The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A security researcher has discovered a critical vulnerability in Google-owned YouTube that could allow anyone to make the comment posted by any celebrity or public figure on some YouTube video appear on his or her own YouTube video, impersonating that celeb. Just a few weeks ago we reported about a simple logical vulnerability in YouTube that could have been exploited by anyone to delete any video from YouTube in just one shot . Now: Again a small trick in the popular video sharing website could allow anyone to play with the comments posted by users on YouTube videos. Ahmed Aboul-Ela and  Ibrahim M. El-Sayed , two Egyptian security researcher, found a simple trick that allowed him to copy any comments from any video on the popular video sharing website to his video, even without any user-interaction. Not only this, but also: This vulnerability allows you to spoof, duplicate or copy the comments on discussion boards from any YouTube channel and make it ...

The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before. Why are USB devices dangerous? USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase. USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port. USB devices are cheap and easy to find. If you're in the market for a USB storage device, there...

An Arkansas lawyer representing three police whistleblowers has claimed that the law enforcement officials at the Fort Smith Police Department (FSPD) tried to infect his computer with Trojan viruses in order to spy on their legal opponents. What's the issue? A lawyer Matthew Campbell of the Pinnacle Law Firm in North Little Rock is representing Don Paul Bales, Rick Entmeier, and Wendall Sampson, current and former officers of the Fort Smith Police Department in the lawsuit since January 2014. The three whistleblowers exposed some frauds within the corrupt department, and, therefore, the police have illegally investigated them. " Since July 2013, the plaintiffs have been the target of nearly two dozen various investigations , Campbell told the Northwest Arkansas Democrat Gazette. " [This range] from accusations that they misspent FSPD funds to allegations that they were impugning the FSPD on Facebook. " What happened? Campbell provided a blank ha...

The Market of E-commerce websites is at its peak, as today people love to shop online to save their time. However, E-commerce and financial sites stand first in the rundown of potential victims as they manage financial exchanges. The traditional way to target victims of e-commerce sites is to use targeted "phishing" attacks via social media and emails. But… …due to increased awareness among the people about the threat of phishing attacks, hackers have now discovered new way — by malvertising legitimate websites where people assume to be safe and secure. We know: Today, there are many ready-to-use e-commerce platforms available on the Internet that are very easy to install and manage and that too at no extra cost; ' Magento ' is one of the most popular out of them. The most popular, the most targeted: Yes! Security researchers at Sucuri have found a malicious code inside the Magento e-commerce website that was intended to send all the data...

Google has finally rolled out the latest version of its popular web browser, i.e. Chrome 42 for Windows, Mac, and Linux users that now lets websites send you alerts, no matter your browser is open or not. The release of the latest Chrome 42 version is a great deal as it costs Google more than $21,000. Yes, $21,000! The latest version of Chrome comes with fixes for 45 security vulnerabilities in the web browser, reported by different security researchers [listed below]. Let's know about the Major updates : Major updates and significant improvements for Chrome version 42 includes: Advanced Push API and Notifications API Disabled Oracle's Java plugin by default as well as other extensions that use NPAPI Patched 45 security bugs and paid out more than $21,000 Push API : Google includes Push API in its web browser for the first time. Push API, when combined with the new notifications API, allows websites to push notifications to you through y...

I frequently receive emails and messages on how to hack my friend's Facebook account , how to become a hacker, how to penetrate networks , how to break into computers, and how to compromise routers? These are some of the most frequent queries I came across, and in this article I'll attempt to answer these along with a solution on how to get started as a beginner. Before we begin, first let's know… ...What is Ethical Hacking? Most people want to learn hacking just for fun to hack into their friend's Facebook account or Gmail. Remember, Hacking is a skill and if you are here for the same reason, sadly but this platform may not work for you. Ethical hacking is testing the IT resources for a good cause and the betterment of technology. Ethical hackers are none other than computer security experts and researchers who focus on penetration testing and weaknesses in the organization's information systems they associated. A way to become an ethical hacker is to get C...

Are you one of those Windows users who have found themselves as victims of the CoinVault Ransomware ? If Yes, then we have a Good news for you: Victims of CoinVault ransomware can now decrypt their files encrypted by malware using a free tool released by Kaspersky Lab. With the Help of The National High Tech Crime Unit (NHTCU) of the Dutch Police, Security Researchers at Kaspersky Labs have developed ' CoinVault Ransomware Decryptor ' that decrypts files locked by ransomware like CoinVault. Ransomware malware is a growing cyber threat in which hackers primarily gain access to a user's system and demand a ransom be paid. Ransomware malware infects a computer or device to restrict the user's access to the infected computer. Typically, the ransomware malware will either 'lock' the computer to prevent normal usage or encrypt the files on it to prevent access. Recently, during an investigation of the CoinVault ransomware, the Dutch police we...

Today device unlocking has become far more secure over the years, from PIN number unlock to Pattern unlock and biometric unlocks including fingerprinting and facial recognition. But... ...What If Your Android Device Can Identify Your Voice before authenticating any access? This exactly what Google is trying to provide its Android 5.0 Lollipop users. Users running Android 5.0 Lollipop on their smartphone devices may soon be able to unlock their devices simply by saying " OK Google ." " Smart Lock " is one of the most convenient security features provided in Lollipop that offers a handful of clever ways to unlock an Android device automatically, which yet includes: Trusted Device Trusted Places Trusted Face However, Google is now rolling out a new smart lock, dubbed " Trusted Voice ," that uses your voice as a password to unlock your device. Just as your fingerprint or face recognition is considered distinctive enough for biom...

Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users' credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10. This vulnerability in Windows was first discovered 20 Years ago : The critical bug, dubbed " Redirect to SMB ," is a variant of a vulnerability found in Windows by researcher Aaron Spangler nearly 18 years ago that caused Windows to expose a user's Windows username and password automatically. However, according to researchers at security firm Cylance who discovered the flaw, this weakness in Windows was never patched by Microsoft, as Microsoft says that this flaw is not worth focusing on, and, therefore... ...This results in a new hack that targets the SMB file sharing protocol . But, What is SMB? SMB, or Server Message Block, is a protocol that allows users to share files o...

When it comes to cyber security, even big organizations lack the basic knowledge of how to protect company's data from the outside. Everyday businesses are facing the threat of phishing, ransomware , data breaches and malware attacks that not only results in millions of dollars losses, but also damaged the reputations. A new study shows that five out of six of the most serious IT security threats directly relate to phishing or the aftermath of a successful phishing attack . SEA, short for Syrian Electronic Army , is famous for its advanced phishing attack capabilities and with the help of the same technique they fooled many popular organizations, social media and news media, including Twitter, Microsoft, Skype, Forbes, eBay and Paypal. Where do we lack? According to the annual Verizon Data Breach Investigations report, about 58% of cyber security incidents were caused by employees, either due to failure in handling data or approving malicious data. So, in...

A State-sponsored Cyber Espionage Group -- most likely linked to the Chinese government becomes the first group to target the so-called " Air-Gapped Networks " that aren't directly connected to the Internet. What are Air-Gapped systems? Air-gapped systems are known to be the most safest and secure systems on the earth. These systems are isolated from the Internet or any other Internet-connected computers or external networks. Air-gapped systems are generally used in the critical situations that demand high security like in payment networks to process debit and credit card transactions, military networks, and in industrial control systems that operate critical infrastructure of the Nation. Why Air-Gapped? It is very difficult to siphon data from Air-Gapped systems because it requires a physical access to the target system or machine in order to do that and gaining physical access is possible only by using removable devices such as a firewire cab...

After the last year's scary celebrities photo leaks incident 'The Fappening' and ' The Spanning ', we thought that the celebs private pictures and contents are finally safe due to tight security provided by various cloud service provider and online awareness. But … Kelly Brook has reportedly fallen victim to the another photo scandal. Yes, you heard right. The famous ' One Big Happy ' star has once again become the victim of a hacker and 34 more pictures of 35-year-old model leaked online last week, according to The Sun. This is the second time when Kelly Brook's private photos have been hacked and leaked on the Internet. Last year, Brook was among the group of those celebrities who had their private pictures accessed by hackers. The huge photo leak hack affected many high profile stars including Jennifer Lawrence , Kim Kardashian , Rihanna and Selena Gomez . Previously leaked photos of Kelly on the Internet was pictured posing in a bikini and goin...