The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In past few months, Microsoft opened the source code of a lot of its projects, convincing people that the company loves Linux . But a new report shows that Microsoft is not really a big supporter of Linux. Microsoft has banned Linux on some Windows 10 powered Signature Edition PCs, which provides the cleanest Windows experience on the market. Signature Edition PCs are different from other systems because it is carefully and meticulously configured by Microsoft to run Windows 10 with no bloatware, paid promotional web shortcuts, or other pre-installed apps, for providing better performance. But besides bloatware and other pre-installed apps, Microsoft won't allow you to install Linux (or any operating system) on it. This news is not a rumor as a Reddit user BaronHK reported that he found it impossible to install Linux on the Signature Edition Lenovo Yoga 900 ISK2 UltraBook because Microsoft has locked the SSD in a proprietary RAID mode that can only be read by Window...

Are you good at hiding your feelings? No issues, your Wi-Fi router may soon be able to tell how you feel, even if you have a good poker face. A team of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a device that can measure human inner emotional states using wireless signals. Dubbed EQ-Radio , the new device measures heartbeat, and breath to determine whether a person is happy, excited, sad, or angry. Using EQ-Radio, which emits and captures reflected radio frequency (RF) waves, the team bounced waves off a person's body to measure subtle changes in breathing patterns and heart rates. This data was then run through a bunch of algorithms and a machine-learning process programmed to match a person's behavior to how they acted previously, categorizing the person's emotion as one of the four emotional states: Pleasure, Joy, Anger and Sadness. The impressive part about the technique: EQ-Radio doesn't r...

It's a Fact! No matter how smart the criminals are, they always leave some trace behind. Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets. Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting criminals? Yeah it's true — "A picture is worth a thousand words." Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken. EXIF, stands for " Exchangeable Image File Format ," may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it's creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken. If a criminal, let's say a...

Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control. Hackers can remotely hijack your car and even control its brakes from 12 miles away. Car hacking is a hot topic. Today many automobiles companies have been offering vehicles with the majority of functions electronically controlled, from instrument cluster to steering, brakes, and accelerator. These auto-control electronic systems not only improve your driving experience but at the same time also increase the risk of getting hacked. The most recent car hacking has been performed on Tesla Model S by a team of security researchers from Keen Security Lab, demonstrating how they were able to hijack the Tesla car by exploiting multiple flaws in the latest models running the most recent software. The team said the hacks worked on multiple models of Tesla and believed they would work across all marques. "We have discovered multiple security vulnerabilities and suc...

Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself " The Shadow Brokers ." Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. A hacking exploit, dubbed ExtraBacon , leveraged a zero-day vulnerability (CVE-2016-6366) resided in the Simple Network Management Protocol (SNMP) code of Cisco ASA software that could allow remote attackers to cause a reload of the affected system or execute malicious code. Now Cisco has found another zero-day exploit , dubbed "Benigncertain," which targets PIX firewalls. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products. But,...

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel...

British citizen and alleged hacker Lauri Love will be extradited to the United States to face allegations of hacking into United States government computer systems, a UK judge ruled on Friday. Love, 31, is currently facing up to 99 years in prison for allegedly hacking into the FBI, the US Army, the US Missile Defence Agency, the National Aeronautics and Space Administration (NASA), and New York's Federal Reserve Bank during 2012 and 2013. US Prosecutors claim that Love was allegedly involved in #OpLastResort , an online protest linked with the Anonymous collective following the persecution and untimely death of activist Aaron Swartz, who committed suicide in 2013 while under federal charges for data theft. Speaking at Westminster Magistrates' Court in London, District Judge Nina Tempia said : "I'll be extraditing Mr. Love, by which I mean I'll be passing the case to the Secretary of State." Tempia said Love could appeal against the court decisi...

Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100. Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million . Cheap Method to Unlock iPhone 5C Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C. Dubbed NAND Mirroring , the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March, ...

Two Researchers have discovered a couple of vulnerabilities in Signal , the popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden. One of those vulnerabilities could allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while another bug could allow hackers to remotely crash vulnerable devices. The vulnerabilities have just been patched, but the updated version of Signal is yet available on the Github open source repository, and not on the Google's official Play Store for Android apps, leaving millions of privacy conscious people vulnerable to attacks. That means, if you have installed Signal messaging app via Google Play Store, like other millions of Android users, you are still vulnerable to hackers. Developed by open source software group Open Whisper System, Signal is a free and open source messaging application specifically designed for Android and iOS users to make secure and e...

Note — Don't miss an important update at the bottom of this article, which includes an official statement from Xiaomi . Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus? If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance. But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy? With the same curiosity to find answers to these questions, a Computer Science student and security enthusiast from Netherlands who own a Xiaomi Mi4 smartphone started an investigation to know the purpose of a mysterious pre-installed app, dubbed AnalyticsCore.apk , that runs 24x7 in the background and reappeared even if you delete it. Xiaomi is one of the ...

Should you put a tape or a sticker over the lens of your laptop's webcam? Yes, even Facebook CEO Mark Zuckerberg and FBI Director James Comey do that. Covering your laptop's webcam might be a hell cheap and good idea to guard against hackers and intruders who might want to watch your private life and environment through your devices. In fact, Comey recently came out defending his own use of tape to cover his personal laptop's webcam. People Are Responsible for Their Safety, Security & Privacy During a conference at the Center for Strategic and International Studies, when Comey was asked that he still put tape over his cameras at home, he replied: "Heck yeah, heck yeah. And also, I get mocked for a lot of things, and I am much mocked for that, but I hope people lock their cars… lock your doors at night. I have an alarm system. If you have an alarm system you should use it, I use mine." Comey went on to explain that it was common practice at ...

Another Day, Another Data Breach! And this time, it's worse than any recent data breaches. Why? Because the data breach has exposed plaintext passwords, usernames, email addresses, and a large trove of other personal information of more than 6.6 Million ClixSense users. ClixSense, a website that claims to pay users for viewing advertisements and completing online surveys, is the latest victim to join the list of " Mega-Breaches " revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , and Dropbox . Hackers are Selling Plaintext Passwords and Complete Website Source Code More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin over the weekend. The hackers who dumped the data has put another 4.4 Million accounts up for sale. In addition to un-hashed passwords and email addresses, the dump database includes first and last names, dates of birth, sex, home addresses, IP addresses, payment histories,...