The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The source code of a recently discovered Android banking Trojan that has the capability to gain administrator access on your smartphone and completely erase your phone's storage has been LEAKED online. The banking Trojan family is known by several names; Security researchers from FireEye dubbed it SlemBunk, Symantec dubbed it Bankosy, and last week when Heimdal Security uncovered it, they dubbed it MazarBot . All the above wave of Android banking Trojans originated from a common threat family, dubbed GM Bot, which IBM has been tracking since 2014. GM Bot emerged on the Russian cybercrime underground forums, sold for $500 / €450, but it appears someone who bought the code leaked it on a forum in December 2015, the IBM X-Force team reported. What is GM Bot and Why Should You Worry about it? The recent version of GM Bot ( dubbed MazarBOT ) has the capability to display phishing pages on the top of mobile banking applications in an effort to trick Android users ...

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image. Here's why: Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition . "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016. Who are affected? As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition. The situation happened last night, s...

As the groundwork for the presidential election is being cooked up in the United States to be held on 8 November 2016, candidates are very busy in sharpening their skills to gain the vote of reliance. By struggling to gain an upper hand in the National issues at this moment could benefit the candidates bring them into the limelight and stardom. Donald Trump (a Presidential Candidate from Republican Party) is not an exception to this. Recently, Trump made a controversial statement to boycott Apple until the company handovers the San Bernardino terrorist's phone data to the authority; during a rally in South Carolina yesterday. "First of all, Apple ought to give the security for that phone. What I think you ought to do is boycott Apple until they give that security number," Trump addressed in the rally. This action was the outcome of the Apple denial to the request of Californian Judge to build a backdoor for the shooter's iPhone. Also Read: ...

Another Surprising Twist in the Apple-FBI Encryption Case : The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody. Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook. Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so. According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves. Here's How the FBI Screwed itself On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5...

The 21st century is witnessing a great change over in the daily life of folks with the advent of IoT devices that are capable of talking to each other without any human intervention. Yeah! Now you do not have to individually cascade an instruction to each of your home devices to accomplish a task. All have gone automated with the actuators and sensors which are infused into the home appliances. The fact is that your IoT devices would only comply within the family of same manufacturers. For example, if you have a Samsung smart refrigerator, and your wearable device is from Apple or any other vendors, then it couldn't sync as both are from different genres. No need to worry now! Zephyr: Future of IoTs The Linux Foundation has broken all the barriers of compatibility issues by releasing a Real-Time Operating System (RTOS) for Internet of Things devices , dubbed " Zephyr ". This OS enables connected devices to communicate with the same protocol. ...

Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December. The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed. Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device. And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor  for the iPhone, in an attempt to maintain its users trust. So, now we know that Apple is not doing so, but it has the ability to do so. Now, when you know ...

Another 15-year-old teenager got arrested from the land of cakes, Scotland, by British Police for breaking into the FBI Systems on 16th February. Under the Britain's anti-hacking law, Computer Misuse Act 1990 , the boy has been arrested for his role in hacking and unauthorized access to the digital material. Federal Agents had fled to Glasgow in an attempt to carry out a raid on his home before proceeding with the boy's arrest. "He has since been released and is the subject of a report to the procurator fiscal," a Police Spokesman told a Scottish journal. As with the present scenario, reports say that the boy could be extradited to the United States to face the Intrusion and hacking charges. Second Member of the Hacking Group Arrested The suspect is believed to be an active member of the notorious hacking group called " Crackas with Attitude " aka "CWA", Motherboard confirms . Another member of the same group got arrested f...

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it. Doing so could cripple your system and could lead to a catastrophic destruction. Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed " Locky ," into their systems. So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom. Locky ransomware is spreading at the rate of 4000 new infections per hour , which means approximately 100,000 new infections per day . Microsoft MACROS are Back It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling ' Macros .' This is where the poin...

If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless. The so-called 'Smart' Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm . SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack , allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts. …and the most interesting reality is: You Can Not Patch it! As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time. Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user's home WiFi network – that allowed researchers to hack WiFi password of the home user. How ...

Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data. The devastation of the compromised files can be pitched as: Compromised emails Lockout Electronic Medical Record System [EMR] Encrypted patient data Unable to carry CT Scans of the admitted patients Ferried risky patients to nearby hospitals ...and much more unexplained outcomes. The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse. Hospital End up Paying $17,000 As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys. "T...

In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone . Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino , California, in December. Here's What the FBI is Demanding: The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed. Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically ...

Hijacking an online account is not a complicated procedure, not at least in 2016. Today, Instagram confirmed that the company is in the process to roll out two-factor authentication for its 400 Million users. It is impossible to make your online accounts hack-proof, but you can make them less vulnerable. Then what you can do to protect yourselves from hackers? Several companies provide more enhanced steps like Encrypted Channel Services, Security Questions, Strict Password Policy and so on. But, what would you do if a hacker had somehow managed to access your accounts' passwords? Since the online accounts do not have an intelligent agent inbuilt to verify whether the person is the legit driver of the account; beyond a username and password match. Hence the concept of Two-Factor Authentication (2FA) born out! Jumbos like Google, Facebook, Twitter and Amazon have already blended the 2FA feature with their services to tackle account hijacking. 2-F...