The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr...

In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s...

In Brief: Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users. Sony confirmed to Polygon today that it is planning to introduce two-factor verification to its PlayStation Network widely soon after a Twitter user saw a reference to it in the latest 4.80 firmware update for the PlayStation 3. Although there is no official announcement from the company revealing when two-step authentication will be implemented in PSN, the representative told sources that "more details will be shared at a later date." Microsoft has been providing two-step verification to its Xbox Live users since 2013. The feature is also used on Battle.net and Steam. Two-Factor authentication, also known as two-step verification, is a process that requires you to submit two different forms of verification when logging into a service: One is your...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's  legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's announcement last month that it bought a hacking tool to break into the locked iPhone 5C belonging to the alleged San Bernardino shooter Syed Farook. At the time, the FBI did not disclose the name of the third party neither it revealed the cost of the hacking tool. But yesterday while speaking at the Aspen Security Forum in London, FBI Director James Comey gave a hint on the price it gave to the unnamed "outside party" for the hacking solution after Apple refused to help the agency bypass the iPhone's security mechanisms. The FBI Paid Over $1.3 MILLION f...

On Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa , on suspicion of money laundering and involvement in selling encrypted smartphones to criminals. Manupassa owns a company called Ennetcom , which provides customized Blackberry Phones with the secure PGP-encrypted network. Reportedly, Ennetcom sold nearly 19,000 encrypted cell phones at 1500 euros each in last few years. Police have seized Ennetcom servers based in the Netherlands and Canada and pulled them offline. The seized servers contain data of encrypted communications belong to a large number of criminals. According to a press release , the investigation is ongoing and seized data from the servers will be analyzed soon. Police believe this operation would result in collecting evidence required for solving numerous ongoing investigations involving drug trafficking, assassinations, and other serious crimes. Moreover, Canadian Police is also involved in this investigation and surprisingly, i...

In Brief Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone. Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security. Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks. Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click. That's a great deal! For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. Free VPN Service with Unlimited Data Usage Unlike several other free VPN services,...

In Brief Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware. Both hackers were charged with stealing hundreds of millions of dollars from banking institutions worldwide. Masterminds behind the development and distribution of the infamous " SpyEye " botnet have finally been sentenced to a combined total of 24 years and 6 months in prison. Aleksandr Andreevich Panin and Hamza Bendelladj have been sentenced for their roles in developing and distributing SpyEye malware that is said to have caused hundreds of millions of dollars in losses to the financial sector, the U.S. Justice Department said  on Wednesday. SpyEye, a successor to the notorious Zeus banking malware , has affected financial institutions since 2009. Once infected, the malware connec...

In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption al...

In Brief Apple's head of legal has denied all rumors about providing its complete source code or any backdoor to the Chinese government. Apple officially confirmed that the Chinese government has asked Apple twice in the past two years to hand over the source code for its operating system, but the company refused in both the cases. In a Tuesday hearing entitled "Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,"  the police officials put allegations on Apple for handing over user data to Beijing while refusing the authorities at its home in the US. However, speaking under oath at the congressional hearing, Apple's General Counsel Bruce Sewell denied the claims, saying "We have been asked by the Chinese government" for the source code behind the iPhone. But, "we refused." The response came just after Indiana State Police Captain Charles Cohen accused Apple of providing its source code to China. N...

In Brief Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users. Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data. Viber is the latest messaging platform to join WhatsApp , Telegram , and Apple iMessage , who strengthened their default privacy features in recent times. Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today. The move comes just a couple of weeks after Facebook-owned Whatsapp messaging app implemented full end-to-end encryption by default ...

In Brief What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security? Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called ' AI2 ,' which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy. Cyber security is a major challenge in today's world, as government agencies, corporations and individuals have increasingly become victims of cyber attacks that are so rapidly finding new ways to threaten the Internet that it's hard for good guys to keep up with them. A group of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) are working with machine-learning startup PatternEx to develop a line of defense against such cyber threats. The team has already  developed an Artificial Intelligence system that can detect 85 percent of attacks by...

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We...