The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv...

The Online Hacktivist group Anonymous announced it plans to reveal the identities of about 1,000 Ku Klux Klan (KKK) members on 5th November , the day of the Global Protest movement known as the Million Mask March. Million Mask March , where protesters don Guy Fawkes masks in hundreds of cities around the world, and march together against the corrupt Governments and corporations. Ku Klux Klan (KKK) is classified as a White Supremacist Racist group by the Anti-Defamation League and the Southern Poverty Law Center, allegedly having total 5,000 to 8,000 members. It was founded after the Civil War by former Confederate soldiers to fight against the reforms imposed by the North during Reconstruction. " We've gained access to yet another KKK Twitter account. Using the info obtained, we will be revealing about 1000 Klan member identities. ", Anonymous Hackers tweeted last week. The list of 1000 KKK Members, to be released on 5th November, apparently includes the...

Imagine the internet that would offer you to communicate privately with anyone else without censorship, safe from the prying eyes of surveillance authorities…. … Decentralized, Encrypted, Peer-to-Peer Supported and especially a non-IP Address based Internet. Yeah, a New Private Internet that would be harder to get Hacked. This Internet is a dream of all Internet users today and, of course, Kim Dotcom – the Famous Internet entrepreneur who introduced legendary Megaupload and MEGA file sharing services to the World. Kim Dotcom announced plans to start his very own private internet at the beginning of this year and has now revealed more details about MegaNet — a decentralized, non-IP based network that would share data via " Blockchains ," the technology behind Bitcoins. On Thursday, Dotcom remotely addressed a conference in Sydney, Australia, where he explained how MegaNet will utilize the power of mobile phones and laptops to operate. How will M...

Hackers are now going crazy and trying new ways in Biohacking . Until now, we have seen a hacker who implanted a small NFC chip in his hand in order to hack Android smartphones and bypass almost all security measures. However, now the level of craziness has gone to a whole new level. A Swedish hacker has devised a neat trick that makes him able to buy groceries or transfer money between bank accounts by just waving his hand. Yes, you heard that right.  Patric Lanhed , a software developer at DigitasLBi, implanted a small NFC (Near Field Communications) chip with the private key to his Bitcoin wallet under his skin. So How Does the Trick Work? So, while sending Bitcoin payment from one digital wallet to another, he just has to wave his hands against an NFC chip reader that will scan the data, and a custom software will confirm the authenticity of the key, triggering the money transfer. A proof-of-concept video demonstration by Patric and his acquain...

Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium , a startup by French-based company Vupen that Buys and Sells zero-day exploits. And Guess what, in How much? $1,000,000. Yes, $1 Million. Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through: A web page on Safari or Chrome browser, In-app browsing action, or Text message or MMS. Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. NO More Fun. It's Serious Threat to iOS Use...

Avoiding Credit Card Fraud is simply easy as long as you use cash. But, what if you even get hacked while withdrawing cash from an ATM? If you are living in Germany or traveling there, then think twice before using your payment cards in the ATMs. Here's why: A Security researcher in Germany has managed to hack ATM and self-service terminal from Sparkasse Bank that allowed him to reveal the sensitive details from the payment card inserted into the machine. Benjamin Kunz-Mejri , CEO of Germany-based security firm Vulnerability Lab , discovered a vulnerability while using a Sparkasse terminal that suddenly ejected his card, and changed status to " temporarily not available. " Meanwhile, the machine automatically started performing software update process in the background. However, Benjamin used a special keyboard combination to trick the ATM into another mode. Benjamin's trick forced ATM system to put update process console (cmd) in the foreground ...

Hey friends, guess what? Yes, yes.. you read that right... It's Party time for all of us, as The Hacker News (THN) is celebrating its 5th Anniversary Today. And what an epic 5 years it has been! We began our journey on this same day back on November 1, 2010, as a dedicated news platform for Hackers, Security researchers, technologists and nerds. And just because of your support ' The Hacker News ' has become one of the World's popular Hacking and Technology News Platform that went from ~100,000 Readers to more than 4 Million unique monthly readers. So now it's time to Celebrate… and most importantly, Congratulate you all for the success of THN. Thank you all for your enthusiasm, contribution, support, sharing, love, time and efforts as well. We wouldn't be here, five years on and still going strong, if you didn't support us too. Future Plans at The Hacker News We don't cover everything, never did, never could, we just publicized the th...

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te...

Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor . Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries. In April 2015, the Dutch police obtained ' Decryption keys ' database from a seized command and control server of CoinVault. Ransomware Decryption Tool Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service , which included a set of around 750 decryp...

The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco...

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed 16-year-old boy from Feltham in west London on suspicion of Computer Misuse Act offences. Latest TalkTalk Data breach put the Bank details and Personally Identifiable Information (PII) of millions of customers at risk, including: Nearly 21,000 Bank Accounts Almost 28,000 obscured Credit and Debit card details Less than 15,000 customer dates of birth Names, Email Addresses, and Phone Numbers of 1.2 Million Customers TalkTalk has confessed that " Not all of the data was encrypted "... yeah, its' too bad. However, " Investigations so far show that the information that may have bee...

Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1 users through the Windows Update process, but next year the company will do it on purpose. MISSION '1 BILLION': It doesn't come as a surprise, as Microsoft mentioned many times that it wants to get Windows 10 into as many hands as possible to reach its goal of 1 Billion installations. Starting next year, Microsoft is planning to re-categorize Windows 10 as a " Recommended Update " in its Windows Update service. Also Read:  Here's How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically . This means that the Windows 10 upgrade process will start downloading and initiating automatically on thousands of devices. Before: ...