The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome , in a way that you will not notice any difference while browsing. The new adware software, dubbed " eFast Browser ," works by installing and running itself in place of Google Chrome The adware does all kinds of malicious activities that we have seen quite often over the years: Generates pop-up, coupon, pop-under and other similar ads on your screen Placing other advertisements into your web pages Redirects you to malicious websites containing bogus contents Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft. What's Nefariously Intriguing About this Adware? The thing that makes this Adware different from others is that instead of taking contr...

A self-described teenage hacker has claimed to have hacked into personal AOL email account of Central Intelligence Agency (CIA) Director John Brennan and swiped sensitive top-secret data. It's Really a major embarrassment for Brennan as well as the CIA. The hacker, who describes himself as an American high school student, called the New York Post to describe his exploits. According to the teenage hacker, Brennan's private email account held a range of sensitive files, which includes: His 47-page application for top-secret security clearance Social Security numbers (SSNs) and personal information of more than a dozen top US intelligence officials A government letter discussing " harsh interrogation techniques " used on terrorist suspects Sensitive Information Leaked The teenage hacker operates with under the Twitter name " Crackas With Attitude " with Twitter handle @_CWA_ . He confirmed the Post that he also controlled the...

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a ...

Facebook just launched a new notification feature that will alert you if the social network strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state. The message, which you can see below, recommends users to turn ON " Login Approvals ," so that their Facebook accounts can only be accessed using stronger two-factor authentication. Facebook insists that some necessary steps are already taken to secure users' Facebook accounts that may be targeted by hackers, but the company has also stepped up to directly warn its users when a government-sponsored attack is under away. In a blog post published Saturday, Facebook Chief Security Officer (CSO) Alex Stamos announced that this step to secure accounts is necessary "because these types of attacks tend to be more advanced and dangerous than others." Stamos added that "it's important to understand that this warning is not related t...

Microsoft wants Windows 10 users to use its Edge browser , and the company is pulling every trick out to make it happen. In a newly leaked Windows 10 preview release ( build 10568 ) , Microsoft has added a new prompt that appears whenever you try to switch away from default apps, including Microsoft Edge . Considering the wide adoption of Microsoft's newest operating system Windows 10, it seems that users are still hesitant in adopting Edge browser that comes bundled with  Windows 10 . To help encourage a higher adoption of Microsoft's default apps bundled with Windows 10, the software giant seems to be taking some steps. Come, Give Microsoft Edge A Shot!  If you already have Microsoft Edge as your default browser, then installing another rival browser, such as Google Chrome or Mozilla Firefox , and switching the defaults will make a dialog box with " Give Microsoft Edge a shot " appear. The prompt highlights some of the latest features in ...

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them (ICYMI). Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use Radio-waves to control our Smartphones from 16 feet away and How did the NSA break Trillions of Encrypted connections. Also, some of last week's news included USB Killer v2.0 and a real-life Thor-like Hammer . I recommend you to read the entire news (just click ' Read More ' because there's some valuable advice in there as well). Here's the list: 1. Google OnHub Router Runs on Chrome OS; Here's How to Root it Google OnHub Router runs Chrome operating system, the same Linux-based OS that powers Google Chromebook laptops and desktops. Google OnHub is a modern wireless router designed by Google and TP-Link. It operates networks on both t...

Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player . The vulnerability was exploited in the wild by a well-known group of Russian hackers, named " Pawn Storm ," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the Flash Player users at a potentially high risk. Since then, there was no patch available to make flawed utility safe. However, Adobe has now patched the zero-day vulnerability, along with some critical vulnerabilities whose details are yet to be disclosed. Yesterday, the company published a post on their official security bulletin ( APSB15-27 ) detailing the risks associated with the zero-day and how a user can get rid of them. The critical vulnerabilities are assigned following CVE numbers: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 Also, Adobe is kn...

Malaysian authorities have arrested a Kosovo citizen in Kuala Lumpur on Computer hacking charges and allegedly providing personal data about United States military members to the Islamic State Terrorists group ( also known as ISIS or ISIL ). According to the US Department of Justice (DOJ) and the FBI, Kosovo citizen Ardit Ferizi allegedly hacked into the US web hosting company's servers and stole personal data of more than 1,300 US government and military employees. Ferizi didn't use the stolen data for identity theft; instead he allegedly handed the hacked information over to Junaid Hussain ( also known as Abu Hussain Al Britani ), an ISIS member and hacker who was killed in a US drone strike in August. The stolen data includes names, email addresses, passwords, phone numbers and locations of US military service members and government workers. Hacker May Face up to 35 Years in Prison Moreover, Ferizi also accessed customers' information from a...

Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe. Also Read:  Top Best Password Managers . Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a co...

If you are running Windows 7 or Windows 8.1 and have no plans to switch to Windows 10, then Microsoft could force you to install Windows 10, making it harder for you to cancel or opt-out of upgrading. Note: Above image has been photoshopped, but the original screenshot taken by Windows users is given below. Reports are circulating that some Windows 7 and Windows 8.1 users are claiming that the latest Windows 10 OS has begun to automatically install itself on their PCs. According to complaints by users, Windows Update screen is only offering them the option to either: Start the upgrade process, or Reschedule the upgrade for a later date Other users are finding that the dialog boxes they are presented display a message saying that the " Upgrade to Windows 10 is Ready ," and prompting users to " Restart your PC to begin the installation ." The issue actually resided in the Windows Update process. Microsoft has listed Windows 10 as an " Op...

While the US military continues to build more advanced unmanned aerial vehicles ( UAVs ), popularly known as Drones , the US company Battelle has developed a shoulder-mounted rifle to deal with unwanted drones flying around. Dubbed DroneDefender , the revolutionary weapon specifically designed to target and knock drones out of the sky at a range of just 400 meters, without totally destroying them. The Battelle DroneDefender utilizes radio waves to neutralize in-flight Drones and force them to land or hover or return to its point of origin. Video Demonstration You can watch the video given below to know how the DroneDefender works. It shows how the weapon is able to stop a drone in its tracks and cause it to land. The DroneDefender weighs less than 5 kilograms and can disable a hostile drone within a 400-meter radius. How does DroneDefender Work? As soon as the trigger is pulled, DroneDefender emits radio pulses that interrupt the communications system...

The Chinese Pangu jailbreak team has once again surprised everyone by releasing the first untethered jailbreak tool for iOS 9 – iOS 9.0, iOS 9.0.1, and iOS 9.0.2. The untethered jailbreak is a jailbreak where your device don't require any reboot every time it connects to an external device capable of executing commands on the device. The Pangu team released their iOS 9 jailbreak into the wild instead of submitting it to Zerodium, a company which promised a $1 Million reward for iOS 9 jailbreaks . How to Jailbreak iOS 9.0, 9.0.1 and 9.0.2? Jailbreaking is a process of removing limitations on Apple's iOS devices so you can install third party software not certified by Apple. Before proceeding to Jailbreak your device, back up all personal data of your device using iCloud or iTunes. Also, Disable any Anti-virus programs or firewalls that could prevent Pangu from connecting to the Internet. Now, let's start. Follow these steps to jailbreak your iPhone,...