The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hong Kong-based Bitcoin exchange 'Bitfinex' that lost around $72 Million worth of its customers' Bitcoins last week is now offering a reward of $3.5 Million to anyone who can provide information that leads to the recovery of the stolen Bitcoins. Bitfinex revealed on August 2 that the cryptocurrency exchange had suffered a major security breach, which resulted in the loss of nearly 120,000 BTC. The hack led to a 36 percent loss for each Bitfinex customer, who will be issued tokens to be redeemed as the company is able to reimburse the losses. Now, the exchange is willing to offer 5% of the lost funds ( nearly 6,000 BTC ) as a reward for the recovery of the stolen bitcoins. The news came after a Reddit user, using alias someguy916, inquired about a reward Bitfinex would be willing to offer for the stolen bitcoins. In response to the question, Bitfinex community director Zane Tackett stated that a bounty would be awarded to anyone who has information that would hel...

The hacker, who recently claimed responsibility for the high-profile hack of Democratic National Committee (DNC), has now taken credit for hacking into the Democratic Congressional Campaign Committee (DCCC) as well. To prove his claims, the hacker, going by the moniker Guccifer 2.0, dumped on Friday night a massive amount of personal information belonging to nearly 200 Democratic House members onto his blog . The notorious hacker published several documents that include cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives. The data dump also includes several memos from House Minority Leader Nancy Pelosi's personal computer, detailing fundraisers and campaign overviews. "As you see the US presidential elections are becoming a farce, a big political performance where the voters are far from playing the leading role," the hacker wrote in a ...

Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks. However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure. Previous techniques of hacking air gap computers include: AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes; BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys; Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack. Now, researchers have devised a new method to steal data from an infected computer even if it has no...

In Brief Some 100 Million cars made by Volkswagen are vulnerable to a key cloning attack that could allow thieves to unlock the doors of most popular cars remotely through a wireless signal, according to new research. Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack applies to practically every car Volkswagen has sold since 1995. There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot. Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research [ PDF ] later this week at the Usenix security conference in Austin, Texas. Attack 1 — Using Arduino-based RF Transceiver (Cost $40) The first attack can be carried out using a cheap radio device that can...

If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 ( version 3.6 and above of the Linux kernel ) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays. The flaw actually resides in the design and implementation of the Request for Comments: 5961 ( RF...

Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices. The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft. But now Apple is going to face competition from a blackhat company named, Exodus Intelligence. Exodus Intelligence is offering more than double Apple's maximum payout for zero-day vulnerabilities affecting the newest versions of iOS. The company is willing to pay more than $500,000 for zero-day vulnerabilities and exploits affecting iOS 9.3 and above. Although Exodus labeled itself as ' Research Sponsorship Program ,' the company actually makes money by buying and selling zero-day vulnerabilities and exploits. On Wednesday, Exodus launched its new bonus structure for the acquisition of details and exploits for zero-day vu...

It's True  —  There is no such backdoor that only its creator can access. Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI ( Unified Extensible Firmware Interface ) Secure Boot feature. What's even worse? It will be impossible for Microsoft to undo its leak. Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your system bootloader, as well as, Secure Boot restricts you from running any non-Microsoft operating system on your device. In other words, when Secure Boot is enabled, you will only be able to boot Microsoft approved ( cryptographically signature checking ) operating systems. However, the Golden Keys disclosed by two security researchers, using alias MY123 and Slipstream , can be used to install non-Windows operating systems, say GNU/Linux or Android, on the devices protected by Secure Boot. Moreover, according to the blog po...

In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 34 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102 , patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by getting you to view specially-crafted PDF content in your web browser. Users of Microsoft Edge on Windows 10 systems are at a significant risk for remote code execution (RCE) attacks through a malicious PDF file. Web Page with PDF Can Hack Your Windows Computer Since Edge automatically renders PDF content when the browser is set as a default browser, this vulnerability only affects Windows 10 users with Microsoft Edge set as the default browser, as the exploit would execute by simply by viewing a PDF online. Web browsers for all other affected operating systems do not automatically ...

Two computer hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding and reporting multiple security vulnerabilities in the Airline's website. Olivier Beg, a 19-year-old security researcher from the Netherlands, has earned 1 Million air miles from United Airlines for finding around 20 security vulnerabilities in the software systems of the airline. Last year, Chicago-based 'United Airlines' launched a bug bounty program to invite security researchers and bug hunters for finding and reporting security holes in its websites, software, apps and web portals. Under its bounty program, United Airlines offers a top reward of 1 Million flyer miles for reporting Remote Code Execution (RCE) flaws; 250,000 miles for medium-severity vulnerabilities, and 50,000 flyer miles for low-severity bugs. According to Netherlands Broadcasting Foundation , the 19-year-old reported 20 security issues to United Airlines and the most severe fla...

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev...

The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These us...

Internet of Things (IoT) is the latest buzz in the world of technology, but they are much easier to hack than you think. Until now we have heard many scary stories of hacking IoT devices , but how realistic is the threat? Just think of a scenario where you enter in your house, and it's sweltering, but when you head on to check the temperature of your thermostat, you find out that it has been locked to 99 degrees. And guess what? Your room thermostat is demanding $300 in Bitcoins to regain its control. Congratulations, Your Thermostat has been Hacked! This is not just a hypothetical scenario; this is exactly what Ken Munro and Andrew Tierney of UK-based security firm Pen Test Partners have demonstrated at the DEFCON 24 security conference in Las Vegas last Saturday. Two white hat hackers recently showed off the first proof-of-concept (PoC) ransomware that infects a smart thermostat. Ransomware is an infamous piece of malware that has been known for locking up comput...

After the failure of Facebook's Free Basics -- an initiative to provide free Internet access -- in India due to the violation of Net Neutrality principles, Facebook has reintroduced its plan to provide Internet access in rural India, but this time: The social networking giant is planning to launch a commercial WiFi service in India. Facebook is testing a WiFi service in rural India, allowing people with no internet connection to buy affordable data packages from their local internet service providers (ISPs) in order to access the Internet via local hotspots. Dubbed Express Wi-Fi , the program is in sync with Mark Zuckerberg's Internet.org -- the platform Facebook used for its Free Basics to bring the Internet to all. India banned Free Basics in the country on net neutrality grounds. Net Neutrality advocates argued that by offering some websites and services for free, people are discouraged from visiting other sites. Now, Facebook has partnered with state-owned ...

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed " Quadrooter ," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones. That's a very big number. The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas. Critical Quadrooter Vulnerabilities: The four security vulnerabilities are: CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July ...