The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Last year, Just after Snowden leaks, the U.S Government warned that NSA surveillance revelations will make harder to track bad guys trying to harm the United States, as disclosures can be helpful to terrorist groups. In response to the NSA revelations, the terrorists at Al-Qaeda have started using strongest encryption techniques in order to bypass the standard cryptographic protections in its various communications, according to the recent report released by the Threat Intelligence  company, Recorded Future . The analysis carried out by the intelligence firm revealed that the Infamous Terrorist Organizations, Al-Qaeda that attacked civilian and military targets in various countries, has switched to new encryption software for the first time in seven years, following the revelations of the US National Security Agency (NSA) by former contractor Edward Snowden . Al-Qaeda is a global militant Islamist and takfiri organization which operates as a network comprisi...

The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking ...

We All now know about the existence of the extensive metadata collection program by U.S National Security Agency ( NSA ), which creates an intimate repository of our lives -- whom we love, whom we're friends with, where we work, whom we call, when we you, how long we talk over the calls, and how often calls between the two parties are made and even the your interactions on social networking sites. Although U.S Government always argues that Metadata doesn't record the actual content ( of your call ) and it is used for NSA's automated analysis, but should we be worried? You are unique in the world and therefore your metadata too. So anyone with knowledge of the subject knows that analyzing terabytes of metadata can easily reveal far more details about a person's life than ever before. Worldwide debate on mass surveillance still was not finished yet, but today is a new alarming report revealed that US government murdering people around the world based solely on th...

If you came across any suspicious Facebook message with ' LOL ' text or a fake Image file send by any of your Facebook friend, avoid clicking it. A Trojan horse is currently circulating in wild through the Facebook social network that could steal your Facebook account data and Credentials. Security researchers spotted  this malware campaign first in the beginning of March this year, where the Trojan spreads itself through the Facebook's Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named " IMG_xxxx.zip ". In Past two weeks, many of our readers informed us that they received similar ZIP files from their trusted Facebook friends. The Hacker News team also noticed that despite after several warnings in media, once again the malware campaign just goes viral like any other video scam , but this time directly through users' inbox-to-inbox. HOW DOES...

We are quite aware of the Android malware scanner Google's Bouncer that tests the apps by running them in a virtualized environment i.e. a simulated phone created in software which automatically scans the apps to watch its real behaviour on users' devices, before approving them to the Play Store market. To protect its users and their devices from harm, Google launched this apps scanning software tool, two year ago. Bouncer is a security feature for the Android Play store Market that is designed to protect the Android users to not to be a victim of any malicious Android malware app. But does the security tool go far enough? Despite having protective shield factor, we have seen Google play store market is surrounded by many malicious apps which easily by-passes the Bouncer scan test and targets Android users. Security Research from Columbia University have exploited weaknesses in Google's Bouncer service to sneak malicious apps on to the Android market. They publish...

The US Intelligence Agency, NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering " backdoors " and other spywares before they are exported and delivered to the international customers, reported by the Guardian. Yesterday in a published excerpt of his forthcoming book, " No Place to Hide ", Journalist Glenn Greenwald underlines the interest of National Security Agency in planting backdoors in U.S. suppliers' routers and other networking devices in order to carry out its massive surveillance program. " A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit ," Greenwald said. " The NSA routinely receives — or intercepts — routers, servers and other computer network devices being exported from the US before they are delivered. " While US government is always prohibiting the purchase of Huawei products due to suspected...

A shortage of computer memory in the $2.4 billion Air Traffic Control System caused a Computer crash that resulted in the System collapse, according to an insider close to the incident. The problems began on 30 April, when a U-2 spy plane flew over southwestern US caused the air traffic control system that manages the airspace around Los Angeles' LAX airport, built by Lockheed Martin, to crash due to which hundreds of flight delayed or cancelled two weeks ago. " In theory, the same vulnerability could have been used by an attacker in a deliberate shut-down, " security experts told Reuters. Now that the " very basic limitation of the system " is known, experts showed concerns about the cyber-attacks . Sources claimed to Reuters that on April 30, 2014 the aircraft traffic failed to obtain the altitude information for a single U-2 spy plane which was flying over the area because a controller entered the altitude of the spook flight into the En Route Automation Moderni...

Till Now the Internet was encountering the traditional Distributed Denial of Service (DDoS) attacks , where a large number of compromised systems use to flood servers with tremendous amount of bandwidth; but in past few months we have noticed massive change in the techniques of DDoS attack. Hackers are using creative, but evil DDoS techniques such as NTP and DNS Amplification DDoS attacks. Last month we have seen that how cybercriminals abused a vulnerability in one of the biggest Chinese video hosting website Sohu.com to convert their millions of visitors to participate into the Layer 7 (Application Layer) DDoS attack with 20 Million requests. According to the new report released by a US based security solutions provider Incapsula , another interesting DDoS attack activities have been noticed by the researchers in which an attacker abused two major anti-DDoS Service providers to perform massive DDoS attack on other websites. Its really EPIC that the services who should...

A Russian Hacker who was arrested in year 2012 by the authorities of the Netherlands and accused for allegedly hacking into the computer networks of more than a dozen major American corporations and stole over 160 million Credit and Debit Card Numbers. Earlier we reported , 33-year-old Russian hacker Vladimir Drinkman is wanted in U.S and Russia for various cyber crime charges, and the Netherlands Court ruled simultaneous requests from the U.S. & Russia for the extradition were admissible. But now it's up to the Dutch Minister of Justice to decide, whether to which country he would be extradited. However, Hacker Vladimir Drinkman does not want to face charges in US and appealed to the Supreme Court of the Netherlands, Country's highest court, to avoid his extradition to the US, Bloomberg reported. In the U.S. District Court for the District of New Jersey , the U.S. prosecutor plead that he was involved in the theft of more than 160 million credit and debit-...

Google is reportedly testing out some new UI changes for its popular email service, Gmail on the desktop browser that would redesign your inbox in totally different Interface. So, the traditional Gmail we all know may soon get a new makeover and we hope users will definitely love it. Google has invited a selected team of users to test a completely new user friendly interface for the webmail client which appears as a part of the trial, according to the leaked screenshots obtained by Geek 's website. According to the report, we can only presume that the new feature will enable a user to have a fancy access to Google's Gmail with a brand-new fly-in menu system that flies in and out of the browser window replaces Google's otherwise static sidebar on the left bolted into Gmail last year that organizes your inbox, chats, and labels. In the beginning of the April, the Geek also provided the screenshots revealing a series of new feature for the mobile Gmail clien...

Visiting a website certified with an SSL certificate doesn't mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user's computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites. Today hackers and cyber criminals are using every tantrum to steal users' credentials and other sensitive data by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and financial websites as well. DETECTING FAKE DIGITAL CERTIFICATES WIDELY A Group of researchers, Lin-Shung Huang , Alex Ricey , Erling Ellingseny and Collin Jackson , from the Carnegie Mellon University in collaboration with Facebook have analyzed [ PDF ] more than 3 million SSL connections and found strong evidence that at least 6;845 (0:2%) of them were in fact tampered with forged certificates i.e. self-signed di...

Before Ransomware, Click fraud was one of the popular and efficient ways for cybercriminals to make money and with the explosive growth in the size of the online threats it is still making its way on the Internet. " Click-Fraud " is the practice of deceptively clicking on search ads with the intention of either increasing third-party website revenues or exhausting an advertiser's budget. Besides the search results, we all have seen advertisements placed in the search engine's WebPage. If the visitor clicks the Ad, the advertiser has to pay a fee to the search engine. A problem that has arisen with pay-per-click is results in Click-Fraud. The term " fraud " is used because in either case, the advertiser is paying for a click without receiving any true value. Of course, the number of clicks has to be large enough in order to gain a considerable amount of money, and in order to do that an attacker can use an automated script or malicious program to simulate multiple clicks b...

Despite the contrary regarding NSA's DROPOUTJEEP program, Apple had always denied working with the NSA in the creation of any backdoors used to spy on its users and also claimed that the NSA doesn't have backdoor access to its data. But, Apple could legally share your phone data with the law enforcement agencies if asked for. Being a secretive company, Apple is very clear at its point of sharing its users' data with the government when U.S. law enforcement agencies request data relating to the company's users. With the release of a set of new guidelines late Wednesday regarding requests for customer data from the U.S. law enforcement agencies, Apple specifies what information can and cannot be lifted from its users devices upon the receipt of disclosure requests, search warrants, or legal orders. " These guidelines are provided for use by law enforcement or other government entities in the U.S. when seeking information from Apple Inc. about users of Apple...

If your Facebook wall offers you any horror videos that claim to be of a real ghost spotted, don't dare to click on them, as it may be hoaxes, malwares or scams contained within which are the real horror for the online users. We have seen a lot of Facebook scams spreading through the Facebook timeline in wild that encourages users to click on it and fall victim, and this time some new horror scam campaign is going viral on Facebook. Christopher Boyd from the security firm Malwarebytes has discovered an epidemic of hoaxes making their way around Facebook with paranormal themes, including: Alleged footage of an "actual" ghost attack a video featuring the Aswang that is described as "a mythical shape-shifting were-dog/vampire/terrifying thing from the Philippines" a video of Mermaids claiming they are back! Video of a huge great white shark tearing apart a sea captain. Facebook has become one of the most popular social networking website with more than one billion ...

The US Justice Department (DOJ) is seeking a transition in the criminal rules that would make the authorities to have more leeway to secretly hack into the suspected criminals' computer during criminal investigations at any times in bunches. The proposed [ PDF ] change in the rules would make FBI to easily obtain warrants to secretly access suspects' computers for the evidence when the physical location of the computer is not known to them. The problem FBI and government agents increasingly face as more and more crime carried out is online, and with the help of online tools, it is easy to conceal identity of the criminal. " This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority ," Justice Department spokesman Peter Carr told Bloomberg . " The proposal makes explicit that it does not change the traditional rules governing probable cause and notice. " This new U.S. proposal ...

The famous URL shortening service is facing a data breach . The very popular URL shortening service Bitly, has issued an urgent security warning saying that its users' account credentials may have been compromised, according to a blog post published yesterday. " We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens ," Bitly CEO Mark Josephson wrote in a blog post . At this point, however, there is no indication that hackers have broken into any user accounts, he said. Bitly was founded in 2008, allows users to shorten links and making it to share on other sites easier for users. It is privately held and based in New York City. Bitly shortens more than one billion links per month and powers over 10,000 custom short URLs and offers an enterprise analytics platform that helps web publishers and brands grow their social media traffic. Bitly users' acc...