The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Widely popular AppLock for Android by DoMobile Ltd. is claimed to be vulnerable to hackers. Having an applock for iPhone or Android device is useful. It is suitable for security and keeping people out of your business. But when it comes to how to password protect apps on Android? How to put passwords on apps? — the one app that comes to mind is AppLock. What is AppLock? AppLock is a lightweight Android app that enables users to apply a lock on almost any type of file or app on their devices, preventing access to your locked apps and private data without a password. The most basic functionality of the security feature is to lock your Android apps so that nobody can access or uninstall them, but applock can hide pictures and videos, and even contacts and individual messages. For example, if you have an app lock on WhatsApp, one of your friends borrow your phone to play games cannot get into your WhatsApp app without a password you have set for the locked app. App Lock si...

Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet . The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers. Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5 . Mac Keychain Flaw Now, security researchers from anti-malware firm MalwareBytes spotted t...

In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM) . These attacks resulted in 21 million current and former Federal government employees' information being stolen. After months of investigation, the FBI's Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the attack. One of the more effective tools discovered is named ' FF-RAT '. FF-RAT evades endpoint detection through stealth tactics, including the ability to download DLLs remotely and execute them in memory only. Hackers use RATs to gain unlimited access to infected endpoints. Once the victim's access privilege is acquired, it is then used for malware deployment, command and control (C&C) server communication, and data exfiltration. Most Advanced Persistent Threat (APT) attacks also take advantage of RAT functionality for bypassing strong authentication, reconnaissance, spreading...

No plan to install Windows 10 due to Microsoft's controversial data mining and privacy invasions within the operating system? Well, Windows 7 and Windows 8 OS users should also be worried as Windows 10 spying is now headed their way too… Microsoft has been caught installing latest updates onto Windows 7 and Windows 8 computers that effectively introduce the same data collecting and user behavior tracking features used in Windows 10. Under the new updates, the operating systems indiscriminately upload data to Microsoft's servers, which might be a major privacy concern for many users. Creepy Updates The updates in question are: KB3068708 – This update introduces the Diagnostics and Telemetry tracking service to existing devices. KB3022345 (replaced by KB3068708 ) – This update adds the Diagnostics and Telemetry tracking service to in-market devices. KB3075249 – This update adds telemetry points to the User Account Control (UAC) feature in order to collect data on ele...

Drones also known as Unmanned Aerial Vehicles (UAVs) have contributed enormously by acting as an interface for conducting surveillance operations, or delivering products, or attacking a war site to name a few. We have seen Drones like ' Snoopy ' that are capable to intercept data from your Smartphones, even without authentication or interaction, using spoofed wireless networks. And now the reports depict... The first U.S. state to get permission for flying drones with "less lethal weapons" is North Dakota. It now has the powers to grant permissions to the local police departments to attach weapons like: rubber bullets, pepper spray, tear gas, sound cannons, and tasers. Earlier, the law's author Rick Becker had restricted the police to get a warrant for conducting drone surveillance. However, the things didn't turn up his way as, an officer from the North Dakota Peace Officers Association Bruce Burkett , controlled things his way by get...

Hackers are getting smarter in fooling us all , and now they are using sophisticated hacking schemes to get into your Gmail. Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account. Researchers at Citizen Lab released a report on Thursday which shows how the hackers are using text messages and phone-based phishing attacks to circumvent Gmail's security and take over the Gmail accounts of their targets, specifically political dissidents. The report detailed and elaborated three types of phishing attacks aimed at Iranian activists. Researchers also found one such attack targeting Jillian York , the Director for International Freedom of Expression at the Electronic Frontier Foundation . Here's How the Attack Works Via Text Messages: In some case...

Only 9 days are left for Apple's annual new iPhone launch event, where the company will bring its various new products but the obvious stars of the show will be the iPhone 6s and the iPhone 6s Plus . The company has not officially announced the iPhone 6S and iPhone 6S Plus yet, but a series of new, high-resolution photographs obtained by 9to5Mac show some new features coming to its next-generation iPhone. The new iPhones – likely called the iPhone 6S and 6S Plus – will be introduced at Apple's fall event on September 9. The leaked photos give us a closer look at two of the iPhone's key new features: Force Touch and a larger FaceTime camera. Here are the list of features the new iPhone 6S and iPhone 6S Plus include: Force Touch The new iPhone 6S would include Force Touch technology that Apple introduced with the Apple Watch, and haptic feedback. Here's how it works: When a user press slightly harder on the screen, sensors in the scre...

Six British teenagers arrested and released on bail on suspicion of launching cyber attacks on websites and services with the help of Lizard Squad DDoS attack tool, called Lizard Stresser . Lizard Squad is infamous for hacking and knocking down the largest online gaming networks – PlayStation Network and Xbox Live – last year by launching massive Distributed Denial-of-Service (DDoS) attacks. The notorious hacker group set up a website to let customers use its Lizard-branded DDoS-for-hire tool Lizard Stresser to launch similar DDoS attacks. The six teens, arrested by the National Crime Agency , are accused of using Lizard Stresser DDoS tool to launch cyber attacks against a school, a national newspaper, gaming companies and a number of online retailers. However, according to the law enforcement, none of the teenagers are believed to be the member of Lizard Squad, nor had any connection with the last year's Christmas hack against Sony and Microsoft's gami...

Two weeks ago, we reported how a serious flaw in the popular peer-to-peer BitTorrent file sharing protocols could be exploited to carry out a devastating distributed denial of service (DDoS) attack, allowing lone hackers with limited resources to take down large websites. Good news is that the developers of BitTorrent have fixed the security issue in its service that is being used by hundreds of Millions of users worldwide. In a blog post published Thursday, BitTorrent announced that the flaw was resided in a reference implementation of the Micro Transport Protocol (uTP) called libuTP , which is used by many widely used BitTorrent clients such as μTorrent , Vuze and Mainline . The San Francisco company also announced that it has rolled out a patch for its libuTP software that will stop miscreants from abusing the p2p protocol to conduct Distributed Reflective Denial-of-Service (DRDoS) attacks. DRDoS attack is a more sophisticated form of conventional DDoS att...

Facebook bounty hunter Laxman Muthiyah from India has recently discovered his third bug of this year in the widely popular social network website that just made a new record by touching 1 Billion users in a single day. At the beginning of the year, Laxman discovered a serious flaw in Facebook graphs that allowed him to view or probably delete others photo album on Facebook, even without having authentication. Just after a month, Laxman uncovered another critical vulnerability in the social network platform that resided in the Facebook Photo Sync feature , that automatically uploads photos from your mobile device to a private Facebook album, which isn't visible to any of your Facebook friends or other Facebook users. However, the flaw discovered by Laxman could allowed any third-party app to access and steal your personal photographs from the hidden Facebook Photo Sync album. Hacking Any Facebook Page Now, the latest bug in Laxman's list could allow atta...

Yesterday, Facebook Co-founder and Chairman Mark Zuckerberg broadcast in his Facebook post, that Monday Facebook made a record by counting ONE BILLION people accessing Facebook in a single day. Zuckerberg shared his happiness and thanked the world. He was overwhelmed with the milestone Facebook has touched and even shared a video expressing his emotions. "[Facebook] just passed an important milestone," Zuckerberg wrote in a Facebook post on Thursday. "For the first time ever, one billion people used Facebook in a single day." That means roughly 1 in 7 people on Earth connected with their friends and family using Facebook in a single day. Feeling Connected Indeed! So far, Facebook is the world's largest online social networking website with 1.5 Billion monthly active users . Comparatively, Twitter has 316 Million monthly active users . Zuckerberg felt proud of the Facebook community. As they are the ones, who helped him to reach such...

We could expect Ashley Madison to cross any limits when it comes to cheating, but this is WORSE . After all the revelations made by the Impact Team past week, this was something different from the leaked data that had names, password and other details of Ashley Madison client s. A dump from the leaked files unfold awful strategy of Avid Life Media (ALM), Ashley Madison's parent company, to launch an app called " What's your wife worth ." As the name says it all, the app allows men to Rate each others Wives. Know Your Wife Worth ' What's your wife worth ' was discovered in a June 2013 email exchanged between Noel Biderman , ALM's chief executive and Brian Offenheim , ALM's vice president of creative and design, which said that Biderman suggested Offenheim about the probable outlook of the app. He suggested options like " Choice should be 'post your wife' and 'bid on someone's wife' ," also ...