The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India's Ministry of Communications and Information Technology. National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government's top CA, Indian Controller of Certifying Authorities (India CCA), which are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome. The use of rogue digital certificates could result in a potentially serious security and privacy threat that could allow an attacker to spy on an encrypted communication between a user's device and a secure HTTPS website, which is thought to be secure. Google became aware of the fake certificates last Wednesday on July 2 and within 24 hours, the Indian Controller of Certifying Authorities (Ind...

Once again Facebook is on The Hacker News ! This time not for any scam or surveillance, but for a different reason.  The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details. Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers. The botnet, dubbed as Lecpetex , was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment . O...

Until now, we have seen how different smart home appliances such as refrigerators, TVs and routers could expose our private data, but now you can add another worry to your list —LED light bulb. Don't laugh! It's true. Researchers at UK security firm Context have formulated an attack against the Wi-Fi connected lightbulbs, which is available to buy in the UK, that exposes credentials of the Wi-Fi network, it relies on to operate, to anyone in accessibility to one of the LED devices. Security vulnerabilities found in the LIFX Smart light bulbs , that can be controlled by the iOS-based and Android-based devices, could allow an attacker to gain access to a "master bulb" and with the help of that they could control all connected bulbs across that network, and help them expose user network configurations. Along with other Internet of Things (IoTs) devices, the smart bulbs are part of a rising trend in which the manufacturers enclose computing and networking capabilities to their devices s...

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as " Jelly Bean ." APPS CAN MAKE CALLS FROM YOUR PHONE " This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won't ask you for extra permissions to do a phone call to a toll number – but it is able to do it ," Curesec's CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. " This is normally not possible without giving the app this special permission. " By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone call...

Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency. In a blog post published Monday in The Wall Street Journal , founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it. Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world's 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure. One may think that Zuckerberg's vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide, ...

If anybody says that NSA is watching you, nobody surprises. But, a large scale investigation published by Washington Post indicates that the scope of surveillance carried out by US National Security Agency was massive even than the expectation of you and me. Just because you are an ordinary person doesn't mean that you are safe, as 90 percent of messages intercepted by the NSA were not foreign targets but ordinary users , like you and me, from the United States and abroad. Interestingly, your all those " startingly intimate " data and personal photographs had been left in plain view on NSA databases for someone else, according to a new report in The Washington Post published Sunday detailing a four-month review of about 160,000 intercepted e-mail and text message conversations involving 11,000 online accounts provided by former NSA contractor Edward Snowden . The National Security Agency has gathered nearly half of the files which contains names, email addresses or other details be...

IT security is not a luxury; it's a necessity. While IT practitioners understand this and are on the lookout for effective security options for their network, security solutions manufacturers tend to serve the enterprise market and large companies more than they do smaller organizations and resource-constrained security teams. The reality is that 99% of IT security departments are resource-constrained in terms of budget, time, and staff. This situation directly aligns with the Security Information & Event Management (SIEM) market. With the scores of costly, appliance-based and enterprise SIEM solutions on the market, the majority of security teams find it difficult to adopt SIEM to strengthen network security. Even if they do manage to meet the high cost of a SIEM purchase, they end up acquiring a SIEM which is too big for their security needs. This means incurring additional appliance maintenance costs, IT staff overhead costs to manage the SIEM product, and training an...

It's the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy. To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported . The encryption program is dubbed as miniLock , which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection. " The tagline is that this is file encryption that does more with less, " says Kobeissi, activist and security consultant. " It's super simple, approachable, and it's almost impossible to be confused using it. " Drag-and-drop interface here means, miniL...

Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher. I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere. But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Pri...

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to create a stealthy Internet Messenger (IM) and file transfer client, which is especially designed for whistleblowers. Dubbed as " ‪invisible.im " is an anonymous Instant Messenger (IM) that leaves no trace‬. The team behind the project called itself " The Infosec A-Team " which includes Metasploit Founder HD Moore , noted infosec and opsec experts The Grugq , an Australian security analyst Patrick Gray , and Richo . Invisible.im aims to serve the rigid anonymity needs of whistleblowers. The project website states: invisible.im was established to develop an instant messenger and file transfer tool that leaves virtually no evidence of conversations or transfers having occurred. Th...

We all are aware of the National Security Agency's (NSA) mass surveillance program to track non-Americans. Thanks to former NSA contractor Edward Snowden, who provided confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ. A recent story about NSA surveillance broke when a German public broadcaster ARD published that the Agency is using its surveillance program XKeyScore to target users who use encryption and traffic anonymizing software, including Tor Network for anonymous Web browsing and Linux-based Tails operating system in an effort to keep tracks of people outside the US. XKeyScore is a powerful NSA surveillance program that collects and sorts intercepted data, which came to limelight in documents leaked by former NSA contractor Edward Snowden last summer, but the greater detail in an investigation conducted by American security expert and Tor Project member Jacob Appelbaum , Aaron Gibsom, and...

Beginning of the new month, Get Ready for Microsoft Patch Tuesday! Microsoft has released its Advance Notification for the month of July 2014 Patch Tuesday releasing six security Bulletins, which will address a total of six vulnerabilities in its products, out of which two are marked critical, one is rated moderate and rest are important in severity. All six vulnerabilities are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Windows, Microsoft Server Software and Internet Explorer, with the critical ones targeting Internet Explorer and Windows. Microsoft is also providing an update for the " Microsoft Service Bus for Windows Server " which is rated moderate for a Denial of Service (DoS) flaw. " At first glance it looks like Microsoft may be taking it easy on us this month, which would be nice since we will be coming off a long holiday weekend here in the U.S."  Chris Goettl from IT Security firm...