The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone , iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researchers at  FireEye . They found a way to bypass the Apple's app review process effectively and created a proof-of-concept Monitoring app for non-jailbroken iOS 7.0.x devices. The " monitoring " app, that runs in the background of the iPhone is a Keylogger Trojan which could allow hackers to monitor user's activities on the mobile device, including - touches on the screen, home button press, volume button press and TouchID press , and send all collected events to any remote server. According to researchers, their proof-of-concept app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x. " Based on the findings, potential attackers can either use phishing to mislead the vi...

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266 , the so-called ' goto  fail; ' vulnerability in which the secure transport failed to validate the authenticity of the connection has left millions of Apple users vulnerable to Hackers and Spy Agencies, especially like the NSA . Last Friday, Apple had also released updated version iOS 7.0.6 to patch the vulnerability, which was first discovered in Apple's iOS Devices, but later company had acknowledged its presence in Mac OSX also, that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Affected versions include iOS up to version 7.0.5 and OS X before 10.9.2. Security Researchers confirmed , ' Nearly all encrypted traffic, including usernames...

Are you the one of the Digital Currency Holder? PONY is after You.  A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currency holders to filch approximately $220,000 worth of Bitcoins and other virtual currencies. The researchers at the security firm, Trustwave have uncovered the Bitcoin Heist that was accomplished by the computers infected with a new class of malware that has been dubbed as ' Pony ', a very powerful type of Spying Keylogger Malware with very dangerous features that was last time found two months ago. Pony, for those who have not yet heard about it, is a bot controller much like any other, with the capability to capture all kinds of confidential information and access passwords. It contains a control panel, user management, logging features, a database to manage all the data and, of course, the statistics. It can see the passwords and login credentials of infected users when they access applications ...

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware. YouTube In-Stream Ads were redirecting users to malicious websites, hosting the ' Styx Exploit Kit ' and was exploiting client side vulnerabilities by drive-by-download attack to infect users' computer with Caphaw Banking Trojan . The Exploitation process relied upon a Java vulnerability ( CVE-2013-2460 ) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit. "We don't yet know the exact bypass which the attackers used to evade Google's internal advertisement security checks. Google has informed us that they're conducting a full investigation of this abuse an...

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet bein...

World's largest Bitcoin exchange Mt. G ox  has shut down its website, withdrawal system, deleted its Twitter feed and halted all trading systems after it detected " unusual activity ." The Bitcoin Foundation, a Bitcoin advocacy group, confirmed th at Mark Karpeles , the chief executive of Tokyo-based Mt. Gox  bitcoin exchange has resigned from the board of the Bitcoin Foundation. This comes just days after the exchange gave an update regarding the technical issues. Last week, Mt. Gox said a technical glitch that had forced the exchange to suspend bitcoin withdrawals for a week. They discovered the transaction falsification glitch and same flaw alleged to have been used to steal all of the bitcoins worth about $2.7 million from Silk Road 2.0 . Later, some sources close to the matter have confirmed that more than 700,000 bitcoins are indeed missing from MtGox records, in a ' slow-leak ' hack that went on for years. The repeated technical gl...

Earlier this year encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone  announced a  privacy-focused  encrypted  S martphone  called ' Blackphone ' and today the company has revealed it as ' Mobile World Congress ' in Barcelona. The Blackphone titled as, " world's first Smartphone which places privacy and control directly in the hands of its users, " has a fully customized version  customized version of Android called PrivatOS   and pre-installed with lots of  privacy-enabled applications, is now available for pre-order for about $629 . Silent Circle was co-founded by a respected Cryptographer  Phil Zimmermann,  best known as the creator of  Pretty Good Privacy (PGP) , which is a widely used email encryption software. The Blackphone handsets main focus is keeping all of your data secure, and to stop government agencies snooping on your communications. Blackphone will come with a set ...

Spying on the world by injecting sophisticated backdoors in software, systems, and mobile phones, leads to violation of the Privacy and Security of every individual. Yes, we are talking about Surveillance , but this time not about NSA . Instead, Countries including some with poor human-rights records and a much less technically advanced nation are the likely culprits, as they apparently used commercial spyware in making surveillance capabilities that once were the exclusive expertise of the known spy agencies, such as National Security Agency (NSA) and GCHQ. Citizen lab , a nonprofit research lab has  found traces of a remote hacking tool  in 21 countries , developed by  Hacking Team,  including Ethiopia, Sudan, Azerbaijan and Saudi Arabia, which the team had already  denied  back in 2013. Hacking Team, also known as HT S.r.l , is an Italian company, which is known for its powerful surveillance software, Remote Code System (RCS) that it sells to Gov...

WhatsApp acquisition may have had a negative impact on the reputation of the company, it seems many users are planning to switch the service and a few of them have already done it. In our previous article, we have mentioned that why you should switch from WhatsApp to an encrypted Chat messaging service . Mobile messaging apps often used to deliver sensitive data or used for personal and corporate communications, so the data stored by the service provider should be encrypted end-to-end, which is not yet in the case of WhatsApp. There are many mobile messaging applications like Japan-based  Line , China's  WeChat , Korea-based  KakaoTalk , and Canada's  Kik , India-based  Hike  and many more, but they are not end-to-end encrypted messengers. Time is loudly announcing the need to shift to some alternates which provides end-to-end encryption for communication between two devices and respect your Privacy. There are a number of solutions available...

If you haven't heard by now, Facebook just made its biggest move ever, buying the messaging service WhatsApp in a deal worth some $19 billion. That's 19 times what Facebook paid for Instagram two years ago. The WhatsApp Service run by the team of just 32 engineers, handles more than 50 Billion messages daily, and approx 385 million active users. WhatsApp acquisition has also brought out fresh criticism over security for the billions of messages delivered on the platform. Security Researcher at Praetorian Labs identified several SSL-related security issues in WhatsApp application using Project Neptune , a mobile application security testing platform. " WhatsApp communication between your phone and our server is fully encrypted. We do not store your chat history on our servers. Once delivered successfully to your phone, chat messages are removed from our system ." Company said in a blog post . But researchers found that WhatsApp is vulnerable to Man-in-theMiddl...

Apple's latest 35.4 MB update of  iOS 7.0.6  doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Apple provides very little information when disclosing security issues, ' For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. ' said in the security advisory . Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL) and the details are: Impact:  The vulnerability assigned CVE-2014-1266 and  affects both the iOS and OS X operating systems , describes as ' Secure Transport failed to validate t...

WhatsApp for Android added most awaited privacy option for all who do not want to display information about when they last used the app. This is the first impressive update of the  WhatsApp after acquisition by Facebook , who   has paid a lot of money in cash and stock to acquire it. The Popular Smartphone messaging application  WhatsApp version 2.11.169 will provide you more ability and control over privacy options i.e. Hiding ' last seen at ' time, Profile picture, status updates from others, which are currently visible for all WhatsApp users. Currently, these options are set to  'everyone'  by default, that allows any WhatsApp user to find out exactly when you used WhatsApp for the last time, also reveals your image and Status message. Most of the times we don't want it to be shown to anyone or to non-contact users. How to hide WhatsApp 'last seen at' time and Profile Picture? WhatsApp now allows you to Modify your Priv...