The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Early Monday, Whistleblowing site WikiLeaks tweeted that the internet connection of its co-founder, Julian Assange, was intentionally cut down , for which it blamed an unidentified " state party ." But most surprisingly, it was Ecuador who was behind the act. WikiLeaks has confirmed that its founder Julian Assange 's Internet access was cut down in its London embassy by the government of Ecuador on Saturday. The move was in response to the organization's publication of another batch of leaked emails related to US presidential candidate Hillary Clinton. "We can confirm Ecuador cut off Assange's internet access Saturday, 5 pm GMT, shortly after [the] publication of Clinton's Goldman Sachs [speeches]," WikiLeaks tweeted . Assange has been living in Ecuador's London embassy since June 2012, when he was granted asylum by the Ecuador government after a British court ordered his extradition to Sweden to face questioning on a rape allegation....

Don't worry — Julian Assange is alive and kicking! But his Internet connection is dead. Earlier today, Wikileaks tweeted that its co-founder, Julian Assange, had his internet connection intentionally cut by an unidentified " state party ." The non-profit organization said it had " activated appropriate contingency plans ," giving no further explanation. The tweet came after Wikileaks posted a series of three cryptic tweets , each containing a 64-character code. In no time, the tweets sparked bizarre rumors that Julian Assange has died. The tweets referenced Ecuador, Secretary of State John Kerry and the United Kingdom's Foreign Commonwealth Office. What exactly are those Mysterious Wikileaks Tweets? Some users on Twitter, Reddit, and various discussion forums speculated that the tweets in question were the result of a " dead man's switch " that has been triggered in the event of Julian Assange's untimely death. Users on Twitter a...

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed " The GCHQ Puzzle Book ," the book features more than 140 pages of codes, puzzles, and challenges created by expert code breakers at the British intelligence agency. Ranging from easy to complex, the GCHQ challenges include ciphers and tests of numeracy and literacy, substitution codes, along with picture and music challenges. Writing in the GCHQ Puzzle Book's introduction, here's what GCHQ Director, Robert Hannigan says: "For nearly one hundred years, the men and women of GCHQ, both civilian and military, have been solving problems. They have done so in pursuit of our mission to keep the United Kingdom safe. GCHQ has a proud history of valuing and supporting individuals who think differently; without them, we would be of little value to the country. Not all are geniuses ...

Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l...

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det...

Are your internet-connected devices spying on you? Perhaps. We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services. But, these connected devices are not just limited to conduct DDoS attacks ; they have far more potential to harm you. New research [ PDF ] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices. The hackers then turn, what researchers call, these " Internet of Unpatchable Things " into proxies for malicious traffic to attack internet-based targets and 'internet-facing' services, along with the internal networks that host them. Unlike recent attacks via Mirai botnet , the new targeted attack, dubbed SSHowDowN Proxy , specifically ma...

U.S. drones are again in news for killing innocent people. The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year. Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in dark and air-conditioned rooms, 7100 miles from Syria and Afghanistan, remotely control their " targeted killing " drone campaign in a video-game-style warfare. From this ground zero, Air Force pilots fire missiles just by triggering a joystick on a targeted areas half a world away, as well as operate drones for surveillance and intelligence gathering. Drone operation facility at Creech Air Force Base -- a key base for worldwide drone and targeted killing operations -- has been assigned as ' Special Access Programs ', to access SIPRnet. What is SIPRnet? SIPRNet, or Secret Int...

UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article. If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It's Down! Yes, Blockchain.info, the world's most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it's believed that a possible cyber attack has disrupted the site. The site is down at the time of writing, and the web server reports a bad gateway error, with a message on the website that reads: "Looks like our site is down. We're working on it and should be back up soon." With more than 8 million Digital Wallet customers, BlockChain is users' favorite destination to see recent transactions, stats on mined blocks and bitcoin economy charts. A few hours ago, BlockChain team tweeted about the sudden breakdown of the site, saying: "We're researching a DNS...

In the year 2014, we came to know about the NSA's ability to break Trillions of encrypted connections by exploiting common implementations of the Diffie-Hellman key exchange algorithm – thanks to classified documents leaked by ex-NSA employee Edward Snowden. At that time, computer scientists and senior cryptographers had presented the most plausible theory: Only a few prime numbers were commonly used by 92 percent of the top 1 Million Alexa HTTPS domains that might have fit well within the NSA's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities." And now, researchers from University of Pennsylvania, INRIA, CNRS and Université de Lorraine have practically proved how the NSA broke the most widespread encryption used on the Internet. Diffie-Hellman key exchange (DHE) algorithm is a standard means of exchanging cryptographic keys over untrusted channels, which allows protocols such as HTTPS, SSH, VPN, SMTPS and IPsec to negotia...

Facebook, Instagram, Twitter, VK, Google's Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday. Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology corporations gave "special access" to Geofeedia. Geofeedia is a controversial social media monitoring tool that pulls social media feeds via APIs and other means of access and then makes it searchable and accessible to its clients, who can search by location or keyword to quickly find recently posted and publicly available contents. The company has marketed its services to 500 law enforcement and public safety agencies as a tool to track racial protests in Ferguson, Missouri, involving the 2014 police shooting death of Mike Brown. With the help of a public records request, the...

Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not. That's because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose which individual patches to install. October's patch bundle includes fixes for at least 5 separate dangerous zero-day vulnerabilities in Internet Explorer, Edge, Windows and Office products that attackers were already exploiting in the wild before the patch release. The patches for these zero-day flaws are included in MS16-118, MS16-119, MS16-120, MS16-121 and MS16-126. All the zero-days are being exploited in the wild, allowing attackers to execute a remote command on victim's system. Although none of the zero-day flaws were publicly disclosed prior to Tuesday, the company wa...

Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services. But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible. Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity , which has put a lot of efforts in targeting users of software designed for encrypting data and communications. The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites. Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or...