The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Popular code repository site GitHub is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches . Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter . According to a blog post published by Shawn Davenport, VP of Security at GitHub, an unknown attacker using a list of email addresses and passwords obtained from the data breach of " other online services " made a significant number of login attempts to GitHub's repository on June 14. After reviewing the logins, administrators at GitHub found that the attacker had gained access to a number of its users' accounts in order to gain illicit access to their accounts' data. Although the initial source of the leaked credentials isn't clear, the recent widespread "megabreaches" of LinkedIn , MySpace , Tumblr , and the dating site Fling, ...

Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account or facebook messenger, but researchers found a way that can allow someone to hack Facebook account passwords with only the target's phone number and some resources. Yes, your Facebook profile can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Hackers with resources to exploit SS7 network can hack your Facebook login and all they need is your phone number. The weaknesses in the part of global telecom network SS7 that not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number. SS7 or Signalling System Number 7 is a cell phone signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange i...

The United States federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. Chinese national Xu Jiaqiang, 30, was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, Jiaqiang has been charged with six counts: three counts of economic espionage and three counts of theft of a trade secret, as US prosecutors accused him of selling the stolen information to other companies, according to the Justice Department indictment [ PDF ]. The proprietary source code, which Jiaqiang was intended to sell for the benefit of the Chinese government, has been described as "a product of decades of work." Jiaqiang worked as a software developer for an unnamed American company that developed networking software from November 2010 to May 2014. In May 2014, Jiaqiang resigned the company only to sell the c...

Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device? If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things. Ransomware! After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens. A new version of the Frantic Locker (better known as FLocker ) Ransomware has now the ability to infect and lock down your Smart TVs until you pay up the ransom. Researchers at Trend Micro have discovered the updated version of FLocker that is capable of locking Android smartphones as well as Smart TVs . Originally launched in May 2015, the FLocker ransomware initially targeted Android smartphones with its developers constantly updating the ransomware and adding support for new Android system changes. Here's what the new version of FLocker does to your Android-powered Smart TVs: FLocker locks the device's screen. Displays a ...

Microsoft has released 16 security bulletins on Tuesday resolving a total of 44 security holes in its software, including Windows, Office, Exchange Server, Internet Explorer and Edge. Five bulletins have been rated "critical" that could be used to carry out remote code execution and affected: Windows, Internet Explorer (IE), Edge (the new, improved IE), Microsoft Office and Office services; and the remaining 11 are marked important. One of the critical issues, MS16-071 that caused alarm bells to go off for many security experts involves a Use-After-Free bug (CVE-2016-3227), which affects Microsoft Windows Domain Name System (DNS) servers for Windows Server 2012 and 2012 R2. The vulnerability resides in the way servers handle requests. Attackers could send a specially crafted request to a DNS server and convinced it to run arbitrary code in the context of the Local System Account, Microsoft's advisory warns. Another critical vulnerability is addressed in MS16-070, which patc...

The " Hack the Pentagon " bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure. In March, the Defense Department launched what it calls " the first cyber Bug Bounty Program in the history of the federal government, " inviting hackers to take up the challenge of finding bugs in its networks and public faced websites that are registered under DoD. Around 1,400 whitehat (ethical) hackers participated in the Hack the Pentagon program and were awarded up to $15,000 for disclosures of the most destructive vulnerabilities in DoDs networks, Defense Secretary Ashton Carter said at a technology forum on Friday. "They are helping us to be more secure at a fraction of the cost," Carter said . "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters." ...

Apple announced one huge change at WWDC 2016: The company is replacing the HFS+ file system on MacOS, iOS, tvOS and WatchOS with a new file system. The company has introduced its brand new file system called The Apple File System — or APFS for short — for iOS, OS X, tvOS, and WatchOS, making security its centerpiece. " The Apple File System (APFS) is the next-generation file system designed to scale from an Apple Watch to a Mac Pro. APFS is optimized for Flash/SSD storage, and engineered with encryption as a primary feature, " according to an entry in the WWDC 2016 schedule. Yes, the Apple File System is optimized for Flash and SSD-based storage solutions that are used in iPhones, iPads, MacBooks, AppleTV set-top boxes, and others Apple gadgets. APFS supports "nearly" all features the HFS+ file system provides while offering improvements over the previous system in the process. Apple describes APFS as a modern file system that includes " strong enc...

Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets. Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems. The cyber attack was designed to lay for a long term period against its rival, authorities in Seoul said. The South Korean police were on high alert against cyberattacks by the North Korean hackers, especially after North Korea successfully tested a miniaturized hydrogen bomb in January and a long-range rocket launch in February, Reuters reports . According to the police, the hacking attack began in 2014 but was detected only in February this year, after North Korea managed to steal information from two companies: the SK and Hanjin Group. The documents stolen from the two companies included blueprints for the wi...

Breaking News for today: Microsoft has announced that it is planning to acquire LinkedIn, the social network for professionals, for $26.2 Billion in cash. Yes, Microsoft announced today that it would buy LinkedIn for $196 per share in an all-cash transaction valued at $26.2 BILLLLLLION. It is so far the biggest acquisition made by Microsoft, which has made 8 takeovers, including Skype in 2011 and Nokia in 2013, worth more than $1 Billion. According to the tech giant, LinkedIn will retain its own brand and product, and also LinkedIn's existing CEO Jeff Weiner will remain as the company's chief executive. LinkedIn will now become a part of Microsoft's productivity, and business processes segment and Weiner will report directly to Microsoft CEO Satya Nadella. Here's what Nadella said about the deal: "The LinkedIn team has grown a fantastic business centered on connecting the world's professionals. Together we can accelerate the growth of Linked...

How many more data dumps does this hacker have with him that has yet to be exposed? Well, no one knows the answer, but we were recently made aware of another data breach from Peace – the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . The hacker under the nickname "Peace" (or Peace_of_mind) is now selling over 51 Million records obtained from iMesh – now defunct peer-to-peer file sharing service. The New York-based iMesh was one of the first and most popular file sharing services that allowed users to share multimedia files with their friends via the peer-to-peer (or P2P) protocol. Launched in the late 90s, iMesh became the third-largest service in the United States in 2009, but the service was unexpectedly closed down last month. LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that the comp...

The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points. Although it's not the hackers alone, the NSA is also behind the Internet of Things. We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013. But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers. During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now." Ledgett totally agreed o...

This year, Microsoft impressed the world with 'Microsoft loves Linux' announcements, like developing a custom Linux-based OS for running Azure Cloud Switch, selecting Ubuntu as the operating system for its Cloud-based Big Data services and bringing the popular Bash shell to Windows 10 . Now, the next big news for open-source community: Microsoft has released its own custom distribution of FreeBSD 10.3 as a "ready-made" Virtual Machine image in order to make the operating system available directly from the Azure Marketplace. FreeBSD (Berkeley Software Distribution) is an open source Unix-like advanced computer operating system used to power modern servers, desktops as well as embedded systems. Until now, the only way for Azure customers to run FreeBSD was to make use of a custom image from outside of Azure (from the FreeBSD Foundation). However, the new release makes it easier for Azure users to launch FreeBSD directly from the Azure Marketplace and get...