The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Attention Tor Onion Hosters! A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network. Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet , a well-known security enthusiast and current software engineer at Facebook. What is Tor Hidden (.onion) Service? Dark Web websites (generally known as 'onion services') with a special domain name that ends with .onion, are called Tor Hidden Service and reachable only via the Tor network. Tor Hidden Service is a widely popular anonymity network used by Whistleblowers, Underground Markets, Defense Networks and more in order to maintain secrecy over the Internet. An Onion Website can be hosted on the top of any web servers. But, if you are choosing Apache, then you need to rethink. ...

Featured Image Only. See Original leaked images below. In a joint surveillance program, the US intelligence agency NSA ( National Security Agency ) and the British intelligence agency GCHQ ( Government Communications Headquarters ) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets . This could be one of the most shocking and embarrassing disclosures for Israel, who is the United States' ally and prides itself on its technical capabilities. Published by The Intercept, the newly released documents from the former NSA contractor Edward Snowden revealed that in an operation dubbed " Anarchist ," UK and US intelligence officials have been… ...regularly accessing Israeli drone cameras, allowing them to watch live video feeds from drones and fighter jets while Israel bombed Gaza and spied on Syria. But, how the intelligence officials were able to do so. Also Read: Google Wants to Fly Drones Over Your Head ...

Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th...

Would you enjoy If Drones hovering outside your window or above your head, just because it is offering High-Speed Internet Service? Most Americans may simply prefer to "Shoot Down" unwelcome items. Well, Google is working on a similar secret project, codenamed Project Skybender , to beam faster internet service, as fast as 5G , from the air. Google is currently testing multiple prototypes of Solar-powered Internet Drones in the New Mexico desert, as per some documents obtained by the Guardian under public records laws. To ensure security, Google is also said to have installed its own dedicated flight control centre near Spaceflight Operations Center at the Spaceport America facility in the town of Truth or Consequences, New Mexico. Google's Project SkyBender Drones are equipped with millimetre-wave radio transmissions to deliver next generation 5G wireless Internet, up to 40 times faster than 4G LTE systems. Drones  —  Privacy Nightmare ...

Recently the Facebook-owned messaging app dropped its $1 annual subscription fee to make WhatsApp Free for Lifetime . Now, WhatsApp has plans to introduce a new feature that would allow its users to integrate their Facebook accounts with the most widely used messaging app. So far, the social media giant has been focusing on its own messaging platform, Messenger and both WhatsApp and Facebook have been working separately in terms of adding new features. WhatsApp to Share User Data With Facebook Android developer Javier Santos spotted a new feature in the latest beta build of WhatsApp, which indicates that soon you'll start seeing some features interconnected between WhatsApp and Facebook. The feature (optional, for now), dubbed " Share my account info ," when selected will share your personal WhatsApp account information with Facebook in order "to improve your Facebook experience," according to the description. Although it's uncle...

The Anaheim Police Department of California — Home of Disneyland — admitted that they used special Cell Phone surveillance technology, known as DirtBox , mounted on aircraft to track millions of mobile users activities. More than 400 pages of new documents [ PDF ] published Wednesday revealed that Local Police and federal authorities are using, DRTBox , an advanced version of Dirtbox developed by Digital Receiver Technology ( Boeing's  Maryland-based  subsidiary ). DRTBox — Spies in the Sky DRTBox is a military surveillance technology that has capabilities of both Stingray as well as Dirtbox, allowing the police to track, intercept thousands of cellphone calls and quietly eavesdrop on conversations, emails, and text messages. According to the report, DRTBox model is also capable of simultaneously breaking the encryption hundreds of cellphone communications at once, helping Anaheim Police Department track criminals while recording innocent citizens' infor...

The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security (TLS) channels. OpenSSL is an open-source library that is the most widely used in applications for secure data transfers. Most websites use it to enable Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. However, after serious security vulnerabilities were discovered in OpenSSL over the last few years, the crypto library has been under much investigation by security researchers. The latest bugs affect OpenSSL versions 1.0.1 and 1.0.2, which has been patched in new releases of OpenSSL, versions 1.0.1r and 1.0.2f . The team has patched two separate vulnerabilities in OpenSSL. The " high severity " bug, identified as CVE-2016-0701 , addresses issues in the implementations of the Diffie-Hellman key exchang...

The country which built a Digital Iron Dome , Israel had undergone one of the largest serious cyber attack this year. This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid Authority's Network. "Yesterday we identified one of the largest cyber attacks that we have experienced," Energy Minister Yuval Steinitz confirmed at the CyberTech 2016 Conference at the Tel Aviv Trade Fair and Convention Center on Tuesday, according to an article published by The Times of Israel. "The virus was already identified and the right software was already prepared to neutralize it," Steinitz added. "We'd to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over...but as of now, computer systems are still not working as they should." Sev...

What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's " 12345678 " as a Hard-Coded Password . Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone who can guess '12345678' password. The Chinese largest PC maker made a number of headlines in past for compromising its customers security. It had shipped laptops with the insecure  SuperFish adware , it was  caught using Rootkit  to secretly install unremovable software, its  website was hacked , and it was  caught pre-installing Spyware  on its laptops. Any of these incidences could have been easily prevented. Now, Research center of Core Security CoreLabs issued an advisory on Monday that revealed several software vulnerabilities in Lenovo SHAREit app for Windows and Android that could result in: Information leaks Security protoco...

If you are using Magento to run your e-commerce website, it's time for you to update the CMS ( content management system ) now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento, the most popular e-commerce platform owned by eBay. Why the Bugs are So Serious? Virtually all versions of Magento Community Edition 1.9.2.2 and earlier as well as Enterprise Edition 1.14.2.2 and earlier, are vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The stored XSS flaws are awful as they allow attackers to: Effectively take over a Magento-based online store Escalate user privileges Siphon customers' data Steal credit card information Control the website via administrator accounts However, the good news is that the vulnerabilities are patched, and an update has been made available to the public after security firm Sucuri discovered and privately reported the v...

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that proved most of us are still using bad passwords, like ' 123456 ' or ' password ,' to secure our online accounts that when breached could result in critical information loss. If the end-user is to blame for weak password security, then the solution is to educate each and every Internet user to follow the best password security practice. But is that really possible? Practically, No. Even after being aware of best password security measures, do we really set strong passwords for every website? I mean EVERY. Ask yourself. Who's Responsible for allowing Users to Set a Weak Password? It's the websites and their developers, who didn't enforce a...

A new prank circulating on Twitter, Facebook and other social media platform could crash your iPhone or iPad completely. If you come across a link to crashsafari.com, you are advised not to open it on your iPhone, iPad or even Macs. Doing so will cause Safari application to crash, potentially causing your Apple device to restart. In case, you want to try this out, just click here to visit the website and watch what happens. Currently, people are spreading the link to CrashSafari.com via Twitter using a URL shortener, and users are tricked into visiting the site without being knowing. How does this Prank Work? The prank website (crashsafari.com) generates a ridiculously long, and increasing string of characters and then overloads this text string in the address bar of Apple's default Safari browser. CrashSafari site's code is very simple and includes: A Header Title that you will never actually see because the browser crashes. A small piece of Ja...