The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WhatsApp is updating its messaging app so that every text message and voice call will be encrypted for the company's one billion users. Yes, Whatsapp has finally implemented full end-to-end encryption , as promised a year ago. This means, from now every message, image or voice call you made will be secured by end-to-end encryption so that only you and the person you're communicating with can read the content of the message, and nobody in between, not even WhatsApp. In other words, this also means that WhatsApp would not be able to comply with any court order that demands access to the content of any conversation happens over its service. Starting today, you will see a notification on your WhatsApp conversation screen as your messenger becomes end-to-end encrypted, as shown in the screenshot. "Message you send to this chat and calls are now secured with end-to-end encryption. Tap for more info."  "This is because your messages are secured with a lock, ...

An admin of Silk Road 2 , named Brian Farrell , who helped maintain the notorious dark web site by providing customer and technical support, approving and suspending vendors, and promoting staff members, has pleaded guilty and could face 8 years in prison. The 28-year-old man, who used the moniker " DoctorClu ," had been accused last year of being the right-hand to the creator of Silk Road 2.0, the copycat website inspired by the notorious online illegal drug marketplace. Silk Road 2.0 was shuttered in November 2014 after its creator Blake Benthall aka "Defcon" was arrested whose own criminal case is pending in federal court in New York. Silk Road has been described as "one of the most extensive, sophisticated, and widely-used illegal marketplaces on the internet today."  According to the Department of Justice, Silk Road 2.0 had generated "sales of at least approximately $8 Million in the United States currency per month" s...

Personal details of nearly 50 Million Turkish citizens, including the country's President Recep Tayyip Erdogan, have been compromised and posted online in a massive security breach. A database, which contains 49,611,709 records , appeared on the website of an Icelandic group on Monday, offering download links to anyone interested. If confirmed, the data breach would be one of the biggest public breaches of its kind, effectively putting two-thirds of the Nation's population at risk of identity theft and fraud. However, The Associated Press (AP) reported on Monday that it was able to partially verify the authenticity of 8 out of 10 non-public Turkish ID numbers against the names in the data leak. 50 Million Turkish Citizens' Personal Data leaked Online The leaked database (about 6.6 GB file) contains the following information: First and last names National identifier numbers (TC Kimlik No) Gender City of birth Date of birth Full address ID...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user's Outlook, Azure and Office accounts. The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft's OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by Synack security researcher Wesley Wineberg. However, the main and only difference between the vulnerabilities is that: Flaw discovered by Wineberg affected Microsoft's OAuth protection mechanism while the one discovered by Whitton affected Microsoft's main authentication system. Microsoft handles authentication across its online services including Outlook, Azure and Office through requests made to login.live.com, login.windows.net, and login.microsoftonline.com. Now, for example, if a user browses to outlook.office.com, he/she redirects to a login.microsoftonline...

Marcel Lazar Lehel aka " Guccifer " – an infamous Romanian hacker who hacked into the emails and social networking accounts of numerous high profile the US and Romanian Politicians – appeared in the United States court for the first time after extradition. Following Romania's top court approval last month, Guccifer was extradited to the United States recently from Romania, his home country, where he had already been serving a hacking sentence. Lehel has been charged with cyber-stalking, unauthorized access to a protected computer and aggravated identity theft in a nine-count indictment filed in 2014 in a federal district court in Alexandria, the U.S. Justice Department said in a statement. Lehel "hacked into the email and social media accounts of high-profile victims, including a family member of two former U.S. presidents, a former U.S. Cabinet member, a former member of the U.S. Joint Chiefs of Staff and a former presidential advisor," acc...

Just last week, the Federal Bureau of Investigation (FBI) issued an urgent "Flash" message to the businesses and organisations about the threat of Samsam Ransomware , but the ransomware has already wreaked havoc on some critical infrastructure. MedStar, a non-profit group that runs 10 hospitals in the Baltimore and Washington area, was attacked with Samsam, also known as Samas and MSIL , last week, which encrypted sensitive data at the hospitals. After compromising the MedStar Medical System, the operators of the ransomware offered a bulk deal: 45 Bitcoins (about US$18,500) for the decryption keys to unlock all the infected systems. But unlike other businesses or hospitals, MedStar did not pay the Ransom to entertain the hackers. So, you might be thinking that the hospitals lost all its important and critical data. Right? But that was not the case in MedStar. Here's How MetStar Successfully dealt with SAMSAM Ransomware MetStar sets an exam...

A huge trove of confidential documents from the Panamanian law firm Mossack Fonseca was made public on Sunday in what's known as One of the World's Largest Data Leaks ever, called The Panama Papers . Over 11.5 Million Leaked Files including 2.6 Terabytes of Data Even larger than the NSA wires leak in 2013, the Panama Papers includes 2.6 Terabytes of private data , exposing an enormous web of offshore shell companies frequently used by many of the richest and most powerful members around the globe to evade taxes, hoard money, and skirt economic sanctions. Shared with German newspaper 'Suddeutsche Zeitung' by an anonymous source, the leaked documents then passed on to the International Consortium of Investigative Journalists (ICIJ) – in which 370 Reporters from 100 News Media organizations looked into the massive leak for a year. After a year-long investigation, ICIJ and its reporting partners began publishing a series of leaks on Sunday based on the Pa...

A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometres away with the help of less than $40 worth of hardware . The attack was developed by IBM security researcher Nils Rodday, who recently presented his findings at Black Hat Asia 2016. Hacking the $28,463 Drone with Less than $40 of Hardware Rodday explained how security vulnerabilities in a drone's radio connection could leverage an attacker ( with some basic knowledge of radio communications ) to hijack the US$28,463 quadcopters with less than $40 of hardware. Rodday discovered ( PPT ) two security flaws in the tested drone that gave him the ability to hack the device in seconds. First, the connection between drone's controller module, known as telemetry box, and a user's tablet uses extremely vulnerable ' WEP ' ( Wired-Equivalent Privacy ) encryption – a protocol long known to be 'crackable in sec...

The Federal Bureau of Investigation (FBI) worked with Israeli mobile forensic firm Cellebrite to unlock iPhone used in the San Bernardino shooting last year, confirmed by multiple sources familiar with the matter. The United States Department of Justice (DoJ) said on Tuesday that the FBI successfully unlocked iPhone and accessed data with the help of an undisclosed alternative method offered by a third party and that it no longer needs Apple's assistance. Apple was engaged in a legal encryption battle with the DoJ for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone 5C to help them access data on it. Apple refused to comply with the order, saying the FBI wants the company to create the " software equivalent of cancer " that would likely threaten the privacy and data security of millions of its iPhone users. FBI to Unlock iPhone in Several Pending Cases Althou...

Did you install the latest update OS X 10.11.4? If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time. Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a privilege escalation vulnerability that could affect 130 Million Apple customers. Just last week, we reported about a critical privilege escalation vulnerability  in Apple's popular System Integrity Protection (SIP) security mechanism, affecting all versions of OS X operating system. Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines. SIP Bypass Exploit Code Fits in a Tweet Interestingly, Stefan Esser, a security researcher from Germany, has rele...

Anything connected to the Internet could be hacked and so is the Internet of Things (IoTs) . The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors. Now, the researchers at security firm ESET have discovered a piece of Malware that is targeting embedded devices such as routers, and other connected devices like gateways and wireless access points, rather than computers or smartphones. Dubbed KTN-Remastered or KTN-RM , the malware is a combination of both Tsunami (or Kaiten) as well as Gafgyt. Tsunami is a well-known IRC ( Internet Relay Chat ) bot used by miscreants for launching Distributed Denial of Service (DDoS) attacks while Gafgyt is used for Telnet scanning. KTN-RM, which researcher dubbed ' Remaiten ,' features an improved spreading mechanism by carrying downloader executable binaries for embedded platforms and other connected devices. How Does the ...

'Microsoft loves Linux' so much that now the company is bringing the popular Bash shell , alongside the entire Linux command environment, to its newest Windows 10 OS in the upcoming 'Anniversary Update,' Redstone. The rumours before the Microsoft's Build 2016 developer conference were true. Microsoft has just confirmed that it is going to enable its users to run Bash (Bourne Again Shell) natively on Windows 10. Also Read: Microsoft Drops a Cloud Data Center Under the Ocean . Microsoft has partnered with Ubuntu's parent company Canonical to ensure the Bash experience for users is just as good in Windows OS as it's in variants of Linux. Although the Goal of the partnership, in the end, is to bring Ubuntu on Windows 10, don't expect it to run Ubuntu directly on Windows 10. Users will be able to download Bash from the Windows Store. BASH or Bourne Again Shell is capable of handling advanced command line functionalities that are not a c...