The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab...

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to...

Windows 10 here, Windows 10 there, and it is everywhere. This is exactly what Microsoft dreamed of, and it seems like the company is actively working to reach its One Billion goal by the end of 2017 or mid-2018. Proudly announcing its first huge success, Microsoft reported that its newest Windows 10 operating system is now officially installed on more than 200 Million devices worldwide since its launch five months ago. Windows 10 is the latest as well as the greatest operating system from Microsoft that took less than six months to hit 200 Million milestone. The growth is really impressive, and Microsoft's Corporate Vice President of Windows and Devices Yusuf Mehdi outlined other milestones for Windows 10 in a blog post on Monday. Here's the list: Windows 10's adoption is growing 140% faster than Windows 7 and over 400% faster than Windows 8. More than 40% of the new Windows 10 devices were activated since Black Friday. Over 11 Billion hours have b...

Here's New Year's first Ransomware: Ransom32 . A new Ransomware-as-a-service, dubbed Ransom32 , has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines. Ransom32 allows its operators to deploy the malware very quickly and easily. It has a dashboard that enables operators to designate their Bitcoin addresses to which the ransom can be sent. The dashboard also shows stats about how much Bitcoins they have made. In short, this new ransomware-as-a-service is so simple, and efficient at the same time, that anyone can download and distribute his/her own copy of the ransomware executable as long as he/she have a Bitcoin address. The copy of Ransom32 was first analysed by Emsisoft, which found that the new ransomware family, which embedded in a self-extracting WinRAR archive, is using the NW.js platform for infiltrating the victims' computers, and then holding their files by encrypting the...

A British-educated businessman who later joined Islamic State (ISIS) militant group in Syria has been killed in a US drone strike. Siful Haque Sujan , a Bangladesh-born man, was killed on 10 December 2015 by a US drone strike near Raqqa, Syria. Sujan has been described as one of the ISIS's top computer hackers who also coordinated anti-surveillance technology and weapons development by a senior United States Army official. A statement issued by Army Col. Steve Warren , a spokesman from Combined Joint Task Force Operation Inherent Resolve, via CENTCOM (United States Central Command) reads : "Sujan was an external operations planner and a United Kingdom-educated computer systems engineer. Sujan supported ISIS hacking efforts, anti-surveillance technology and weapons development. Now that he is dead, ISIL has lost a key link between networks." The 31-year-old man not just suspected of running a global money-laundering ring for ISIS from his former base i...

Tibet is an area in the Republic of China that has been the point of conflict for many years in China. While China believes that Tibet has been under Chinese rule for many centuries, Tibetans claim that they declared itself an independent republic in 1912. Tibetan Groups, especially pro-democracy activists, are being repeatedly targeted by persistent Cyber Attacks by Chinese State-sponsored hackers. Our Sources in Tibetan Community told The Hacker News that they are once again being targeted by Chinese hackers; this time their social network website. Chinese hackers are believed to have targeted a Tibetan only social networking site, unitib.com ( United Tibet ) as Beijing views the platform as a threat promoting free Tibet movement. The Unitib technical team sought assistance from Taiwanese and Indian security experts after they were forced to take the platform offline for few days due to the attack. Tashi, a member of the technical team at Unitib told The Hac...

What's the coolest part of the Iron Man movies? The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations. That's right — we are talking about J.A.R.V.I.S. , Iron Man's personal assistant. We all dream of having one of its kinds, and even Facebook's Founder and CEO Mark Zuckerberg has ambitions to live more like Iron Man's superhero Tony Stark. While disclosing his 2016 resolution via a Facebook post on Sunday, Zuckerberg revealed that he is planning to build his own Artificial Intelligence to help him run his home and assist him at office — similar to Iron Man's digital butler Edwin Jarvis . "You can think of it kind of like Jarvis in Iron Man," Zuckerberg wrote in his Facebook post . "I'll start teaching it to understand my voice to control everything in our home — music, lights, tempe...

Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console. It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system. Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC . With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal. Group Managed to Run Game Boy Advance and Pokémon on PS4 What's even more interesting? The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon , dubbing it the "PlayStat...

Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail ( Outlook ) and cloud storage ( OneDrive ) services if government hackers may have targeted their accounts. The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers. Ex-Employee: Microsoft Didn't Notify When China Spied Tibetans Leaders The move could be taken in the wake of the claims made by Microsoft's former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities , but the company decided not to tell the victims, allowing the hackers to continue their campaign. Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosi...

Ian Murdock , the founder the Debian Linux operating system and the creator of apt-get, has passed away. Yes, it is very sad to announce that Ian Murdock is not between us. His death has touched the entire software community. He was just 42. The announcement of Murdock death came out via a blog post on Docker website, where Murdock was working as a member of the technical staff. The cause of death is unclear at present, but Murdock tweeted the same day that he would commit suicide that night. His Twitter account had since been deleted. However, at that time, some people speculated that Murdock's account had been hacked and that the tweets were not by him. Murdock posted some Tweets  on Monday suggesting he had been involved in a police case and has been beaten by the police and charged with battery. However, neither Docker, nor the San Francisco Police Department immediately commented on Murdock's actual cause of death. Murdock developed Debian in ...

Google appears to be no longer using Java application programming interfaces (APIs) from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead. Google will be making use of OpenJDK – an open source version of Oracle's Java Development Kit (JDK) – for future Android builds. This was first highlighted by a "mysterious Android codebase commit" submitted to Hacker News. However, Google confirmed to VentureBeat that the upcoming Android N will use OpenJDK, rather its own implementation of the Java APIs. Google and Oracle have been fighting it out for years in a lawsuit, and it is hard to imagine that such a massive change is not related to the search engine giant's ongoing legal dispute with Oracle, however. What Google and Oracle are Fighting About The dispute started when Oracle sued Google for copyright in 2010, claiming that Google improperly used a part of its programming language...

The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a " Bug Bounty Program " for researchers who find loopholes in Tor apps. The bounty program was announced during the recurring ' State of the Onion' talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany. Bug bounty programs are cash rewards gave by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them. Bug bounties are designed to encourage security researchers and hackers to responsibly report the vulnerabilities they discovered, rather than exploiting it. Here's what one of the founders of the Tor Project, Nick Mathewson , said about the bug bounty program as reported by Motherboard: "We are grateful to the people who have looked at ou...