The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices. This week, we reported about a Vigilante Hacker , who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password. Now within few days, a security researcher has discovered a serious vulnerability in Netgear routers that has been publicly exploited by hackers. The critical flaw could allow hackers to bypass authentication mechanism and change the Domain Name System (DNS) settings of victims' routers to the malicious IP address. [ Exploit Code ] A security researcher, named Joe Giron, gave the details of his experience to BBC, saying that he noticed some anonymous activities in his machine and on investigating he learned that: The admin settings on his personal router have been modified on 28 September. Specifically, Domain Name System (DNS) settings on his router were changed to a suspicious IP address. ...

For the very first time in history, China has arrested hackers within its borders at the request of the United States government. The helping hands of China made me remind of recent Hollywood movie, The Martian , in which China's CNSA helped the United States' NASA to rescue astronaut Mark Watney who was mistakenly presumed dead and left behind on the planet Mars. Although China did not rescue anyone, rather it did arrest, but the point is – China helped the United States. Just two weeks before Chinese President Xi Jinping visited the U.S., the Chinese government took unprecedented step by complying with a United States request and arresting a handful of hackers within its borders, anonymous U.S. officials told the Washington Post. The arrested hackers were suspected of stealing commercial secrets from U.S. firms and then selling or passing on those secrets to Chinese state-run companies. The hackers were part of a wanted list drawn up by the U.S....

After the revelations that Whistleblower Edward Snowden made about the United States National Security Agency (NSA), the U.S. citizens are in need of more transparent digital security. The Citizens of the United States have appealed to the Obama Administration through a campaign for rejecting any policy, mandate or law that stands against their security in the cyberspace and adopt strong encryption for them. The Washington Post reported that the Obama Administration has agreed partially on the encrypted communications issue. "The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," James B. Comey , FBI Director, said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee. This decision is considered as the Status Quo. It is like a win-win situation to decrease the tension because of the Petition and regard the law enforcement agencies as well a...

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12 . However, Ved owned Google.com for one whole minute before the Mountain View company realized it was a mistake and cancelled the transaction. After acknowledging the mistake, Google rewarded Ved with some unknown amount of cash, but when Ved generously suggested donating his prize money to charity instead, Google just doubled the reward. Google Rewarded Ved with More than $10,000 Ved believed that his real reward was just being the person who bought Google.com for a whole minute. "I do not care about the money," Ved told in an interview with Business Insider. "It was never about the money. I also want to set an example that [there are] people who [wi...

Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS (content management system) platform. Researchers from security firm Sucuri have found a way to perform Brute Force amplification attacks against WordPress' built-in XML-RPC feature to crack down administrator credentials. XML-RPC is one of the simplest protocols for securely exchanging data between computers across the Internet. It uses the system.multicall method that allows an application to execute multiple commands within one HTTP request. A number of CMS including WordPress and Drupal support XML-RPC. But… The same method has been abused to amplify their Brute Force attacks many times over by attempting hundreds of passwords within just one HTTP request, without been detected. Amplified Brute-Force Attacks This means instead of trying tho...

Samsung has been surrounded by a lot of controversies since the past few years, but that has not influenced its productivity. But this report has raised a few eyebrows... Samsung's mobile payment system company, LoopPay , was hacked back in March this year, just a month after Samsung bought it to help make Samsung Pay a reality. Samsung acquired LoopPay for more than $250 Million in February this year, and a group of Chinese Hackers were able to access LoopPay computer systems in March. The most worrisome part is – the hack was discovered 5 months later in August . Hackers were After Technology; Not Money or Sensitive Data The hackers, believed to be from a group called ' Codoso Group ' or ' Sunshock Group ,' were after the company's Magnetic Secure Transmission (MST) Technology . The group injected LoopPay's computer network with a hidden sophisticated attack in March, but the investigation kicked off when LoopPay learned of...

Virtual Private Networks (VPNs) , which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN product by Cisco Systems to install backdoors that collect employees' usernames and passwords used to login to corporate networks. The product in question is Cisco Systems' Web-based VPN – Clientless SSL VPN . Once an employee is authenticated, Clientless SSL VPNs allows him/her to access internal web resources, browse internal file shares, and launch plug-ins, which let them access internal web resources through telnet, SSH, or similar network protocols. The backdoor contains malicious JavaScript code that attackers used to inject into the login pages. Once injected, the backdoor is hard to detect because the malicious JavaScript is hosted on an external compromised...

SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised by hackers in the next three months. The SHA-1 algorithm was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hash functions, SHA-1 converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that message. Like fingerprints, the resulting hashes are useful as long as they are unique. If two different message inputs generate the same hash (also known as a collision ), it can open doors for real-world hackers to break into the security of banking transactions, software downloads, or any website communication. Collision Attacks on SHA-1 Researchers ...

A security researcher has won $24,000 from Microsoft for finding a critical flaw in its Live.com authentication system that could allow hackers to gain access to a user's complete Outlook account or other Microsoft services. Microsoft's Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft services, including OneDrive, Windows Phone, Skype, and Xbox LIVE. Hacking Hotmail (Outlook.com) Account It's one account for all services. So, if say, Outlook wants to access other apps, it uses a standard set of authentication code called OAuth . OAuth is an open standard for authorization that keeps your passwords safe on third-party sites and instead of sharing your password, it shares a special key called 'Access token' to access the app. OAuth authorizations are accomplished through a prompt, as shown below and to allow an app to gain access to your account, you n...

Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable. Now, the latest is the ' Kemoge Malware ' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of it. Security researchers from FireEye Labs have discovered that Kemoge malicious adware family is spreading in 20 countries around the globe. Also, the origin of the Adware's attack is suspected from China. What is Kemoge? The name given to the malicious Adware family is because of its command and control (C2) domain: aps.kemoge.net. Kemoge is an Adware in the disguise of popular Apps; it has circulated in such numbers because it takes the name of popular apps and repackages them with the malicious code and make them available to the user. They even use...

What if your phone suddenly slips into a bathtub? Maybe you'll end up losing all your important data, more specifically, your WhatsApp photos, videos, Voice Notes and Chat Data that flows through your chats. Sounds scary, isn't it?  But, now you need not worry if your phone suddenly died or broke – Thanks to the new integration to your favorite messaging app WhatsApp with Google Drive. Google and Facebook announced a partnership that will bring Google Drive integration to WhatsApp for Android, allowing you to automatically backup all your chat messages and multimedia content regularly to the cloud. BackUp Your WhatsApp Data to Google Drive With Google Drive integration, you can create a private backup of your: Chat History Voice Messages Photos Videos …to "keep your memory safe," Google says. You can also decide to backup your WhatsApp data: Daily, Weekly, Monthly, or Not at All. Data BackUp and Recovery with Enc...

Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The British Spying Agency have special tools that let them take over your smartphones with just a text message, said Edward Snowden , and there is " very little " you can do to prevent them having " total control " over your devices. By Sending just a Text message, the tools let spies: Listen in to what's happening in the room View files and the web history See messages and photos Taking secret pictures of smartphone owners Pinpoint exactly where a user is (to a much more sophisticated level than a typical GPS system) In other words, the tools allow agencies to monitor your every move and every conversation, even when your smartphone is turned OFF. Here's How GCHQ Ca...