The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Internet of Things is the future, and every big tech companies are trying to become an integral part of this upcoming trend. Keeping this in mind, Google is developing an operating system for connecting all devices via the Internet. Google is expected to launch a new Android-based operating system that would be lightweight enough to run on low-power devices connected to the " Internet of Things " (IoT), reported The Information. Google's Brillo OS for Internet Of Things The OS is dubbed " Brillo ," and the news outlet claims the company is likely to release the new operating system under the Android brand next weekend at Google I/O, the company's annual conference for software developers. The connected OS, which may require as little as 32 or 64 MB of RAM to run, could be used on everything from major smart home appliances such as refrigerators, TVs to smaller tech such as garden monitors, light bulbs, door locks and sensors. Acc...

If you're planning to sell your old Android smartphone then you need to think again because there is a weakness in the Android Factory Reset option that could be exploited to recover your login credentials, text messages, emails and pictures even if you have wiped its memory clean. Computer researchers at the University of Cambridge conducted a study on Android devices from 5 different vendors and found that more than 500 Million Android devices don't completely erase data after the factory reset. "Factory Reset" function, built into Google's Android mobile operating system, is considered to be the most important feature to wipe all the confidential data out from the smartphone devices before going to sold, or recycled. However, the computer researchers found that the data could be recovered from the Android device even if users turned on full-disk encryption. The second-hand market is huge and based on the study; the researchers estimated that ov...

Until now, hackers have targeted companies and websites that hold your credit card details or medical information, but now they are showing interest in your sex life instead. You heard it right. Adult Friend Finder , a casual dating website with the tagline "hookup, find sex or meet someone hot now", has suffered a massive data breach. Nearly 4 Million users of AdultFriendFinder have had their personal details, including email addresses, usernames, dates of birth, postcodes and IP addresses, exposed on the dark web for sale online. The Channel 4 news site broke the story on Thursday and warned users of the California-based dating site with 64 million members who want to have sex and one night stands with strangers. Nearly 4 Million Sex Life Exposed!!! The leaked data also includes the information on whether the users are gay or straight and even which ones might be seeking extramarital affairs. This data could be goldmines for hacker trying to blackma...

A security researcher has compiled a ransomware removal and rescue kit to help victims deal with ransomware threats and unlock encrypted files without paying off a single penny to the cyber crooks. Ransomware is a growing threat to the evolution of cyber criminals techniques in an attempt to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it or in some cases both, to extort money from victims. Most often ransomware victims end up paying off crooks either due to the threat of losing their important files or in panic as the threat pretends to be from some government agency. Though IT professionals and security companies have been dealing and fighting back with the ransomware threats, security professional Jada Cyrus has compiled a " Ransomware Rescue Kit "  or "Ransomware Removal Kit"  and made it available for free online. Ransomware removal kit - Download ...

I have an Android phone with a five different gmail accounts configured in it. But what if any one of them get compromised via phishing, malware or any other way? The Hacker would be able to access my Google account and obviously Google Play Store account too, which allows anyone to install any Android application remotely into my phone without my knowledge and confirmation… What if someone compromises large number of Google accounts and trigger mass installation of a spying or malware app remotely with just one click???? Yes, this was exactly what the National Security Agency (NSA) had done under its widely spread Global surveillance program. A new top-secret document obtained from the former NSA contractor Edward Snowden revealed that the NSA and its closest allies planned to hijack Google and Samsung app stores to infect smartphones with spyware. The operation was launched by the Network Tradecraft Advancement Team, including spy agents from each of the coun...

Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon's responsibility. When it comes to the network, security of that layer is a shared responsibility between the user and Amazon. Implications of the Shared Security Model Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment. In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it's key that organizations under...

Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says , will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as " Google+ Photos ," which comes pre-installed with every Android device. Google+ Photos automatically backs up photos in the device to Google cloud storage. However, the new photo service will not be a part of Google+ network . It seems like the company's attempts to bolster its product lineup and compete with the increasingly popular rivals like Facebook or Twitter to grow its user base. Just the way like Facebook, who acquired the popular mobile photo-sharing service Instagram in 2012 and increased its user base to more than 300 Million users in one shot. There aren't many details about How the new Google photo service will work? Whether the online photo storage part of the service ...

After HeartBleed , POODLE and FREAK  encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services. A team of security researchers has discovered a new attack, dubbed Logjam , that allows a man-in-the-middle (MitM) to downgrade encrypted connections between a user and a Web or email server to use extremely weaker 512-bit keys which can be easily decrypted. Johns Hopkins crypto researcher Matthew Green along with security experts from the University of Michigan and the French research institute Inria has discovered LogJam a few months ago and published a technical report that details the flaw. Logjam — Cousin of FREAK Logjam encryption flaw sounds just like FREAK vulnerability disclosed at the beginning of March.  ...

A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036 , is a remotely exploitable kernel stack buffer overflow flaw resides in Taiwan-based KCodes NetUSB . NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network. NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet. The security flaw, reported by Stefan Viehbock of Austria-based SEC Consult Vulnerability Lab, can be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) in order to establish a connection. However, if a connecting comp...

Good news for Gamers! Users of Facebook Messenger may soon be able to play games on the messaging platform . Nearly two months ago, Facebook launched its Messenger platform , inviting developers to create apps that allow you to send and receive GIFs, sound clips, and other artistic creations within Messenger, but the social network giant don't want the fun for users to end here. Facebook has confirmed that the company is actively discussing plans with several game developers to create games that work on its Messenger platform, to make its users' experience a lot more fun and potentially more lucrative. More user engagement, More Revenue: First reported on Monday by The Information , Facebook's plan for gamification is a way to get more user engagement and more revenue. Although there are not many details about Facebook's gaming initiative, the idea sounds really interesting, as we already have our social network established over Messenger that could make ...

A serious security vulnerability has been uncovered in Apple's Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address. A group of researchers, known as Deusen , has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address. This flaw could let an attacker lead Safari users to a malicious site instead of a trusted website they willing to connect to install malicious software and steal their login credentials. The vulnerability was discovered by the same group who reported a Universal Cross Site Scripting (XSS) flaw in all the latest patched versions of Microsoft's Internet Explorer in February this year that put IE users' credentials and other sensitive information at risk. The group recently published a proof-of-concept exploit code that makes...

The UK Government has quietly changed the Anti-Hacking Laws quietly that exempt GCHQ , police, and other electronic intelligence agencies from criminal prosecution for hacking into computers and mobile phones and carrying out its controversial surveillance practices. The details of the changes were disclosed at the Investigatory Powers Tribunal , which is currently hearing a challenge to the legality of computer hacking by UK law enforcement and its intelligence agencies. About a year ago, a coalition of Internet service providers teamed up with Privacy International to take a legal action against GCHQ for its unlawful hacking activities. However, the Government amended the Computer Misuse Act (CMA) two months ago to give GCHQ and other intelligence agencies more protection through a little-noticed addition to the Serious Crime Bill. The change was introduced on June 6, just weeks after the complaint was filed by Privacy International that GCHQ had conducted compu...