The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Federal Bureau of Investigation (FBI) has lengthened its Most Wanted List by adding seven Iranian hackers who are accused of attacking a range of US banks and a New York dam. On Thursday, the United States Department of Justice (DoJ) charged seven Iranian hackers with a slew of computer hacking offences for breaking into computer systems of dozens of US banks, causing Millions of dollars in damages, and tried to shut down a New York dam. The individual hackers, who allegedly worked for computer security companies linked to the Iranian government, were indicted for an " extensive campaign " of cyber attacks against the US financial sector. All the seven hackers have been added to the FBI's Most Wanted list, and their names are: Ahmad Fathi , 37 Hamid Firoozi , 34 Amin Shokohi , 25 Sadegh Ahmadzadegan (aka Nitr0jen26), 23 Omid Ghaffarinia (aka PLuS), 25 Sina Keissar , 25 Nader Saedi (aka Turk Server), 26 All the hackers have been charg...

A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company's newest protection feature and steal sensitive data from affected devices. With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection ( SIP ). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac. The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation. However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions...

Tay, Microsoft's new Artificial Intelligence (AI) chatbot on Twitter had to be pulled down a day after it launched, following incredibly racist comments and tweets praising Hitler and bashing feminists. Microsoft had launched the Millennial-inspired artificial intelligence chatbot on Wednesday, claiming that it will become smarter the more people talk to it. The real-world aim of Tay is to allow researchers to "experiment" with conversational understanding, as well as learn how people talk to each other and get progressively "smarter." "The AI chatbot Tay is a machine learning project, designed for human engagement," a Microsoft spokesperson said. "It is as much a social and cultural experiment, as it is technical. Unfortunately, within the first 24 hours of coming online, we became aware of a coordinated effort by some users to abuse Tay's commenting skills to have Tay respond in inappropriate ways. As a result, we have taken Tay offline and are...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT...

Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters' iPhone: The Israeli mobile forensics firm Cellebrite . Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday. The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x " in a forensically sound manner and without any hardware intervention or risk of device wipe. " If Cellebrite succeeds in unlocking Farook's iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write ...

Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems. Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm. The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer. USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň. The 'USB Thief' Trojan Malware The USB Thief Trojan malware is stored either as a portable application's plugin source or as a Dynamically Linked Library (DLL) used by the portable application. Since USB devices often store popular applications like Firefox, Notepad++ or TrueCrypt portab...

Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday. So, Save the Date if you are a Windows or Samba file server administrator. Samba is a free, open source implementation of the SMB/CIFS network file sharing protocol that runs on the majority of operating systems available today, including Windows, UNIX, Linux, IBM System 390, and OpenVMS. Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to communicate with the same networking protocol as the Windows products, thus enabling users to access network shared folders and files from Windows OS. Dubbed Badlock , the vulnerability has been discovered by Stefan Metzmacher, a developer of Samba Core Team. Details about the Badlock vulnerability will be disclosed on April 12, when the developers of Microsoft and Samba release security p...

Syrian Electronic Army (SEA) Hackers have made their place on the FBI's Most Wanted List. The US Department of Justice and the Federal Bureau of Investigation (FBI) are willing to pay $100,000 reward for any information that leads to the arrest of the heads of the infamous hacking group Syrian Electronic Army. On Tuesday, the DoJ unsealed charges against three suspected members of the alleged group: Ahmad Umar Agha (aka The Pro), 22 Firas Dardar (aka The Shadow), 27 Peter Romar , 36 Agha and Dardar were allegedly involved in hacking Associated Press Twitter account in April 2013 and spreading a false rumor claiming that the White House had been bombed, injuring President Obama. This caused a temporary stock market dip. The two hackers allegedly engaged in a long-running cyber-propaganda campaign in support of the Syrian President Bashar al‑Assad. They hacked into various Twitter accounts of the main news organizations from 2011 to 2013. Their victims...

There's more coming to the high-profile Apple vs. FBI case. The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C  that belonged to San Bernardino shooter, Syed Rizwan Farook. If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple. In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple, meanwhile, is evident on its part , saying that the FBI wants the company to effectively create the " software equivalent of cancer " that would likely open up all iPhones to malicious hackers. FBI to Apple: We'll Unlock iPhone by Our Own Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all. In a court filing [ PDF ] submitted on Mo...

Are you curious about who viewed your profile on Instagram? This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile. But, should we believe them? Is there really some kind of way out to know who viewed your Instagram profile? The shortest answer to all these questions is ' NO ', such functionality does not exist on Instagram at the moment. But, thousands of users still have hope and hackers are taking advantage of this to target a broad audience. Recently, security researchers have discovered some malicious applications on Android Google Play Store as well as iOS App Store, which are entirely a hoax, targeting Instagram users. The iOS app is named " InstaCare - Who cares with me? " and is one of the top apps in Germany, while the Android app is dubbed ...

Tanvir Hassan Zoha , a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft , has gone missing since Wednesday night, just days after accusing Bangladesh's central bank officials of negligence. Zoha was investigating a recent cyber attack on Bangladesh's central bank that let hackers stole $81 Million from the banks' Federal Reserve bank account. Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist. During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank's computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers. With the help of those credentials, the unknown hackers transferred large sums from Bangladesh's United States account to fraudulent accounts based in the Philippines and Sri Lanka. However, at the same time, Zoha accused senior offic...

Hope all of you have enjoyed the Game of Chess in the Facebook Messenger. But if you're quite bored playing Chess or not really good at the game, then you probably felt a bit excited about Facebook's recent inclusion of a little Basketball mini-game into Messenger. Now you can play Basketball through Facebook Messenger, just by typing in the Basketball emoji and sending to one of your friends. This would enable a secret Basketball mini-game between you and your friend. Here's How to Play Basketball: Just locate the basketball emoji from your emoji list, send to one of your friends and click it to start the game. Once sent, you would be taken to the Basketball court in a pure white background, where there is no sidebars of any friend suggestions or any promotional ads; only appears a basketball and a hoop, nothing else! All you have to do: Just Swipe up and Toss the basketball into the hoop. A single swipe on your phone in the directio...