The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After hacking and taking down social media accounts of ISIS members, the online Hacktivist group Anonymous is back again with its new plan to harass the Islamic State (IS) militant group that was behind the horrific terror attack in Paris. Anonymous declared total war against ISIS after the last month's Paris attacks and supposedly: Took down thousands of Twitter and social media accounts used by the ISIS terrorists Disrupted the terror group's primary communications platform Replaced one of ISIS' websites with a Viagra ad Now, the hacktivist group has declared December 11th to be " ISIS Trolling Day ," planning an organized trolling campaign against ISIS by assaulting their image through Photoshopped images, memes, videos and jokes related to the terrorist organisation. Also Read: ISIS Issues 5 Lame Tips for its Members to Avoid Getting Hacked Vanish ISIS Online Presence This campaign is also part of the group's ongoing effort...

Microsoft has announced the plans to open source the core components of its " Chakra " – the JavaScript engine behind the new Edge browser – to GitHub code-sharing and collaboration repository next month. The company made this announcement at the JSConf US Last Call conference in Florida this weekend. What is Chakra? " Chakra ," developed in 2008, is a self-contained JavaScript virtual machine that Microsoft now lets developers implement in their own products and applications. Though Chakra is at the core of only Microsoft's Edge, it is used across the Microsoft's newest operating system Windows 10 to power Universal Apps on Xbox, Windows Phone and tablets. Chakra Going Open Source as ChakraCore ChakraCore – is what Microsoft is calling the open source version of its Chakra – will be made available on GitHub under an MIT open source license in January 2016, with support from Intel, AMD, and NodeSource. According to the Microsof...

Now this was to be done, Sooner or Later – The Government. In the wake of the recent deadly Paris terror attacks, the French government is considering new laws that would Ban access to Free Wi-Fi and the Tor anonymity network, according to a recent report by French newspaper Le Monde. The report cites an internal document from the Ministry of Interior by French Department of Civil Liberties and Legal Affairs (DLPAJ) that lists two proposed bills – one around the State of Emergency and the other on combating counter-terrorism. Last month's Paris attacks started blame games, calling Edward Snowden and end-to-end encrypted services responsible for the ISIS-sponsored massacre. Also Read: Anonymous declares War on ISIS: 'We will Hunt you Down!' Now, the government has started renewing their assault on encryption and reviving their efforts to force tech companies to hand over encryption keys, and the document obtained by Le Monde hints the same. Proposed Pieces of Legis...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

As much as you protect your electronics from being hacked, hackers are clever enough at finding new ways to get into your devices. But, you would hope that once a flaw discovered it would at least be fixed in few days or weeks, but that's not always the case. A three-year-old security vulnerability within a software component used by more than 6.1 Million smart devices still remains unpatched by many vendors, thereby placing Smart TVs, Routers, Smartphones, and other Internet of Things (IoT) products at risk of exploit. Security researchers at Trend Micro have brought the flaw to light that has been known since 2012 but has not been patched yet. Remote Code Execution Vulnerabilities  Researchers discovered a collection of Remote Code Execution (RCE) vulnerabilities in the Portable SDK for UPnP , or libupnp component – a software library used by mobile devices, routers, smart TVs, and other IoT devices to stream media files over a network. The flaws occur du...

The man accused of being "a senior advisor" and mentor of Ross Ulbricht , the convicted operator of the illegal drug marketplace Silk Road , has been arrested in Thailand and charged with conspiring to traffic drugs and money laundering. The US Department of Justice (DoJ) announced on Friday that Roger Thomas Clark , 54, is accused of being " Variety Jones ," who was a close confidante of Ulbricht's who: Advised Ulbricht on all aspects of Silk Road's operations Helped Ulbricht grow the notorious website into an extensive criminal enterprise Clark was arrested Thursday in Thailand and is now awaiting extradition to face United States charges of: Narcotics Trafficking Conspiracy – carries a maximum sentence of life in prison. Money Laundering Conspiracy – carries a maximum sentence of 20 years in prison. Life in Prison If convicted, Clark faces at least 10 years and as long as life in prison, according to a statement from Manhattan U.S. Attorney Preet...

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application Development report ( PDF ), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015. The security researchers crawled popular web scripting languages including PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, iOS, and COBOL, scanning hundreds of thousands of applications over the last 18 months. Also Read:  A Step-by-Step Guide — How to Install Free SSL Certificate On Your Website Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest. Here's the Top 10 List: ...

Bluestacks , the first app player for running Android apps on Windows, has launched the latest version of its Android emulator platform with one major upgrade: The Ability to Run Multiple Android apps Simultaneously. BlueStacks 2 Released Bluestacks previously only run a single app at a time. However, with the launch of BlueStacks 2 , the app adds a tabbed interface that allows you to jump between multiple Android apps in the same window. This is great for you to run gaming and messaging apps, or news and messaging apps at the same time. The update also adds a toolbar that allows you to quickly tell the Android emulator to simulate rotating the device screen or to perform other functions, such as copying and pasting. In BlueStacks 2, players now have options to marry gameplay and app discovery, meaning when they click an advertisement, a new tab will appear so that the players can continue playing their games without being interrupted. How to Run Mult...

Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way. Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus security certs on their PCs and mobile devices, allowing the 'Dictator' Government to: Intercept users' Internet traffic to any Secure website, i.e. Man-in-the-Middle  Attack Access everything from user's web browsing history to usernames and passwords to secure and HTTPS-encrypted traffic This Program will seriously restrict Citizens' Freedom of Speech and Expression. What the F… is "National Internet Security Certificate"? On Monday, the nation's largest Internet service provider Kazakhtelecom JSC published a notice, which said: Citizens are "obliged" to install a so-called " National Internet Security Certificate " ...

You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler , which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are targeting Windows users with a new "Cocktail" of malware that steals users' passwords before locking them out from their machines for ransom. Yes, stealing Windows users' passwords before encrypting their data and locking their PCs for ransom makes this upgrade to the Angler Exploit Kit nastier. Here's How the New Threat Works: Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in visitor's computer, the kit delivers its malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim's PC with a widely used data thief exploit known as Pony that systematic...

Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers and to set up HTTPS websites in a few simple steps ( mentioned below ). Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers. Why Let's Encrypt? Let's Encrypt promised to offer a certificate authority (CA) which is: Free – no charge for HTTPS certs. Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator a...

In the most surprising manner, the Chinese government said it arrested criminal hackers behind the massive cyber attack on US Office of Personnel Management (OPM) earlier this year, dismissing its involvement. Three months back, we reported that China arrested a handful of hackers within its borders who were suspected of allegedly stealing commercial secrets from US companies. The arrests took place shortly before China President Xi Jinping visited the United States in September 2015 when both heads of states agreed that neither side will participate in commercial espionage against one another. China: Cyber Criminals Hacked OPM, Not Government Spies Now, those suspected hackers have turned out to be the ones in connection with the OPM hack that resulted in the theft of personal details of more than 21 Million United States federal employees, including 5.6 Million federal employees' fingerprints . Citing an " investigation ", the Chinese governme...

Are you Using HTTPS on your Website to securely encrypt traffic? Well, we'll see you in the court. At least, that's what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers. BIG Brands Sued for Using HTTPS: 'Patent Troll' Texas-based company CryptoPeak Solutions LLC has filed 66 lawsuits against many big businesses in the US, claiming they have illegally used its patented encryption method – Elliptic Curve Cryptography (ECC) – on their HTTPS websites. Elliptic Curve Cryptography (ECC) is a key exchange algorithm that is most widely used on websites secured with Transport Layer Security (TLS) to determine what symmetric keys are used during a session. Encryption is on the rise after Edward Snowden made the world aware of government's global surveillance programs. Today, many big tech and online services are using encryption to: Protect the data transmitted to/from visitor to domain Lessen the risk of hacking ...