The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The infamous hacking group Anonymous that vowed an ' Electronic Holocaust ' against Israel and promised to 'erase Israel from cyberspace' on 7th April, managed to launch a cyber attack, beginning Tuesday morning. In a spooky video " message to Israel " posted on YouTube March 4 , Anonymous declared cyber attack against Israel on April 7 in response to what the group calls ' crimes in the Palestinian territories. ' Today we noticed a number of hacking incidents against Israeli cyberspace under #OpIsrael . Anonymous conduct #OpIsrael attack against Israel every year on 7th April and this is the fourth annual cyber attack on Israel in order to protest against Israeli bombing on the Palestinian territory. CYBER ATTACKS AGAINST ISRAEL Today, Anonymous and Pro-Palestinian hackers targeted dozens of Israeli Government websites , including the Knesset portal (parliament), as well as websites related to the Israeli court system and the ...

Few weeks back, we reported how a string of just 13 characters could cause your tab in Chrome to crash instantly . However, there was an exception that this special 13 characters string was only working on Mac OS X computers with no impact on Windows, Android, or iOS operating systems. Now, a recent hack against Chrome browser could crash your Chrome version 41 and above for Mac OS X, Windows and Chrome OS. At the time of writing, Chrome 41 seems to crash on long and/or malformed URLs. The details of this crash bug, dubbed as AwSnap , is described on Github . Warning: DO NOT CLICK on this LINK , which actually points to a Reddit thread that crashes Chrome browser because a Reddit user-submitted post containing the crash content. Just like a post, crashing a thread via a comment is also possible. Chrome crash occurs only when accessing the long and/or malformed URLs through a web server, which means using file:// will not crash your Chrome browser. Examples of ...

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii . What If I could port Linux Kernel to my DSLR Camera ?? Well, it's now possible for you to port Linux to your Canon DSLR cameras, thanks to the fine folks behind the well-known third-party software add-on, Magic Lantern . The developers of Magic Lantern have provided some incredible features to DSLR video world for free, with an open-source firmware add-on called Magic Lantern. Magic Lantern is actually an enhancement that works on top of Canon's DSLR firmware to provide professional video features that were lacking in the early video-capable Canon DSLR, including better control over audio, helpful exposure, programmable focus, audio tools and more. However, the latest work by the Magic Lantern team sounds much more e...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

U.S. National Security Agency (NSA) is infamous for conducting Global Mass Surveillance to snoop secretly on users' online communications, phone calls, private instant messages, and personal emails, but there is something shocking about it. The Security Agency also asked its employees to watch Porn -- Yes! Porn and a lot of Porn. The Analysts and Terrorism experts employed by U.S. Intelligence Agencies including the NSA and the CIA ( Central Intelligence Agency ) are tasked to watch graphic videos all day long. According to the recent report by Daily Beast , the Graphic video contents containing ISIS prisoner beheading, attacks on U.S. military forces, and sometimes sexual abuse of children are gathered from the computers and smartphones of captured or killed terrorists, and from websites frequented visited by jihadists. WHY NSA IS WATCHING PORN? Islamic State (Isis) and Al-Qaeda terrorists are using Reddit, eBay and pornography to send coded messages to thei...

Is Facebook planning to integrate WhatsApp Messenger into its ' Facebook for Android ' app? Yes, this might be possible soon. According to latest rumours, Facebook is reportedly working on it. The social network giant, Facebook has begun testing a new feature in its Facebook app for Android that includes the first integration of WhatsApp Messenger, according to a blogger. WHATSAPP INTEGRATION INTO FACEBOOK APP According to this update, a year after of acquiring WhatsApp Messenger, Facebook has only added a 'Send' button with the WhatsApp icon. This WhatsApp ' send ' will work as part of the status actions options that appear under each status update. It means that Facebook for Android users soon may have this particular version of Facebook app with a dedicated WhatsApp button that would allow an Android user to share posts, status and anything else directly through WhatsApp by just clicking the Share button. If rumours are true, th...

Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest security feature added to Firefox 37 among others is the "Opportunistic Encryption" (OE) for servers and websites that support " HTTP/2 AltSvc. " Opportunistic Encryption (OE) allows Firefox browser to encrypt the traffic over plaintext HTTP connection without any need to authenticate it. This will help you to create, not complete, but some confidentiality from attackers to eavesdrop on your connection. So Opportunistic encryption can be implemented with very minimal changes to an existing IPsec implementation. The move by Mozilla is really a bonus for HTTP users with no encryption measure at all, but still it is not as good as authenticated encryption ...

OnePlus One users might be waiting for the new Lollipop based ROM for their smartphones. The wait is over as the popular Chinese smartphone maker OnePlus has finally released its own custom ROM --  OnePlus OxygenOS , which is based on Android 5.0 Lollipop. Last month, the OnePlus announced the official release of its in-house OxygenOS to 'One' on or before March 27, but was failed to deliver the update due to a couple of security issues discovered in the update. The news disappointed many OnePlus customers, including me, who were looking forward to their Lollipop updates. However, the update is now ready for downloading from the OnePlus servers. Also, a full installation guide has been provided for customers who want to switch from the CyanogenMod 11S to the latest OxygenOS. "Developing OxygenOS has been an incredibly fun and challenging experience for all of us, " the company wrote . " In this environment where everyone is fighting to standou...

Security researchers have uncovered an active cyber attack campaign that has successfully stolen more than $1 Million from a variety of targeted enterprise organizations using spear phishing emails, malware and social engineering tricks. The campaign, dubbed " The Dyre Wolf " by researchers from IBM's Security Intelligence division, targets businesses and organizations that use wire transfers to transfer large sums of money, even if the transaction is protected by 2-factor authentication. A MIXTURE OF MALWARE, SOCIAL ENGINEERING & DDoS Nowadays, cybercriminals not only rely on banking Trojans to harvest financial credentials, but also using sophisticated social engineering tactics to attack big corporations that frequently conduct wire transfers to move large sums. " An experienced and resource-backed [cyber criminal] gang operates Dyre ," John Kuhn, Senior Threat Researcher at IBM Managed Security Service, wrote in a blog post published Th...

Last year at Google I/O developer event, Google launched a limited beta " App Runtime for Chrome " (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser . ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android s...

The Fourth and final member of an international hacking group called " Xbox Underground " (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation. In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network. Austin Alcala , a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games. All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat , 28, and David Pokora , 22, pleaded guilty last September, while a third member, Nathan Leroux , 20, pleaded guilty to the same conspira...

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl...

In the War against Ad injectors , Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with ' Ad Injectors ' — software that inserts ads or replace existing ads into the pages you visit while browsing the web. In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue. Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Sup...