung Galaxy S5 fingerprint sensor will be implemented into the Galaxy S5's Home button. The sensor itself works in a swipe manner, which means that you would need to swipe the entire pad of your finger, from base to tip, across the home key to register your fingerprint properly. Unlike Apple's iPhone 5s...

Get bored with the older versions of Google's Android Operating system? Then there is Good News for Android lovers ! Google is putting an end to the older versions of Android newly manufactured Smartphone Handsets. According to a leaked Google Document, the Smartphone Manufacturers will be forced to provide the latest version of Android, i.e. version 4.4 KitKat installed in the new handsets, under Google's new policy. If an OEM wants to qualify for Google Mobile Services (GMS) or Google Apps, they should install the up-to-date version of Android in the handset and If true, then Google will no longer authorize devices running versions older than Android 4.2. In the leaked memo, Google states, " Starting February 2014, Google will no longer approve GMS distribution of new Android products that ship older platform releases. Each platform release will have a GMS approval window that typically closes nine months after the next Android platform release is publicly available. "...

After the developer of Flappy Bird pulled the gaming app from both the Apple and Google app stores, it led to the creation of dozens and dozens of Flappy Bird clones that are trying to cash in on the popularity of the original title. Also Security researchers from multiple anti-malware firms have recently identified a number of malicious versions of Flappy Bird apps. In Order to protect Smartphone users from installing malicious applications that pretend to be the one associated with the previous Flappy Bird app, Google and Apple have finally decided to reject all games and application that contain ' Flappy ' in the title on app Stores. Ken Carpenter, another app developer with Mind Juice Media, posted on his Twitter account that his newly developed app, which he named Flappy Dragon , got rejected from Apple's app Store because the name " attempts to leverage a popular app " According to Ken, 'Flappy' in app title are being rejected by Apple under a violatio...

Which Wireless Router do you have at your Home or Office? If it's a Linksys Router you could be in the danger to a new malware that attacks your firmware and replicates itself. Security researcher Johannes B. Ullrich from the SANS Technology Institute has warned about a self-replicating malware which is exploiting authentication bypass and code-execution vulnerabilities in the Linksys wireless routers. The Malware named as ' THE MOON ', scans for other vulnerable devices to spread from router to router and Johannes confirmed that the malicious worm has already infected around 1,000 Linksys E1000, E1200, and E2400 routers. In order to hack the Router, malware remotely calls the Home Network Administration Protocol (HNAP), allows identification, configuration and management of networking devices. The Malware first request the model and firmware version of the router using HNAP and if the device founds vulnerable, it sends a CGI script exploit to get the local command execution ...

Sooner or later it had to Happen! After whistle-blower Edward Snowden unfolded various spying operations that were controlled by the US Intelligence agency, it gave a reason to all other countries to start their own Counter-Surveillance programs. Last year in October, it was revealed that the National Security Agency ( NSA ) was eavesdropping the mobile communications of German Chancellor  Angela Merkel's  and  Gerhard Schroder's   from many years. Snowden documents detailed about a so-called  National Sigint Requirement List , a list of people and Institutions named as primary targets for the U.S. Intelligence Agency; whose telephone communications should be monitored. After Suffering from spying on them, Germany has finally decided to give a ' Roland for their Oliver ' and planning to resume active Counter Espionage Operations against both the US and several Western associate countries. " This step would be an about-face from the dec...

If you have an account at the popular crowd funding site Kickstarter , it's time to change your account's password. Kickstarter's CEO Yancey Strickle r says that the company has been hacked by an unknown hacker earlier this week. Kickstarter said in a blog post that no credit card information was stolen in Data Breach , but users' personal information has been compromised and they also haven't found evidence of unauthorized activities on accounts. Data accessed and stolen by hackers included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords of the users. Facebook usernames and logins were not compromised for those who use that log-in system to get on Kickstarter. According to a Kickstarter's team member, the older users' passwords were encrypted using salted SHA1  and newer users' passwords are encrypted with a stronger hashing algorithm called ' bcrypt '. Hackers could attempt to crack the encrypted pa...

Something unusual happened today, Mark Zuckerberg's Facebook Timeline Cover Photo is removed, as shown in the above Screenshot. Suddenly, after few hours, I got a mail from an Egyptian Hacker with nickname ' Dr . FarFar ', claimed that he has hacked the Mark Zuckerberg's Facebook Profile and removed the Cover Photo using a private exploit. The hacker has not provided any technical details about the vulnerability he used, but it seems that Zuckerberg has not noticed the removed Cover Photo on his profile. It could be possible that Zuckerberg removed his Cover Photo himself, and someone is trying to take responsibility for the changes, but I still have a positive feeling that - May be a Minor, but its a Hack! Previously in August 2013, Palestinian programmer discovered a security flaw in Facebook that allowed him to write a post on Facebook CEO Mark Zuckerberg's personal timeline without his permission. Well, we are trying to get more information from...

Downloading various apps blindly from Google play store may bring you at risk in terms of money.  PandaLabs , the Cloud Security Company, has identified malicious Android apps on Google Play that can sign up users for premium SMS subscription services without their permission and so far it has infected at least 300,000 Android users, although the number of malicious downloads could have reached 4 times higher i.e. 1,200,000 users. The four apps found free in the app store that came packaged with a premium SMS scam that dubbed as "Easy Hairdos", "Abs Diets", "Workout Routines" and "Cupcake Recipes" and are among the malicious apps available for free download on Google Play store . From the above app, say if 'Abs Diet' has been installed on your phone and once the user has accepted the terms and conditions of the service, the app displays a series of tips to reduce abdominal fat and then without the user's knowledge, the app l...

You all were busy in celebrating Valentine's Day with your loved ones, and the cyber criminals were too celebrating the day in their own way, and this time, with the TESCO customers. A list of over 2,240 Tesco.com  Internet Shopping accounts was posted Online on the Pastebin website by some unknown hackers on Thursday, allowing access to online shopping accounts, personal details and Tesco Clubcard vouchers, reported by The Guardian . A Tesco spokesperson told The Hacker News that this information has not come from Tesco's website itself, rather there have been high profile hacks on other businesses  A Tesco spokesperson said, " We take the security of our customers' data extremely seriously and are urgently investigating these claims. " " We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this. We will issue replacement vouchers to the very small numbers who are affected. ...

Flappy Bird , developed by a 29-year old, Dong Nguyen , was one of the top free gaming apps of the last month, but now officially unavailable for users. After achieving income of $50,000 per day in advertising revenue, Dong Nguyen pulled out Flappy Bird gaming app from all the web app stores and now it's permanently dead. " Flappy Bird was designed to play in a few minutes when you are relaxed ," says Dong Nguyen, in an exclusive interview with Forbes. " But it happened to become an addictive product. I think it has become a problem. To solve that problem, it's best to take down Flappy Bird. It's gone forever. " Till now the reason is not clear from Dong's statement that why exactly he quit the app, but it's clear that his decision have given opportunity for hackers for creating a malicious version of this app and the app's popularity will help them to gain success in spreading Smartphone  malware to mass and hence, the malicious apps are available in play stores ...

Hackers are using a zero day vulnerability in Microsoft's Internet Explorer (IE) web browser and targeting US military personnels in an active attack campaign, dubbed as ' Operation Snowman' . FireEye Researchers have discovered that a U.S. veterans website was compromised to serve a zero day exploit, known as CVE-2014-0322 , which typically involves the compromise of a specific website in order to target a group of visitors known to frequent it. FireEye identified drive-by-download attack which has altered HTML code of the website and introduced JavaScript which creates malicious iFrame. " A zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars' website (VFW[.]org). We believe the attack is a strategic Web compromise targeting American military personnel, amid a paralyzing snowstorm at the U.S. " According to FireEye, the zero day CVE-2014-0322 ' vulnerability is a previously unknown use-after-free bug in Microsof...