The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Evolution -- The largest Deep Web drugs marketplace, disappeared suddenly overnight from the Internet. But unlike Silk Road, there is no indication that the law enforcement took down the Evolution marketplace. The Darknet's most popular markets for drugs and bespoke carjacking services is mysteriously offline Wednesday with rumours circulating over the Internet that its own administrators may have just scammed its huge user base and stole $12 Millions in Bitcoin. The Evolution black marketplace opened in January 2014, and gained popularity after the shutdown of Silk ​Road and arrest of its unassuming founder, Ross U​lbricht , with a promise of less fraud. Like Silk Road , Evolution also dealt in drugs, as well as illegal weapons, counterfeit goods, stolen credit cards and guides to committing fraud. Evolution was only accessible through anonymity Tor network. At the time of its apparent vanish, Evolution was home to nearly 20,000 drug sales, far more than Silk Road...

Google has changed the way it managed apps on the Google Play Store . After years of depending on the automated app check process, the company just made some changes to its Play Store policies  that will successfully weed out malicious and undesirable apps from Google Play store. Google has introduced an update for developers and users that's sure to make some parents happy and some developers sad. The new features are — Better App Review Process Age-Based Rating System BETTER APP REVIEW PROCESS The search engine giant announced on Tuesday that it has started employing humans to review apps before they go live on the Google Play Store , a move intended to " better protect the community " and " improve the app catalog ." The new approach would definitely affect app developers, as they'll have to wait for their apps to be approved by Google after they submit them to the Play Store. But, it would keep users safe from harmful malware or offensive content. ...

An often overlooked feature of log management software is the ability to conduct forensic analysis of historical events. If your network goes down, your network monitoring tool can tell you what happened, but knowing why it happened is even more valuable. SolarWinds Log & Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log & Event Manager can help you piece together what really happened. You can download a free, fully functional 30-day trial of Log & Event Manager from here. 1) ID file changes When collecting logs, you're going to see millions of file changes. How do you know which ones to isolate? It's best to isolate file changes against critical files (protected docs, financial information, personal documents, HR records, etc.). Look at file changes from a forensic approach to determine if suspicious activity has occurred. Often times, a virus will affect file attrib...

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated " high " severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a , 1.0.1m , 1.0.0r , and 0.9.8zf will be released Thursday. " These releases will be made available on 19th March ," Caswell wrote. " They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity. " OpenSSL is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. Further details on the mystery security vulnerabilities ( CVE-2015-02...

Are you aware of everything that your users are accessing from your environment? While most of the time, non-work-related Internet browsing is harmless (looking at pictures of cats, online shopping, social media, etc.) there are some instances where you could be an unknowing and unwilling participant in criminal activity. That is, when users hide that activity via the Tor network , or the Dark Net . The Onion Router , better known as " Tor ", an open source project, launched in 2002, is designed to allow a user to browse the Internet anonymously via a volunteer network of more than 5000 relays. It doesn't share your identifying information like your IP address and physical location with websites or service providers. A user that navigate Internet using Tor , it's quite difficult to trace its activities ensuring his online privacy. There are arguably legitimate uses for this technology, such as providing Internet access in repressively regulated countri...

Yahoo! has offered $24,000 to a security researcher for finding out and reporting three critical security vulnerabilities in its products including Yahoo! Stores and Yahoo!-hosted websites. While testing all the company's application, Mark Litchfield , a bug bounty hunter who often works with different companies, discovered three critical vulnerabilities in Yahoo!'s products. All the three vulnerabilities have now been fixed by Yahoo!. THREE CRITICAL SECURITY VULNERABILITIES The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform, Yahoo! Small Business , a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise. According to the researcher, the flaw in the service allowed him to fully administrator any Yahoo store and thereby gain access to customers' personally identifiable information, including names, email addresses, telephone numbers. ...

Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada's Bank of Montreal, BMO Harris Bank is  launching  the U.S.'s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card...

Does downloading Windows updates from Microsoft's servers and waiting too long really annoy you? It might not be with the arrival of Windows 10 . Microsoft seems to make a major change in Windows 10 to the way it delivers updates for the software. The leaked version of Windows 10 build 10036 (the current version is build 9926) allows you to grab OS updates from Microsoft as well as other computers, whether they're on your local network or on the Internet. Yeah, it's a Peer-to-Peer (P2P) technology Microsoft is going to use in order to deliver both app and operating system updates. Peer-to-Peer , or P2P Technology is usually associated with file sharing services like BitTorrent to download illicit copies of movies and albums, and of course, those endless Linux ISOs you've been downloading. However, Redmond is embracing the technology as an efficient means to deliver software updates to its users around the globe. Peer-to-Peer downloads will be o...

Good news for all Android Lollipop-ers! Google appears to be secretly working on a Virtual Private Network (VPN) service, dubbed ' Google VPN '. The news is still not confirmed, but the folks at Pocketables discovered an interesting hidden app called " Google Connectivity Services " under " All Apps " in the app manager, while digging through settings and apps after installing the latest version, Android 5.1 Lollipop on a Nexus 6 phone. After clicking on the created shortcut, the app greeted with a pop-up message that reads,  " Google VPN:  To help protect you on open Wi-Fi networks, your data will be transmitted securely through a Google VPN." The pop-up also has the " learn more " and " got it " options. However, since Google VPN feature is currently not in a functional state, you get redirected to a support page from Google if you click on " learn more " option. But if you click on the " ...

After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack , now its time to update your Adobe Flash Player. Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security vulnerabilities in its program, most of which potentially allow hackers to remotely execute arbitrary code on vulnerable systems. AFFECTED SOFTWARE All versions prior to the latest version 17.0.0.134 of the Flash Player are affected on Windows and Mac OS X machines. Therefore, Adobe Flash Player installed with Google Chrome, as well as Internet Explorer 10 and 11 on Windows 8 and Windows 8.1, should automatically update to the newest version 17.0.0.134. In addition, Adobe Flash Player 11.2.202.442 for Linux and Flash Player Extended Support Release 13.0.0.269 for Windows and Mac OS X are also affected by the vulnerabilities. So, users of Flash Player on Linux should update...

Can Hackers turn a remote computer into a bomb and explode it to kill someone, just like they do in hacker movies? Wait, wait! Before answering that, Let me tell you an interesting story about Killer USB drive: A man walking in the subway stole a USB flash drive from the outer pocket of someone else's bag. The pendrive had "128" written on it. After coming home, he inserted the pendrive into his laptop and instead discovering any useful data, he burnt half of his laptop down. The man then took out the USB pendrive, replaced the text "128" with "129" and put it in the outer pocket of his bag… Amen! I'm sure, you would really not imagine yourself being the 130th victim of this Killer perdrive, neither I. This above story was told to a Russian researcher, nicknamed Dark Purple, who found the concept very interesting and developed his own computer-frying USB Killer pendrive. He is working with electronic manufacturing company from where...

It has been known from year 2013 that commands we have been whispering to Siri are being stored on Apple servers for up to two years for analysis, but this news might be the most shocking development yet. Apple admits that its Siri — an intelligent personal assistant for iPhone, iPad and iPod Touch devices — is collecting and also transmitting users voice data to 3rd party companies, which was disclosed in an unsurprising revelation two weeks back on Reddit. FallenMyst , a Reddit user claimed to had recently started a new job with a company called Walk N' Talk Technologies, where job profile requires her to listen voice data collected from Apple, Microsoft users and check for incorrect interpretations. " I get to listen to sound bites [sic] and rate how the text matches up with what is said in an audio clip and give feedback on what should be improved. " Fallenmyst wrote. " Guys, I'm telling you, if you've said it to your phone, it's been recorded…and ...