The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target. A massive 91% of successful data breaches at companies started with a social engineering and spear-phishing attack. A phishing attack usually involves an e-mail that manipulates a victim to click on a malicious link that could then expose the victim's computer to a malicious payload. So what is the missing link to manage the problem of employees being Social engineered? The answer is very simple – Educate your Employees and reinforce good security procedures at the same time. Phish your Employees! Yes, you heard me right… by this I mean that you should run a mock phishing campaign in your organization and find out which employees would easily fall victim to the phishing emails. Then step everyone through Internet...

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma...

We all are aware of Net Neutrality and the recent controversies over it in India. Net Neutrality is simply the Internet Freedom — Free, Fast and Open Internet for all.  India has been battling for Net Neutrality since zero-rating services such as Facebook's Internet.org and Airtel Zero were announced. The Department of Telecommunications (DoT) has now released a much-awaited report [ PDF ] on the Net Neutrality issue, recommending the Telecom Regulatory Authority of India (TRAI) to regulate the voice calls conducted by the Internet users of over-the-top (OTT) services. Over 100 pages-long report details the DoT's understanding of Net Neutrality Principles, which has been criticized by consumer groups because it could End Free domestic voice calls offered by apps like WhatsApp and Skype. The Report says, "the core principles of net neutrality must be adhered to," and user rights on the Internet need to be protected, so that the Telecom Service Provid...

Windows 10 is all set to launch on July 29 and will also be available on USB drives for purchase in retail channels. So, if you are planning to install Windows 10 Home , one thing you must keep in your mind – You wish or not, the software updates for Microsoft's new operating system will be mandatory. Microsoft is planning to make a significant change to its software update policy by " removing the option to DISABLE software updates in Windows 10 Home ". This clearly indicates that all users of Windows operating system must agree to allow Microsoft to install software updates automatically. In Windows 8.1 , users get four options for Windows Update's behavior, which include: Download and Install Windows Updates Automatically Download Windows Updates automatically but Choose when to Install them Check for Updates but Choose when to Download and Install them Never check for, Download, or Install Updates From a Security point of view, the last...

What if you get 1 Million Frequent Flyer Miles for Free? Yes, 1 Million Air Miles… …I think that would be enough for several first-class trips to Europe or up to 20 round-trips in the United States. Two Computer Hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding multiple security vulnerabilities in the Airline's website. Back in May this year, Chicago-based ' United Airlines ' launched a bug bounty program and invited security researchers and bug hunters to find and report security vulnerabilities in its websites, software, apps and web portals. Jordan Wiens , a security researcher from Florida and one of two bounty winners, tweeted last week that he earned United Airlines' top reward of 1 Million Miles for finding a flaw that could have allowed a hacker to seize control of one of the airline's websites. Wiens is not allowed to disclose the technical details regarding the vulnerabilities, but ...

The United States National Security Agency (NSA) has released a network security tool for Government and the private sectors to help secure their networks against cyber attacks. Dubbed Systems Integrity Management Platform (SIMP) , the tool is now publicly available on the popular source code sharing website GitHub . According to an official release from NSA, SIMP makes it easier for government organizations and the private sector to "fortify their networks against cyber threats." SIMP aims at providing a reasonable combination of security compliance and operational flexibility , keeping networked systems compliant with security standards and requirements. It is considered to be a critical part of a layered, "defence-in-depth" approach to information security. " By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organiza...

Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 (Rivest Cipher 4) is still the most widely used cryptographic cipher implemented in many popular protocols, including: SSL (Secure Socket Layer) TLS (Transport Layer Security) WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) Microsoft's RDP (Remote Desktop Protocol) BitTorrent and many more However, weaknesses in the algorithm have been found over the years, indicating that the RC4 needs to be wiped from the Internet. But, yet about 50% of all TLS traffic is currently protected using the RC4 encryption algorithm. Now, the situation got even worse, when two Belgian security researchers demonstrated a more practical attack against RC4, allowing an attacker to subsequently expose encrypted information in a much shorter amount of time t...

The FBI and other law enforcement agencies have arrested more than 70 people suspected of carrying out cyber criminal activities associated with one of the most active underground web forums known as Darkode . Darkode , also used by notorious Lizard Squad , was an online bazaar for cyber criminals looking to buy and sell hacking tools, botnet tools, zero-day exploits, ransomware programs, stolen credit cards, spam services and many illicit products and services. Darkode had been in operation since 2007 before law enforcement authorities seized it this week as part of an investigation carried out in 20 different countries. "We have dismantled a cyber-hornet's' nest...which was believed by many, including the hackers themselves, to be impenetrable," said U.S. Attorney David J. Hickton . The crackdown, which the FBI dubbed Operation Shrouded Horizon , was initiated two years ago by its counterparts in Europe, Brazil and law enforcement agencies in more...

The huge cache of internal files recently leaked from the controversial Italian surveillance software company Hacking Team has now revealed that the Federal Bureau of Investigation (FBI) purchased surveillance software from the company. The leaked documents contains more than 1 Million internal emails, including emails from FBI agent who wanted to unmask the identity of a user of Tor , the encrypted anonymizing network widely used by activists to keep their identities safe, but also used to host criminal activities. Unmasking Tor User In September last year, an FBI agent asked Hacking Team if the latest version of its Remote Control System (RCS), also known as Galileo - for which the company is famous for, would be capable to reveal the True IP address of a Tor user. The FBI agent only had the proxy IP address of the target, as according to FBI, the target may be using Tor Browser Bundle (TBB) or some other variant. So, the agent wanted to infect the target...

Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe's Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet. Now, a new zero-day vulnerability has been reported in Oracle's Java that is reportedly being exploited in the wild by hackers to target government armed forces. Cybercriminals are actively exploiting the Java-based zero-day flaw in an attempt to target U.S. defense agencies and members of NATO, Trend Micro security researchers warned in a blog post published Sunday. According to researchers, the vulnerability affects only the latest version of Java, version 1.8.0.45. Though the older Java versions, Java 1.6 and 1.7 are not at all affected by this zero-day exploit. So far, there isn't many details disclosed about the Java zero-day bug, considering a patch is yet to be released by Oracle. Although hackers are exploi...

Last Week someone just hacked the infamous Hacking Team , The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data , including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date of purchase and amount paid Hacking Team is known for its advanced and sophisticated Remote Control System (RCS) spyware , also known as Galileo , which is loaded with lots of zero-day exploits and have ability to monitor the computers of its targets remotely. Today, Trend Micro security researchers found that the Hacking Team " uses a UEFI  (Unified Extensible Firmware Interface)  BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems ." That clearly means, even if the user reinstalls the Operating System, formats the hard disk, and even buys a new hard disk, the agents are implanted after Microsoft Windows is...

Bitcoin Cloud Mining service Cloudminr.io has been hacked and its whole users database is on sale for 1 Bitcoin . The unknown hackers have successfully taken full control of the website's server and defaced the homepage of the website. Users visiting the website are greeted with a defaced homepage showing the partial database of around 1000 clients including their usernames and unencrypted passwords in completely plain text format. This clearly indicates that the company is not following the best security practices to secure their users private data as the passwords were not even hashed before storing into the database. Hackers offering around 80,000 users database for 1BTC The database of 1000 users shown on the website homepage is just a sample given by the hackers while they have compromised around 80,000 users database in total from the cloud mining service. The hackers are offering the entire database of thousands of users for the just 1BTC , w...

Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge , even if you have already uninstalled the Google Photos app from your device. Nashville Business Journal editor David Arnott found that Google Photos app uploaded all his personal photographs from the device into the service even after uninstalling it. Arnott provided a video demonstration showing that after uninstalling the Google Photos app from his Samsung smartphone, the photograph he took off his coffee mug still wound up being synced into his account on the web. "Months ago, I downloaded the [Photos] app to play with it, but I did not like it and so un-installed the app after just a few days," Arnott tweeted Wednesday. "This evening, I went back to Google Photos on my l...

It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users. Malicious Android Apps downloaded 50,000-1,000,000 times The Android game, dubbed " Cowboy Adventure ," and another malicious game, dubbed " Jump Chess " – downloaded up to 50,000 times, have since been removed from Google Play Store. However, before taking them off from the app store, the creepy game apps may have compromised an unknown number of victims' Facebook credentials . Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspec...

An Israeli Singer and former contestant on a reality talent show has been jailed for hacking Madonna's online accounts and stealing songs from her unreleased music tracks. Adi Lederman , 39, who participated in Israel's version of American Idol called A Star Is Born , is set to spend his 14 months in prison and pay $4000 in fine after confessing to computer trespassing, infringement of privacy and property rights. Citing Madonna as Lederman's victim, Tel Aviv Magistrate's Court did not specify whether Lederman was actually behind the song leak from her " Rebel Heart " album, the Jerusalem Post reported this week. "The ease with which crimes such as this can be committed by those who have skills in the field," the court said, "such as the accused, require an appropriate punitive response that has a deterrent and uncompromising message." Deeply Devastating and Hurtful Madonna planned to launch her new album " Rebel ...

Yes, you heard it right. A gamer drugged his girlfriend to avoid interruption while playing on his Microsoft's Xbox Live . The 23-year-old German man, who has not been named, was fined EUR€500 (approx USD$555) by a judge in a Castrop-Rauxel district court, German website The Local reports . The man admitted in front of judge that he put between four and five drops of a sedative in his girlfriend's tea to make her fall asleep, so he could keep playing the video game on his console. His girlfriend fell asleep for more than 12 hours and wake up midday on the next day, but even after waking up she felt constantly drowsy.  "Then I got up and drove to work although I was nodding off again and again," the victim told. Girlfriends Broke-Up with her Boyfriend The offender's girlfriend, 24, broke up with her now-ex-boyfriend after he did this to her. Sentencing the man, the court judge said: "Your girlfriend slept long and deeply, wh...

Another Flash zero-day exploit has emerged from the hundreds of gigabytes of data recently leaked from Hacking Team , an Italian surveillance software company that is long been accused of selling spying software to governments and intelligence agencies. The critical zero-day vulnerability in Adobe Flash is a Use-After-Free() programming flaw ( CVE-2015-5122 ) which is similar to the CVE-2015-5119 Flash vulnerability patched last week and allows an attacker to hijack vulnerable computers. Adobe says the cyber criminals are apparently already exploiting this vulnerability for which no patch exists yet. However, it's second time in a single week when the company is working on a fix for the zero-day vulnerability in its Flash Player software. Flash Zero-Day Flaw in the Wild The Exploit code for this flaw is already available online, allowing an attacker to remotely execute malicious code on victims' computers and install malware, Adobe said in an advisory pub...

The four co-founders of The Pirate Bay, the world's most popular torrent website, have been cleared of charges alleging criminal copyright infringement and abuse of electronic communications in a Belgian court. The Pirate Bay co-founders Gottfrid Svartholm , Fredrik Neij, Peter Sunde and Carl Lundström were acquitted by a Belgian court located in Mechelse after it was found that they could not be held responsible for the file-sharing website after selling it in 2006. The Pirate Bay's founders Gottfrid Svartholm and Fredrik Neij, the website representative Peter Sunde and the website investor Carl Lundström were facing criminal charges related to their involvement with the torrenting site that has proven to be an elusive hub for illegal copyrighted content. The Pirate Bay was Sold to other Investors in 2006 However, the case fell apart when the Pirate Bay's co-founders said that they were not involved in any activity related to the website after they sold it to Re...

The popular instant messaging app WhatsApp might adopt some features from its parent company, Facebook. The messaging giant is testing some new features that might be coming to the app soon. The features include a 'Like' button similar to that of Facebook and a 'Mark as Unread' feature for chat messages, AndroidPit reports . 'Like' Button for Images Ilhan Pektas, WhatsApp beta tester, recently claimed that a future WhatsApp update will introduce a 'Like' button for images, indicating the company might allow users to Like their friend's profile picture and images shared in groups as well. There aren't many details about the new features yet, but if implemented, Like button feature is something that could improve group chats. 'Mark as Unread' Feature to Chats Besides implementing Like button, WhatsApp is also planning to introduce a 'Mark as Unread' feature to chat messages that will offer recipients abil...

Now this is a shockingly dangerous threat when hackers are taking over weapons and missiles. This time I am not talking about weapon systems being hackable, but being HACKED! A German Patriot anti-aircraft missile system stationed on Turkish-Syrian border was reportedly hacked and taken over by an unknown " foreign source " who successfully executed " unexplained commands ." Two Attack Vectors Attacks on the Patriot missiles system were detected when "unexplained" orders were given to the weapons via two supposed weak spots. German trade publication Behörden Spiegel reports that the American-made missile system was accessed either through a Computer Chip that directs weapons guidance or through a Real-Time information exchange that provides communication between arms and commands. The publication speculates that the hackers may have stolen sensitive information and accessed missile control that could result in a missile firing ...