The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Juniper Networks has announced that it has discovered " unauthorized code " in ScreenOS , the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs). It's not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of the software date back to at least 2012 and possibly earlier. The backdoor impacts NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, states the advisory published by the company. However, there's no evidence right now that whether the backdoor was present in other Juniper OSes or devices. The issue was uncovered during an internal code review of the software, according to Juniper chief information officer Bob Worrall , and requires immediate patching by upgrading to a new version of the software just released today. ...

Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b...

What do you do to earn up to $150,000? Somebody just hacks into airlines and sells fake tickets. That's exactly what a 19-year-old teenager did and made approximately 1.1 Million Yuan (£110,000 or $150,000) by hacking into the official website of an airline and using the stolen booking information to defraud hundreds of passengers. The teenager, identified as Zhang from Heilongjiang, north-east China, hacked into a Chinese airline website and illegally downloaded 1.6 Million passengers bookings details, including: Flight details Names ID card numbers Email addresses Mobile phone numbers Zhang then used this information to successfully defraud hundreds of customers by convincing them that there was some issue with their booking flights, and they had to pay extra fees, according to People's Daily Online . Moreover, the hack caused the airline to lose almost 80,000 Yuan ( $12,365 USD ) as a result of customers requesting refunds. The incident too...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Many Windows 7 and Windows 8.1 users don't want to upgrade their machines to Microsoft's newest Windows 10 operating system now or anytime soon. Isn't it? But what if you wake up in the morning and found yourself a Windows 10 user? That's exactly what Microsoft is doing to Windows 7 and 8.1 users. Windows 10 Upgrade Becomes More Aggressive Ever since Microsoft launched its new operating system over the summer, Windows 7 and 8.1 users have been forced several number of times to upgrade their machines to Windows 10. It was relatively inoffensive at first, but as days have passed, Microsoft has become increasingly aggressive to push Windows users to upgrade to Windows 10 . Microsoft has left very little choice over whether to upgrade their systems to Windows 10 or not. At last, the users end up upgrading their machines to the latest Windows operating system. Users now see a pop up on their computers, as InfoWorld reports , that displays only t...

So what would anyone need to bypass password protection on your computer? It just needs to hit the backspace key 28 times , for at least the computer running Linux operating system. Wait, what? A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during boot-up just by pressing backspace key 28 times. This time, the issue is neither in a kernel nor in an operating system itself, but rather the vulnerability actually resides in Grub2 , the popular Grand Unified Bootloader , which is used by most Linux systems to boot the operating system when the PC starts. Also Read: GPU-based Linux Rootkit and Keylogger . The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password...

Remember the notorious hacker group Lizard Squad that spoiled last Christmas holidays of many game lovers by knocking the PlayStation Network and Xbox Live offline with apparent Distributed Denial of Service (DDoS) attacks? But, Will you be able to Play Xbox and PlayStation Game this Christmas? Probably Not. Because a new hacking group is threatening to carry out similar attacks by taking down the Xbox LIVE and PlayStation Network for a week during Christmas. Be Ready this Christmas for Attacks on PSN and XBox LIVE In a series of tweets, a bunch of DDoS hackers calling themselves " Phantom Group " (@PhantomSquad) announced that they will disrupt the XBox Live and PlayStation networks in a coordinated DoS attack. The attacks could prevent millions of gamers worldwide from enjoying their newly opened Christmas gifts and accessing games online. Also Read: PlayStation 4 Jailbreak Confirms . Here are the tweets by Phantom Squad: We are goi...

Researchers have come up with an all new way to revolutionize the standard computer chip that comes inbuilt in all our electronics. Researchers from Carnegie Mellon , Stanford , and t he University of California , Berkeley among others, have invented a new material that could replace the 'silicon' in conventional chips – built in all electronic devices – making the device's processing  speed 1,000 times faster . This means that the new chip made with nano-material could solve complex problems in a fraction of the time our computers take. The brand new chip, dubbed Nano-Engineered Computing Systems Technology (N3XT) , takes the landscape from a resource-heavy single-storey layout to an efficient ' Skyscraper ' approach, claims a Rebooting Computing special issue of the IEEE Computer journal. Silicon Chip – A Resource-Heavy Single-Storey Layout The standard silicon chips currently used in all electronic devices have one major issue: The ...

UK's Secretive Spy Agency Government Communications Headquarters (GCHQ) has open-sourced one of its tools on code-sharing website GitHub for free... A graph database called ' Gaffer .' Gaffer , written in Java, is a kind of database that makes it "easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms and sketches." Github is a popular coding website that allows software developers to build their project on a single platform equipped with all the requirements that are gone in the making of a software. Gaffer and its Functionalities In short, Gaffer is a framework for creating mass-scale databases, to store and represent data, and is said to be useful for tasks including: Allow the creation of graphs with summarised properties within Accumulo with a very less amount of coding. Allow flexibility of stats that describe the entities and edges. Allow easy addition of nodes and edges. Allo...

Billions of dollars are spent in securing business operations, and yet attackers still find ways to breach a network. With the ever increasing growth in security attacks across all threat vectors, you should consider these New Year's resolutions to help solve your security challenges in 2016: Take stock of what you have Segment your Network Setup controls with ACLs Secure protocols, network ports, & services Monitor account activity Monitor servers & databases Make sure that your applications are secured Ensure security policies are in place Measure effectiveness and ensure your security products are doing their job Add threat intelligence into your security operations As you prepare for 2016 and reflect on all the security news stories from this year, these ten resolutions need to be on your " to-do " list: 1. Take stock of what you have Knowing the genetic makeup of your environment is the key to securing your IT systems. It is critical to have an updated invento...

MacKeeper anti-virus company is making headlines today for its lax security that exposed the database of 13 Million Mac users' records including names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. MacKeeper is a suite of software that claims to make Apple Macs more secure and stable, but today the anti-virus itself need some extra protection after a data breach exposed the personal and sensitive information for Millions of its customers. The data breach was discovered by Chris Vickery , a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data. 21 GB Trove of MacKeeper Customer Data Leaked 31-year-old Vickery said he uncovered the 21 GB trove of MacKeeper customer data in a moment of boredom while searching for openly accessible databases on Shodan – a specialized search engine that looks fo...

Sony's PlayStation 4 – the hottest-selling gaming console in the United States – has been in the market for a while now, and since its release, hackers have been tinkering with it to find a way to run unauthorized software. Though breaking the protection on PlayStation 4 is a huge deal, a hacker who calls himself CTurt has claimed to develop a fully jailbroken version of the PlayStation 4 with the help of a kernel exploit that he previously created. The current jailbreak allows dumping of the system RAM from other processes and installing custom firmware that can be used to run homebrew applications that aren't approved by Sony. Of course, there is still a few other security issues to get by, but it is a foot in the door for game piracy, which can affect the gaming market as a whole. The Twitter account of CTurt seems to indicate that currently the exploit only works for PlayStation 4 firmware version 1.76, but apparently it can be tweaked to work for mor...

So how do you catch rogue drones that take your sky? With another Giant Drone, of course! This is exactly how the Tokyo Metropolitan Police Department is catching unwanted and potentially dangerous drones flying over the city, according to Japan Today. The department is launching an anti-drone squad in order to prevent people from flying their drones overcrowded residential areas and important buildings in Tokyo, including the Prime Minister's Office. How So? Instead using a dragnet on the ground, the police authorities will use a drone armed with a net to scoop up the suspected drones and carry them away to safety. Watch the Video: The Tokyo Metropolitan Police have also released a video that shows its special Net-Wielding Drone in action. You can look at the video above. It looks like the police are using a DJI Spreading Wings 900 with a 3 x 2 m² of Net tied to its feet. As soon as a rogue drone is spotted in the sky, the squad will first a...