The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification. TIMING ATTACK USED TO DE-MASK TOR USER'S IDENTITY Now, using timing attack exploit technique, a cyber criminal could figure out when someone logged into any one of the shared addresses visits the their site, Cantino said. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they're logged in to Google while using the Tor browser . Timing attack can allow to unmask targeted Google users as they browse the web. Cantino said the attack is straightforwa...

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs (JCPA) , has been compromised and abused by attackers to distribute malware . The Israeli think tank website JCPA – an independent research institute focusing on Israeli security, regional diplomacy and international law – was serving the Sweet Orange exploit kit via drive-by downloads to push malware onto the computers of the website's visitors by exploiting software vulnerabilities, researchers from security firm Cyphort reported on Friday. The Sweet Orange is one of the most recently released web malware exploitation kits, available for sale at selected invite-only cyber crime friendly communities and has been around for quite some time. However, Sweet Orange has also disappeared but in October 2013, shortly after the arrest of Paunch, the author of BlackHole , experts observed a major increase in the use of Sweet Orange. The ...

So far, we all are well aware of the fact that Chinese have had a past filled with cases of Cyber Crime. China is the world's largest exporter of IT goods, but it has been criticized by many countries due to suspected backdoors in its products, including United States which has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology. The new exposure indicates the same. Chinese Government is running a man-in-the-middle (MitM) cyber attack campaign on SSL encrypted traffic between the country's education network and Google. In an effort to monitor its users of China Education and Research Network (CERNET) , Chinese authorities has started intercepting encrypted traffic to and from Google's servers, the non-profit organization GreatFire reported on Thursday. However, just like many other foreign websites, Google is blocked in China. Because Google is one of the vast and v...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

As far, you have probably heard about the biggest digital exposure of private and very personal nude photographs of as many as 100 female celebrities including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and Oscar winner Lawrence and Kate Upton, that was surfaced on notorious bulletin-board 4chan, and anonymous image board AnonIB over the weekend. It was believed that the group of hackers allegedly taken celebrities photos from their Apple iCloud backups after their iCloud accounts were compromised, but users of devices running Google's Android could have been targeted too. A forum post on anonymous image board AnonIP shows that the group of hackers may have used a cloned Flappy Bird app to steal and collect the naked photos of females from their Android devices and then send them to remote servers. Experts believe that the group may have been stealing and trading nude and very personal photos of more than 100 female celebrities for more than two years, gather...

Likes.com, one of the emerging social networking site and popular image browsing platform, is found vulnerable to several critical vulnerabilities that could allow an attacker to completely delete users' account in just one click. Likes.com is a social networking website that helps you to connect with people you like and make new friends for free. Just like any other social place, users can always follow their favorite tag or people who catch their fancy. It is much easier to use and is designed for those who want to look at pictures different people upload. An independent security researcher Mohamed M. Fouad from Egypt has found a series of critical security vulnerabilities in the Likes website that really pose danger to its users. The vulnerabilities he found not only have capability to add any post, comment to users' account as well as delete users' account, but the vulnerabilities can be escalated to deface entire website by posting malicious URLs and delete all use...

In the wake of the biggest digital exposure of personal nude selfies belonging to as many as 100 high-profile celebrities, Apple said the company plans to add extra security measures to keep hackers out of user accounts. Not just this, the company also plans to extend its two-factor authentication (2FA) feature to account logins to the iCloud service from mobile device in order to avoid future intrusions. APPLE BROADEN SECURITY WITH NEW RELEASE The company's chief executive, Tim Cook told the Wall Street Journal in an interview that the company will introduce more features to tighten up the security of its users' online accounts, but he " aggressively encourage " users to be more alert to the risks posed by cyber criminals, as you can't leave everything on the service providers. " We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are, " Cook told the Journal. Apple will give alerts to users via emails a...

Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe's Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once clicked, the links may lead victims to a site that automatically downloads the malicious browser extension . MALWARE INVOLVES DOWNLOADING MULTIPLE MALICIOUS FILES The process is quite complicated as the malware drops a downloader file which downloads multiple malicious files on the victim's computer. Moreover, the malicious program also has ability to bypass Google's recent security protection added to Chrome against installation of browser extensions that are not in Chrome Web Store. Researchers came across a baiting tweet that advertises " Facebook Secrets ", claiming to show videos...

Facebook has launched a new tool to help you better manage sharing your information and postings on the social network among your friends and the public at-large. The social networking giant on Thursday rolled out its "Privacy Checkup" tool that will help its more than 1.2 billion users to audit their privacy settings on Facebook to make sure they know with whom they are sharing their personal and very private details of their lives. " We know you come to Facebook to connect with friends, not with us. But we also know how important it is to be in control of what you share and who you share with, " wrote Facebook product manager Paddy Underwood. " You'll see the option to take Privacy Checkup when you visit Facebook in the coming days. Click 'Let's Do It!' to do the Checkup; it should only take a minute or two. " The expanded feature was originally announced by the network giant back in May. Facebook users would see a privacy checkup pop-up on their computers to ...

Till now we have seen a series of different malware targeting Windows operating system and not Mac, thanks to Apple in way it safeguard its devices' security. But with time, cyber criminals and malware authors have found ways to exploit Mac as well. GROUP BEHIND THE MAC VERSION OF BACKDOOR Researchers have unmasked a group of cyber criminals that has recently started using a new variant of XSLCmd backdoor program to target Mac OS X systems. This Mac version of backdoor shares a significant portion of its code with the Windows version of the same backdoor that has been around since at least 2009. According to FireEye researchers, the group, dubbed as GREF , is already infamous for its past cyber espionage attacks against the US Defense Industrial Base (DIB), companies from the electronics and engineering sectors worldwide, foundations and other NGO's as well. " We track this threat group as "GREF" due to their propensity to use a variety of Google references in th...

You all won't have forget about the dodgy update released by Microsoft in its last month's Patch Tuesday Updates which was responsible for crippling users' computers - specially users running Windows 7 PCs with the 64bit version - with the infamous " Blue Screens of Death ." The company fixed the issue at the end of last month, and now is planning to release a light edition of Patches. Today Microsoft has released its Advance Notification for the month of September Patch Tuesday Updates. There will be a total of four security Bulletins next Tuesday, September 9, which will address several vulnerabilities in its products, one of them is marked critical and rest are important in severity. CRITICAL PATCH This time also administrators can expect a cumulative patch release for Internet Explorer which will address a number of remote code execution vulnerabilities in the browser. As usual, Internet Explorer (IE) update is rated Critical on Windows client systems and Moder...

A notable number of cell phone towers around the United States are rogue that, according to latest report, could spoof legitimate towers and intercept calls. The research carried out by ESD America , a defense and law enforcement technology firm based in Las Vegas, shows that a rogue cell phone towers, also known as "interceptors", may process the call. ESD America, the company that makes the super-secure CryptoPhone, makes one of the oldest and most expensive high-security cell phones in the market. It provides equipment and training to more than 40 countries with a goal to provide technical security assistance to government and corporate clients across Asia. SEVERAL ROGUE CELL PHONE TOWERS DISCOVERED While field-testing its secure Android handset, the CryptoPhone 500 , the firm came across the existence of a series of fake base stations along the Eastern seaboard of the US. Les Goldsmith, the CEO of ESD America, told the US publication Popular Science tha...

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c...