The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The teenage hacker, who calls himself a member of hacktivist group " Cracka with Attitude ," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a 16-year-old British teenager who they believe had allegedly: Leaked the personal details of tens of thousands of FBI agents and US Department of Homeland Security (DHS) employees. Hacked into the AOL emails of CIA director John Brennan . Hacked into the personal email and phone accounts of the US spy chief James Clapper . Broke into the AOL emails of the FBI Deputy Director Mark Giuliano . Federal officials haven't yet released the identity of the arrested teenager, but the boy is suspected of being the lead hacker of Cracka With Attitude, who calls himself Cracka, the South East Regional Organised Crime Unit (SER...

The New York Police Department (NYPD) has admitted that it used controversial cell phone spying tool " Stingrays " more than 1,000 times since 2008 without warrants. In the documents obtained by the New York Civil Liberties Union (NYCLU) , the NYPD acknowledged that the department has used Stingrays to intercept personal communications and track the locations of nearby mobile phone users. What are Stingrays? In my previous article , I have explained the scope of Stingrays along with its working, how it cracks encryption and how the police agencies are using these cell phone spying devices equipped in its military surveillance technology DRTBox  in order to: Track people Intercept thousands of cellphone calls Quietly eavesdrop on conversations Eavesdrop on emails and text messages Stingrays are small cell phone surveillance devices that work by imitating cellphone towers, forcing all nearby phones to connect to them and revealing the owners' locat...

Browsing the Web in ' Private Mode ' is not as private as you think. Microsoft has patched the Private Browsing Leakage bug in its newest Edge browser with the latest update . When we talk about Browsers, only one thing which does not strike our mind is Internet Explorer or IE. Even there were some trolls on Internet Explorer (IE) waving over the social medias such as "The best web browser to download other browsers." In fact, it was justified as everyone downloads a new browser with IE in their newly installed Operating System. Due to the continual taunts, Microsoft had scrapped the entire IE and made a new browser called " Edge Browser " (Codenamed "Spartan"). Edge was shipped as the default browser (along with IE) with Windows 10 devices and grabbed the attention of many eye pupils as it included all the features that other mainstream browsers have. Well, History Repeats Itself In January this year, it was...

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle (MitM) attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and Sketch, use to facilitate automatic updates in the background. Sparkle is an open source software available on GitHub under the permissive MIT license by the Sparkle Project with the help of numerous of valuable contributors. The framework supports Mac OS X versions 10.7 through 10.11 and Xcode 5.0 through 7.0. The Sparkle vulnerabilities, discovered by Radek, a security researcher, in late January and reported by Ars reporter, affect Apple Mac apps that use: An outdated and vulnerable version of the Sparkle updater framework. An unencrypted HTTP channel to receive info from update servers. What's the Issue? The first loophole is due to the improper implemen...

The last year's ISIS-linked terror attacks in Paris and California has sparked debate on Encryption, and the intelligent agencies started reviving their efforts to weaken encryption on various encrypted products and services. But, there is some Good News! California Congressman and Texas Republican are now challenging state-level proposals to restrict US citizens' ability to encrypt their smartphones. On Wednesday, California Congressman Ted Lieu , one of four members of Congress, and Texas Republican Blake Farenthold , a member of the House Oversight and House Judiciary committees, introduced a new bill in Congress that… …attempts to ban states efforts to implement their own anti-encryption policies at a state level while a national debate on Encryption is ongoing. The bill, called " Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016 " – in short, " ENCRYPT Act of 2016 " – would stop states fr...

Do you know: There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web , and it is about 500 times the size of the Web that we know. What is DEEP WEB? Deep Web  is referred to the data which are not indexed by any standard search engine such as Google or Yahoo. The 'Deep Web' refers to all web pages that search engines cannot find, such as user databases, registration-required web forums, webmail pages, and pages behind paywalls. Then, there's the Dark Web or Dark Net – a specific part of that hidden Deep Web. Deep Web and Dark Web are the intriguing topics for the Netizens all around. But when you hear the term 'Deep Web' or 'Dark Web,' you usually categorize them into one. If yes, then you are wrong. What is DARK WEB? Dark Web is where you can operate without been tracked, maintaining total anonymity....

Google had also joined the path of Apple, Facebook, and Youtube to kill the "Adobe Flash Player" by announcing that the company is banning Flash banner support from its Adwords Advertising platform. "To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5" Google says. It's been two decades since Adobe Flash has ruled the Web Space Animation Arena, which was the de facto standard for playing the online videos. Flash Player had been famous for Zero-day exploits which are a potential threat to online users. Even Adobe tried to maintain equilibrium by releasing a countless number of patches frequently (that got hiked), for instant reported vulnerabilities, but this had annoyed both customers and companies. The endless troubleshooting of the Flash Player plugins never resolved the vulnerabilities. To put a full stop on this issue... many major t...

Myth: By disabling all privacy compromising and telemetry features on Windows 10 will stop Microsoft to track your activities. Fact: Even after all telemetry features disabled, Windows 10 is phoning home more than you could ever think of. Ever since the launch of Microsoft's newest operating system, Windows 10 is believed to be spying on its users. I wrote a number of articles to raise concern about Windows 10 privacy issues , including its controversial data mining features  and privacy invasion features . The only solution believed to cope up with these issues is to disable all the telemetry features or use an automated tool to disable all privacy-infringing features in just one click. But unfortunately, all these efforts got wasted because Microsoft still tracks you, even after you tighten your Windows 10 privacy to an extreme level, claims the recent analysis conducted by a Voat user CheesusCrust. Traffic Analysis Reveals Extent of Windows 10 Spying ...

The same "Vigilante-style Hacker," who previously hacked more than 10,000 routers to make them more secure, has once again made headlines by compromising more than 70,000 home routers and apparently forcing their owners to make them secure against flaws and weak passwords. Just like the infamous hacking group Lizard Squad , the group of white hat hackers, dubbed the White Team , is building up a sizeable botnet consisting of hundreds of thousands of home routers, but for a good purpose. Lizard Squad , the same group responsible for Sony PlayStation Network and Microsoft Xbox Live outages , uses their botnets to launch DDoS ( Distributed Denial of Service ) attacks against target websites to flood them with traffic and knock them offline. Hacking Routers to Make them More Secure Challenged by Lizard Squad's maliocus work, the White Team of vigilante hackers built their own peer-to-peer botnet that infects routers to close off vulnerabilities , such ...

An unsatisfied Employee may turn into a Nightmare for you and your organization. Nowadays, installing an antivirus or any other anti-malware programs would be inadequate to beef up the security to maintain the Corporate Database. What would you do if your employee itself backstabbed you by breaching the Hypersensitive Corporate Secrets? Yes! There could be a possibility for an Internal Breach all the time. Just last year, an ex-employee stole Yandex Search Engine Source Code and tried to sell it for just $29,000 in the underground market. Over a few years, hackers have adopted various techniques ranging from Stress Attacks to Social Engineering tactics in order to gain the Classified Corporate information. Hackers Offering $23,000 for Internal Access Now hackers are rolling their dice for the next Deceptive Step to acquire Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ( $23,000 USD ). The current situation is being faced...

Microsoft has released 13 security bulletins, six of which are considered to be critical, resolving a total of 41 security vulnerabilities in its software this month. Every Windows version Affected: One of the critical vulnerabilities affects all supported version of Windows , including Microsoft's newest Windows 10 operating system, as well as Windows Server 2016 Tech Preview 4. The memory-corruption flaw ( MS16-013 ) could allow a remote attacker to execute arbitrary code as the logged-in user by tricking a user into opening a specially crafted Journal file. This vulnerability would let the attacker run malicious programs on victim's machine, even delete data and create new accounts with full user rights. Administrator accounts are at the greatest risk than users with a fewer user rights account on the system. However, the good news is the vulnerability has not been spotted in the wild. List of All Critical Vulnerabilities Other Critical Secur...

8th February 2016 would be considered as a cursed day in the history of Facebook. You might have known that just yesterday India bans Facebook's Free Basic Internet in the country. Now, Zuckerberg had got another bombshell in the form of a French Order from the European Data Protection Authority, who ordered Facebook to stop tracking non-users' online activity and to stop data transfers of personal data to the US servers. Facebook Is Following You Everywhere Do you know: Facebook can still track you, even if you log out, with the help of its tracking cookies and plugins ( like, share buttons ) placed on any 3rd-party website. Facebook knows what sites you are visiting, and by " you ," I mean specifically your account, not an anonymous Facebook user . As per the French Order, Facebook is not legalized to track the web browsing habits of all European citizens, even those without a Facebook account. The French Government had also provided a tim...