The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

There's a new and clever way of hacking into computers, and it can be done cheaply – Using just a radio receiver and a piece of pita bread . Yeah, you heard it right. Security researchers at Tel Aviv University have demonstrated how to extract secret decryption keys from computers by capturing radio emissions of laptop computers . Capturing the radio signals to steal data from a computer system is nothing new. But the process required expensive, bulky lab equipment to accomplish. However, the Israeli-based researchers team managed to do it with cheap consumer-grade components as well as small enough to hide inside a piece of pita bread. Using cheap equipment, the team of researchers, including Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer , was able to capture keystrokes, applications running on a computer system, and encryption keys. How the method works? The idea is simple, as different computer operations, such as playing some game o...

No doubt, You must be aware that Google tracks you, but what you probably did not realize is how precisely and till what extent it tracks you. Well, Google knows which movies I watched where, when, at what time and with how many of my friends , and knows it so well — even my eyebrows raised slightly in surprise! Yes, you heard right. If you are using your Gmail account like I do, receiving all movie booking and tickets, Google can easily track your movie flavors and frequent hangout places without access to GPS. GOOGLE READ MY EMAILS FOR EVENT INFORMATION I was feeling bored last night, so I decided to watch a movie and moved towards Google to search newly released films. As I googled " Movies 2015 "... Holy Crap! What I saw on the monitor was unbelievable. In Google search results, I was able to see the list of all my past movie booking event activities and even my future bookings ( shown below ), and it was so, so accurate. If you have Google acc...

Google, Apple, Microsoft , and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance. Dubbed WebAssembly (or wasm for short), a project to create a new portable bytecode for the Web that will be more efficient for both desktop as well as mobile web browsers to parse than the complete source code of a Web page or an application. Bytecode is actually a machine-readable instruction set that is faster for web browsers to load than high-level languages. WebAssembly — A New File Format to Compile Code At the moment, browsers use JavaScript to interpret the code and allow functionality on websites such as dynamic content and forms. By default, JavaScript files are downloaded from the server and then compiled by the JavaScript engine in the web browser. However, improvements have been made to load times via Asm.js — the stripped-down JavaScript dialect described as an "assembly language for ...

Do you actually read the list of permissions that Android apps are asking for before you install them? I know most of us treat those permissions like terms and conditions, blindly tapping our way through. But if you actually do, you would be aware of their reach. Some of your apps can make phone calls Some can track your location Some can read your browsing history, contacts, SMS, photos, calendar And… Even share this personal information with third parties without your knowledge. But, do they need all those permissions? No doubt, Google's Android mobile operating system has a powerful app permission system that forces app developers to mention the exact permissions they require. But, there is one major issue for Android users: By default, it is a Take-it-or-Leave-it situation, which means you can choose to install the app, granting all those permissions or simply, not install it. It appears like every app developer wants access to much of my phon...

The Electronic Frontier Foundation has released its annual report card of tech companies for 2015 based upon how much they keep your personal data secure from government snoops. And the Worst Companies Award goes to… At&T WhatsApp Verizon Yes, you heard right! WhatsApp is one of the three worst companies at protecting its users' data so if you are concerned about your data privacy, you should think twice before using WhatsApp. The EFF released its latest Who Has Your Back report based on 5 basic criteria that included: Follows Industry Accepted Best Practices Tells Users About Government Data Demands Discloses Policies on Data Retention Discloses Government Content Removal Requests Pro-user Public Policy: opposes backdoors The prominent privacy advocacy group analysed 24 companies in total, and among them AT&T, Verizon and WhatsApp came out to be the worst companies at protecting its users' data. Where Verizon met two criteria of the EFF...

We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier. Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers. In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone's email account password, all y...

While many of us are battling with the slow data access and still awaiting the roll-out of 4G Networks, the International Telecommunication Union (ITU) is already looking forward to the next generation of telecommunication network technology. Yes folks, we are talking about the future 5G standard for mobile networking . Since 5G standard is currently in the definition stage, the ITU has announced a timeline for a name, demonstration, and distribution. During a conference held in San Diego from June 10th to 18th, 12 member delegation sat to draw up the specifications to be established for the upcoming 5G network standard and to set a roadmap as to how the objective will be achieved. What's the Standard Data Speed for 5G Network? When I talk about data speed, the ITU has decided that 5G compliant networks will have to provide a peak data speed of up to 20Gbps , which means it's 20 times faster than the peak speed specification (1Gbps) of 4G LTE network...

Let's Encrypt , a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates (SSL/TLS) to secure HTTPS website, is looking forward to issue its first digital certificates next month. With Let's Encrypt , any webmaster interested in implementing HTTPS for their services can get the certificates for free, which is a great move for encouraging people to encrypt their users' connections to their websites. Let's Encrypt is a combined effort of digital-era rights advocate Electronic Frontier Foundation (EFF), Mozilla Foundation , Cisco Systems , Internet content distributor Akamai Technologies , certificate provider IdenTrust and researchers from the University of Michigan . Generally, the process of implementation of an SSL certificate, including the need to obtain and install a certificate, is complicated for most web developers as it sounds. In most cases, the cost related issues force web adm...

More than 600 Million users of Samsung Galaxy smartphones, including the newly released Galaxy S6, are potentially vulnerable to a software bug that allows hackers to secretly monitor the phone's camera and microphone, read text messages and install malicious apps. The vulnerability is due to a problem with the Samsung built-in keyboard app that enables easier predictive text. One of the keyboard app version, SwiftKey IME , that comes prepackaged with Samsung's latest Galaxy smartphones could allow a malicious hacker to remotely execute code on user's phone even when if they are not using the keyboard app. Users cannot get rid of this Flaw The app cannot be uninstalled or disabled by the users of the Samsung smartphone devices, so it is up to Samsung to fix the critical bug. The vulnerability was discovered by NowSecure mobile security researcher Ryan Welton, who notified Samsung about the bug in December last year. The keyboard app periodic...

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered potentially deadly zero-day vulnerabilities in both iOS and OS X operating systems that could put iPhone/iPad or Mac owners at a high risk of cyber attacks. Researchers have created and published a malicious app on the App Store that was able to siphon users' personal data from the password storing Keychain in Apple's OS X , as well as steal passwords from iCloud, banking and email accounts. Dubbed XARA (cross-app resource access), the malware exploit app was able to bypass the OS X sandboxing mechanisms that are supposedly designed to prevent an app from accessing the credentials, contacts, and other important data related to other apps. The Consequences are Dire! ...

The USB flash drives or memory sticks are an excellent way to store and carry data and applications for access on any system you come across. With storage spaces already reaching 256 gigabytes, nowadays USB drives are often larger than past's hard drives. Thanks to increased storage capacity and low prices, you can easily store all your personal data on a tiny, easy-to-carry, USB memory stick. The USB drive is a device that is used by almost everyone today. However, there's a downside… I think you'll agree with me when I say: USB sticks are easily lost or stolen. Aren't they? However, in today's post I am going to show you how to use your USB drives without fear of being misplaced. If you are not aware, the leading cause of data breaches for the past few years has been the loss or theft of laptops and USB storage devices. However, USB flash memory sticks are generally treated with far less care than laptops, and criminals seeking for corporate devices could cost your c...

Whether you are a one-stop-shop IT guy or a network admin on a large IT team you owe it to yourself to learn about Security Information and Event Management (SIEM) technology. Why? SIEM lets you correlate between events recorded in different logs for related systems. This is significant because attackers often exploit multiple vulnerabilities on separate but connected systems. For a complete picture of what's going on in your network, look beyond the network itself to correlate events in applications, databases, and middleware. With today's distributed applications, the challenge of troubleshooting more routine failures or slowdowns is not so different. The breakdown often lies in the connection between two systems, rather than in one or the other. What makes a good SIEM tool different from all other management and monitoring tools you have is its breadth. SolarWinds Log & Event Manager is a powerful SIEM tool that pulls together logs from virtually every s...