#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps

FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps

Oct 01, 2014
The Federal Bureau of Investigation (FBI) has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them. The dodgy cell phone spyware application, dubbed as StealthGenie , monitors victims' phone calls, text messages, videos, emails and other communications "without detection" when it is installed on a target's phone, according to the Department of Justice. The chief executive officer of a mobile spyware maker is a Pakistani man collared 31-year-old Hammad Akbar , of Lahore, who was arrested over the weekend in Los Angeles for flogging StealthGenie spyware application and now faces a number of federal charges. According to the US Department of Justice, Akbar operates a company called InvoCode, which sold the StealthGenie spyware app online that can intercept communications to and from mobile phones including Apple, Google, and BlackBerry devices. T...
iOS 8 'Reset All Settings' Bug Could Delete Your iCloud Files

iOS 8 'Reset All Settings' Bug Could Delete Your iCloud Files

Oct 01, 2014
At the beginning of the month, Apple was criticized for the security flaw in its iCloud file storage service that, according to multiple media outlets, allowed hackers to allegedly retrieve photos of a number of high-profile celebrities . And Now, the company's newly launched iOS 8 has been reportedly found vulnerable to another critical bug that is troubling Apple iOS 8 users. After the launch of iOS 8 , some minor bugs was reported in its operating system which was quickly fixed in Apple's iOS 8.0.1. But, the critical vulnerability discovered in iOS 8.0.1 seems to be deleting data stored in iCloud Drive without the user's permission. The bug was uncovered by MacRumors after its forum members complaint about the issue triggered by the option to " Reset All Settings ," which is typically supposed to reset your network settings to give your iOS device a clean slate to work with, but it turns out the feature is also deleting all your files from iCloud Drive. ...
Privacy-focused Tails 1.1.2 Operating System Released

Privacy-focused Tails 1.1.2 Operating System Released

Sep 28, 2014
Tails , a Linux-based highly secure Operating System specially designed and optimized to preserve users' anonymity and privacy, has launched its new release, Tails version 1.1.2. Tails, also known as ' Amnesiac Incognito Live System ', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data. The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities. The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricke...
cyber security

The MCP Security Guide for Early Adopters

websiteWizArticles Intelligence / MCP Security
Thousands of MCP servers are already live, but most security teams don't have a clear strategy yet. Get the practical guide to MCP for security teams.
cyber security

How Security Leaders, like Snowflake's CISO, are Securing Unmanaged Devices

websiteBeyond IdentityIdentity Security / Enterprise Protection
Unmanaged devices fuel breaches. Learn 5 ways CISOs secure them without hurting productivity.
The Fappening 3 — Jennifer Lawrence New Photos Leaked Online

The Fappening 3 — Jennifer Lawrence New Photos Leaked Online

Sep 27, 2014
It seems like there is no end of " celebrity photo leaks ". As part of the Fappening 3 hack, some new naked photos of Jennifer Lawrence have apparently been leaked online in the "third round" of celebrity photo leaks including, top model Cara Delevingne, actress Anna Kendrick. On Friday, new celebrity photos were leaked online, labelled as ' The Fappening 3 ' by subreddits and 4chan communities. The release appears to be part of the massive leak that began in August and has continued with 55 more photos of a three-time Oscar nominee who won for her role in Silver Linings Playbook, Jennifer Lawrence hitting the Internet once again. Other female identities targeted by the latest Leaked photo scandal include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O'Neil . However, there are several pictures that show the celebrities were partying away in some pretty revealing outfits. Earlier this week, the second edition of...
Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

Sep 27, 2014
On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the " Shellshock " bug that could allow hackers to take over an operating system completely. Apple has issued a public statement in response to this issue, assuring its OS X users that most of them are safe from any potential attacks through the ShellShock Vulnerability , which security experts have warned affect operating systems, including Mac's OS X. " The vast majority of OS X users are not at risk to recently reported bash vulnerabilities ," Apple said. " Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unl...
Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Sep 27, 2014
Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell ( Bash ), dubbed " Shellshock " which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well. BOTNET ATTACK IN THE WILD The bot was discovered by the security researcher with the Twitter handle @yinettesys , who reported it on Github and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers. The vulnerability (CVE-2014-6271) , which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems. However, the patches for the vulnerabil...
FBI Not Happy With Apple & Google's Encryption Policy

FBI Not Happy With Apple & Google's Encryption Policy

Sep 26, 2014
Users might have praised the technology companies for efforts to encrypt their latest devices that would prevent law enforcement agencies' hands on users' private data, but the FBI is not at all happy with Apple and Google right now. The Federal Bureau of Investigation director, James Comey , said Thursday he was " very concerned " over Apple and Google using stronger or full encryption in their Smartphones and Tablets that makes it impossible for law enforcement to collar criminals. According to Comey, the Silicon Valley tech giants are "marketing something expressly to allow people to place themselves above the law." " There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device, " Comey told reporters . " I just want to make sure we...
Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

Sep 25, 2014
A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash , aka the GNU Bourne Again Shell , leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier today, Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide. REMOTELY EXPLOITABLE SHELLSHOCK The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug , and Shellshock by the Security researchers on the Internet discussions. According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. " In many common configurations, this vulnerability is exploitable over the network, " Stephane said. This 22-ye...
jQuery Official Website Compromised To Serve Malware

jQuery Official Website Compromised To Serve Malware

Sep 24, 2014
The official website of the popular cross-platform JavaScript library jQuery (jquery.com) has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit , in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library designed to simplify the client-side scripting of HTML. It is used to build AJAX applications and other dynamic content easily. The popular JavaScript library is used by 30 percent of websites, including 70 percent of the top 10,000 most visited websites. James Pleger , Director of Research at Risk management software company RiskIQ , reported yesterday that the attack against jQuery.com web servers launched for a short period of time on the afternoon of September 18th. So, the users who visited the website on September 18th may have infected their system with data-stealing malware by redirecting users to the website hosting RIG. Pleger urged those who visited the site durin...
Kali Linux "NetHunter" — Turn Your Android Device into Hacking Weapons

Kali Linux "NetHunter" — Turn Your Android Device into Hacking Weapons

Sep 24, 2014
The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of a new Kali project, known as NetHunter , that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security. After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone. Kali Linux NetHunter project provides much of the power to Nexus users, those runni...
TripAdvisor's Viator Hit by Massive Data Breach Affecting 1.4 Customers

TripAdvisor's Viator Hit by Massive Data Breach Affecting 1.4 Customers

Sep 24, 2014
TripAdvisor's  Online travel booking and review website  Viator  has reportedly been hit by a massive data breach at its  that may have exposed payment card details and account credentials of its customers, affecting an estimated 1.4 million of its customers. The San Francisco-based Viator, acquired by TripAdvisor – the world's largest travel site – for £122 million ( US$ 200 million ) back in July, admitted late on Friday that the intruders have hacked into some of its customers' payment card accounts and made unauthorized charges. The data breach was discovered in the bookings made through Viator's websites and mobile offerings that could potentially affect payment card data. Viator said that the company has hired forensic experts to figure out the extent of the breach. Meanwhile, the company has begun notifying its affected customers about the security breach as said by the travel outfit in a press release . " On September 2, we were info...
The Pirate Bay Runs on 21 "Raid-Proof" Virtual Machines To Avoids Detection

The Pirate Bay Runs on 21 "Raid-Proof" Virtual Machines To Avoids Detection

Sep 23, 2014
The Pirate Bay is the world's largest torrent tracker site which handles requests from millions of users everyday and is in the top 100 most visited websites on the Internet. Generally, The Pirate Bay is famous for potentially hosting illegal contents on its website. Despite years of persecution, it continues to disobey copyright laws worldwide. Even both the founders of The Pirate Bay (TPB) file exchange service were arrested by the authorities and are in prison, but their notorious pirated content exchange continues to receive millions of unique visitors daily. That's really Strange!! But how?? Recently, The Pirate Bay team has revealed how cloud technology made its service's virtual servers truly secure to avoid police raids and detection. While it doesn't own any physical servers, The Pirate Bay is working on " virtual machines " through a few commercial cloud hosting services, even without knowing that whom they are dealing with. According to Torren...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>