The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Two months ago, THN reported about a similar announcement made by The American Registry for Internet Numbers (ARIN), which said that the agency is no longer able to produce IPv4 addresses in North America . Within a time frame of few months, ARIN, which handles Internet addresses in America, has announced the final exhaustion of their free pool of IPv4 addresses has reached zero... ...i.e. the availability of IPv4 (Internet Protocol version 4) addresses no more exists. Meanwhile, they are going to accept requests for IPv4, which will be approved via two ways: Wait List for Unmet IPv4 Requests - Join the waitlist for unmet requests in the hopes that a block of the desired size will be available in the future. IPv4 Transfer Market - Can be purchased from another organization that has more than it needs. So, in the future, IPv4 address space will be allocated to the approved requests on the Waiting List for Unmet Requests, if ARIN: receives any IPv4 address spac...

iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes, the serious flaw in iOS 9 that allows anyone – with physical access of your iPhone or iPad – to bypass your device's lock screen and get into your contacts and personal photographs, also Works on iOS 9.0.1 . Video Demonstration: Rodriguez published a new video detailing a step-by-step explanation on how to bypass the passcode on iOS 9 and iOS 9.0.1 device, using the benevolent nature of Apple's personal assistant Siri. The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1 . Mitigation So, until Apple rolls out an update to patch this bug, the only way available to iPhone users to mitiga...

Can the Cops can make you unlock your iPhone? ... " NO " According to a recent Federal Court's ruling, it is not okay for police to force suspects to unlock their phones with a passcode. And, doing so would be a violation of your Fifth Amendment Rights in the US Constitution. The ruling came as the conclusion of a case , where Securities and Exchange Commission (SEC) accused Bonan Huang and Nan Huang for conducting illegal Insider Trading. As a result of which, the investigating agencies cannot question the suspects for giving out their smartphone passcodes or any form of encryption passwords or even their existence on the suspect's device. They are said to have used their positions as data analysts at Capital One Bank ( credit card issuing Bank) . The bank gave each of them a mobile phone, allowing them to use a passcode of their choice. Huang's left Capital One and submitted the mobile phones to the bank, the bank then gave the mobil...

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se...

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks . The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing… …remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website ( you have visited ) wants to set a cookie in your browser, it passes a header named " Set-Cookie " with the parameter name, its value and some options, including cookie expiration time and domain name ( for which it is valid ). It is also important to note that HTTP ...

Do You Know:  China has planned to eliminate all foreign Technologies and Services by 2020, just like Google and Facebook . And it seems China in some years would be an entirely independent IT economy; building homegrown Mobile and computer devices, Operating Systems, Applications, Browsers and almost everything existing in the IT ecosystem. Well, China was not at all happy when Microsoft finally announced the end of official support for Windows XP. At the time, Windows holded 91% of total market share, compared to just for Mac OS X and just 1% for Linux. However, China wasn't interested to pay either for extended support for Windows XP or for switching to Windows 8. So, they decided to develop their own Operating System. Yes, China has developed a Desktop Operating System named " NeoKylin " ( and ' Kylin ' in Chinese ), tagged as a substitute to Windows XP by Quartz , who got an opportunity to have a hands-on experience of its "community version" OS. NeoKylin...

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends users data directly to the company. This is not first time Lenovo has allegedly installed spyware onto consumers PCs. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware that opened up doors for hackers. In August, Lenovo again got caught installing unwanted and non-removable crapware into part of the BIOS reserved for custom drivers. Lenovo Laptops comes Pre-installed with 'Spyware' Now, the Chinese computer manufacturer is making news once again for embedding tracking software into its laptops and workstations from Lenovo ThinkPad, ThinkCentre, and ThinkStation series. Michael Horowitz from Comput...

Mozilla launches Voice and Video Connect with the release of Official Firefox 41.0 Release . After significant improvements done in the Firefox Nightly experimental build of version Firefox 41.0, the stable release has a lot to offer. How would it be experiencing a seamless communication – video and voice calls and text messaging being directly built in your browser? Here's How: Mozilla has launched the stable release of Firefox 41.0 , equipped with project " Firefox Hello " offering free VOIP and instant messaging services through WebRTC ( Real Time Communication ) channel. Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user's experience by providing them with free voice and video calling features, irrespective of additional software or hardware support. By adopting Firefox Hello : Both the parties don't need to have same browsers, software or hardware. No sign-up other than...

The First major cyber attack on Apple's App Store has now been linked to CIA (Central Intelligence Agency) . Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by ' XCodeGhost Malware' . The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps. The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode . XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker's servers even without your knowledge. After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchers found more than 4,000 compromised apps. The infected apps include the popular instant messaging app WeChat, Chinese Uber-like ca...

The OPM Data Breach  ( Office of Personnel Management ) is getting even worse than we thought. We already know more than 21 Million current and former federal employees had their personal and highly sensitive private information hijacked in a massive data breach that affected Defense Department's OPM. But, now it has been revealed that the hackers have made off a lot more than just names, residential addresses, and social security numbers of the US government employees. And it's the unique and all time constant identity – The Fingerprints . 5.6 MILLLLLION Fingerprints Breached The US officials on Wednesday admitted that nearly 5.6 Million Fingerprints of its federal employees were also stolen in the massive data breach took place in April this year. The OPM, the US government agency that handles all federal employee data, had previously reported that some 1.1 Million Fingerprints were stolen. However, this figure has now been increased to 5.6 Million. L...

Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player. The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday. Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them. Critical Vulnerabilities These 18 security vulnerabilities, all deemed highly critical, are as follows: Type Confusion Vulnerability (CVE-2015-5573) Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682) Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678) Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2...

You may call this a misleading headline. Right? Yes, it's True. And I apologize for this. But… ...before someone else tricks you to visit any malicious link with intent to hijack your Computer or to Hack Facebook Profile , I just tricked you to visit this ' WARNING ' article about Facebook Scam of the Dislike button. Facebook Scam: Get Facebook Dislike Button Facebook users are being targeted in a new scam that takes advantage of the recent widely publicized announcement by Facebook CEO Mark Zuckerberg that a ' Facebook Dislike Button ' is in development. Zuckerberg said that there're obvious moments in life or bad fortunes where people do not want to "like" posts and wants to express their empathy. He also confirmed that the social network giant was working on such technology but didn't say that it's actually a " Dislike. " The much-vaunted " Dislike " or "empathy" feature has not rolled out ju...

A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-down button, then you are dead wrong. Why Not Thumbs-Down? Because: … The Dislike Concept will lead to more bad behavior than good — vitriol or bullying or worse. Facebook's founder Mark Zuckerberg says, " We didn't want to just build a Dislike button because we don't want to turn Facebook into a forum where people are voting up or down on people's posts. " So what will this Dislike or Empathy button look like? Instead of a simple thumbs down to express disapproval or pity, it could be as simple as Emojis. Yes, Emojis reaction ( Emoticons ) Faces. A ' two-years old ' Patent filed by Facebook uncovered how the new feature might work. The Patent illustr...