The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WhatsApp is, no doubt, the largest end-to-end encrypted messaging network that allows over billion of its users to send messages, photos, videos, voice messages, documents, and calls that are secure from falling into the wrong hands. And now it seems like WhatsApp is rolling out a much-awaited feature for the new beta versions of its Android app: Video Calling . New beta version 2.16.318 of WhatsApp brings the ability for users to conduct free video calls, though it is not clear, at this moment, whether the Video calling feature of WhatsApp provides end-to-end encryption. In order to activate video calls, you simply need to pull up a contact in the WhatsApp app, tap on the call icon and choose "Video Call." You can also go directly to the Calls tab, to begin with the option. The Video calls will only work if both the caller as well as the receiver have the same beta build of WhatsApp that supports the feature. If not, you will be notified of an error message that ...

What's worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod. Yes, attackers can take over your vulnerable Apple's iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system. That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1 , for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes. And now that the company has rolled out a security patch, some hackers would surely find vulnerable Apple devices to exploit the vulnerability and take full control of them. So, users running older versions of iOS are advised to update their mobile devices to iOS 10.1 as soon as possible. Besides this remote code execution flaw, the newest iOS 10.1 incl...

You might be surprised to know that your security cameras, Internet-connected toasters and refrigerators may have inadvertently participated in the massive cyber attack that broke a large portion of the Internet on Friday. That's due to massive Distributed Denial of Service (DDoS) attacks against Dyn, a major domain name system (DNS) provider that many sites and services use as their upstream DNS provider for turning IP addresses into human-readable websites. The result we all know: Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, were among hundreds of sites and services that were rendered inaccessible to Millions of people worldwide for several hours. Why and How the Deadliest DDoS Attack Happened It was reported that the Mirai bots were used in the massive DDoS attacks against DynDNS, but they "were separate and distinct" bots from those used to execute record-breaking DDoS attack against French Internet service and hosting...

The alleged Russian hacker, who was arrested by the FBI in collaboration with the Czech police, was believed to be the one responsible for massive 2012 data breach at LinkedIn, according to a statement released by LinkedIn. Now, United States authorities have officially indicted Yevgeniy Aleksandrovich Nikulin , 29-years-old Russian national, for hacking not just LinkedIn , but also the online cloud storage platform Dropbox, and now-defunct social-networking company Formspring. Nikulin was arrested in Prague [ Watch Video ] on October 5 by the Czech police after Interpol issued an international arrest warrant. According to an indictment unsealed Friday, Nikulin had hacked three Bay Area technology companies in the spring and summer of 2012, which includes LinkedIn Corp, Dropbox, and Formspring. Nikulin gained access to LinkedIn's network between March 3 and March 4, 2012; Dropbox's network between May 14 and July 25, 2012; and Formspring between June 13 and June 2...

Earlier last year, security researchers from Google's Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. Now, the same previously found designing weakness has been exploited to gain unfettered "root" access to millions of Android smartphones, allowing potentially anyone to take control of affected devices. Researchers in the VUSec Lab at Vrije Universiteit Amsterdam have discovered a vulnerability that targets a device's dynamic random access memory (DRAM) using an attack called Rowhammer . Although we are already aware of the Rowhammer attack , this is the very first time when researchers have successfully used this attack to target mobile devices. What is DRAM Rowhammer Attack? The Rowhammer attack against mobile devices is equally dangerous because it potentially puts all critical data on millions of Android phones at risk, at least until a secu...

A massive Distributed Denial of Service (DDoS) attack against Dyn , a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint , Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of ...

UPDATE — How an army of million of hacked Internet-connected smart devices almost broke the Internet today. Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one such attacks that cause a massive damage to any service. Recently, the Internet witnessed a record-breaking largest DDoS attack of over 1 Tbps against France-based hosting provider OVH, and now the latest victim of the attack is none other than Dyn DNS provider. A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Ycombinator . DNS act as the authoritative reference for mapping domain names to IP addresses. In other words, DNS is simply an Internet's phone book that resolves human-readable web addresses, like thehackerne...

A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild. Dubbed " Dirty COW ," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons. First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade. And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild. Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it within just 5 seconds. Earlier this week, Linus Torvalds admi...

Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency. Now, according to a court document filed Thursday, the FBI seized at least 50 terabytes of data from 51-year-old Martin that he siphoned from government computers over two decades. The stolen data that are at least 500 million pages of government records includes top-secret information about "national defense." If all data stolen by Martin found indeed classified, it would be the largest NSA heist, far bigger than Edward Snowden leaks. According to the new filing, Martin also took "six full bankers' boxes" worth of documents, many of which were marked "Secret" and "Top Secret." The stolen data also include the personal information of government employees. The stolen documents date from between 1996 through 2016. "The document appears to have been printed by the...

2016 is the year of data breaches that has made almost every major companies victims to the cyber attacks, resulting in compromise of over billion of online users accounts. Weebly and Foursquare are the latest victims of the massive data breach, joining the list of "Mega-Breaches" revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , Dropbox , and the biggest one -- Yahoo . Details for over 43 Million users have been stolen from the San Francisco-based website building service Weebly, according to breach notification site LeakedSource, who had already indexed a copy of the stolen data that it received from an anonymous source. In addition, LeakedSource posted details of the cyber attack in its blog post on Thursday explaining what happened. The attack believed to have been carried out in February 2016. "Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the san...

Ransomware threat has risen exponentially so much that ransomware authors have started abusing the MBR in their attacks to lock down your entire computer instead of just encrypting your important files on hard drive. Talos team at Cisco Systems has released a free, open-source tool that protects the master boot record (MBR) sector of computers from modification by bootkits, ransomware, and other malicious attacks. Master Boot Record (MBR) is the first sector (512 bytes) on your Hard drive that stores the bootloader, a piece of code that is responsible for booting the current Operating System. Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start. An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR. A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost i...

India is undergoing the biggest data breaches to date with as many as 3.2 Million debit card details reportedly stolen from multiple banks and financial platforms. The massive financial breach has hit India's biggest banks including State Bank of India (SBI), HDFC Bank, Yes Bank, ICICI Bank and Axis, and customers are advised to change their ATM PIN immediately. Hackers allegedly used malware to compromise the Hitachi Payment Services platform — which is used to power country's ATM, point-of-sale (PoS) machines and other financial transactions — and stole details of 3.2 Million debit cards, reports The Economic Times. Of 3.2 Million debit cards, 2.6 Million are powered by Visa or Mastercard and rest 600,000 work on top of India's own RuPay platform. Hacked Debit Cards Reportedly Used in China It is not yet clear who is behind the cyber attack, but the report adds that a number of affected customers have observed unauthorized transactions made by their cards in v...