The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ICANN (Internet Corporation for Assigned Names and Numbers) – the organisation responsible for allocating domain names and IP addresses for the Internet – has been hacked , potentially compromising its customers' names, email addresses, hashed passwords, and more. The US-administered non-profit corporation admitted on Wednesday that its server security was breached within the past week and that… …an " unauthorised person " gained access to usernames , email addresses , and encrypted passwords for profile accounts on ICANN.org public website. The organisation believes that the leaked information includes harmless information such as user preferences, public biographies, interests, newsletters, and subscriptions. Less than ten months ago, ICANN was hacked  by a hacker who gained access to its internal system following a spear phishing attack in November last year. Employees were tricked into handing over their credentials after receiving malicious emails...

So you finally upgraded your system to Windows 10 and became one those 70 Million users. No doubt, Windows 10 is the Windows best version released by Microsoft, but you need to know that it does not offer much privacy by default. Windows 10 is making many headlines these days, even it made me to write two detailed articles about Windows 10's most controversial options, i.e. Windows Wi-Fi sense and Windows 10 stealing users' Bandwidth to deliver updates. I noticed over 35 more privacy issues that come enabled by default in Windows 10, which has permission to send your vast amount of data back to Microsoft. While Installation, a click through " Express Settings " allows Windows 10 operating system to gather up your contacts, text and touch input, calendar details, and a lot more, including: Location Data Biometrics and Handwriting data Advertisement and its Tracking Code Apps access to your personal information Windows Defender and Sample subm...

Internet of Things (IoT) with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and putting them all together on a standardised network is a common Internet of Things (IoT) practice. Is Internet of Things Secure? In my previous articles, I gave you a glance of the most vulnerable smart cities that are increasingly adopting devices connected to the Internet in an attempt to add convenience and ease to daily activities. By 2020, there will be more than 45 Billion Internet-connected devices that will transform the way we live and work. The bottom line: As the number of IoT enabled systems increases, the complexity of handling them increases; leading to an introduction of new risk and vulnerabilities associated with them. Security of Internet of...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Poor Android users are facing a terrible, horrible, and awful week. Few days ago, Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use. The report follows another significant Stagefright vulnerability that was revealed by separate researchers, who warned that nearly 950 Million Android phones can be hijacked by sending a simple text message or via malicious Android app or specially crafted web pages. EXPLOIT TO TRAP ANDROID DEVICES IN ENDLESS REBOOTS Now, the security researchers have discovered a dangerous security bug in the Android operating system that they claim can "brick" your phone, making it unresponsive and completely useless. The new vulnerability, CVE-2015-3823 , can be exploited by potential hackers to cause your Android device to endless Reboot, and is similar to the Stagefright bug in that the flaw exists in the 'media...

If you think Apple's Mac computers are much more secure than Windows-powered systems, you need to think again. This isn't true, and security researchers have finally proved it. Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automatically between MacBooks, without any need for them to be networked. Dubbed Thunderstrike 2 , the new proof-of-concept firmware attack is inspired by previously developed proof-of-concept firmware called Thunderstrike. Thunderstrike Attack , developed by security engineer Trammell Hudson, actually took advantage of a vulnerability in Thunderbolt Option ROM that could be used to infect Apple Extensible Firmware Interface (EFI) by allocating a malicious code into the boot ROM of an Apple computer through infected Thunderbolt devices. Thunderstrike 2 Spreads Remotely Although the original Thunderstrike required an attacker to have physical access to your Mac computer to wor...

Hackers have their hands on something of your concern. A severe zero-day vulnerability in the latest, fully patched version of Apple's Mac OS X is reportedly being exploited in the wild by the hackers. The vulnerability could allow attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite) operating system, without requiring victims to enter system passwords , a new report says. The zero-day bug came over a week after security researcher Stefan Esser discovered a privilege escalation zero-day vulnerability in the latest version of Apple's OS X Yosemite that caused due to environment variable DYLD_PRINT_TO_FILE and dynamic linker dyld , new error-logging features added to the operating system. The developers failed to implement standard safeguards that are needed while adding support for new environment variables to the OS X dynamic linker dyld, allowing hackers to create or modify files with root privileges that can fit anywhere i...

Next time just be careful while swiping your credit card at small retailers or trendy stores that use Square Reader to accept credit card payments. The increasingly popular and widely used Square Reader can be easily turned into a skimming device that can be used to steal your credit card data, a group of researchers warned. Square Reader is a tiny device that allows small retailers to easily accept credit and debit card payments without having to spend the money on the traditional point of sale systems. However, despite its convenience, this cheap and easy-to-use alternative has a critical flaw that could allow anyone to easily steal your payment card information. All an attacker need is a screwdriver, superglue, and roughly 10 minutes to turn the latest generation Square Reader into a tiny, portable card skimmer . Converting a New Generation Square Reader into a Card Skimmer? A team of three security researchers from Boston University has discovered a w...

Advanced Persistent Threat (APT) type attacks continue to emerge on a global scale. What makes these attacks deviate from the norm is often the resources required to develop and implement them: time, money, and the knowledge required to create custom pieces of malware to carry out specific, targeted attacks. Operation Lotus Blossom is one of the more recent APT attacks that has been discovered and analyzed. It is an advanced adversary campaign against the mostly government and state-sponsored entities in the Philippines, Hong Kong, Vietnam, and Indonesia. It is thought that this group carried out the attack to gain a geopolitical advantage by stealing specific information from government and military institutions in that area.  At this point, it is still too early to tell if the reach of the attack will extend to the private sector (a la Stuxnet and Duqu). How does the attack work? It was found that Operation Lotus Blossom involved a novel custom-built malw...

Windows 10 is built with the power features of Windows 7 and 8.1, which makes it a robust operating system. It gained 65 million users in the first three days after its release. Still counting and making Windows 10 as a universal platform for all the devices running the same operating system. By Introducing " Windows as a service " utility, The Microsoft is offering Windows 10 Free Upgrade to all the users running Windows 7 or 8.1 as a Windows update, and not as a separate product. From now on, the company will provide regular updates for Windows in the same manner Apple does with its Mac OS X operating system that gets regular updates on a yearly basis and has been known as OS X for over 15 years. Despite some privacy issues , including " Wi-Fi Sense " and " Bandwidth sharing for Windows Update ", and few more, Windows 10 offers a bevy of new and advanced features that makes the operating system unique from others. Also Read: How to Fix 35+ Windows 10 Privacy Iss...

Remember  Mt.Gox ? Once the world's largest Bitcoin exchange… ...then in early 2014, Tokyo-based Mt.Gox Bitcoin exchange filed for bankruptcy saying it lost some 8,50,000 Bitcoins (worth $64 Million) to hackers and suddenly went dark with no explanation. Last Friday, Mark Karpeles , the former CEO of the collapsed Mt.Gox, was arrested by Tokyo Metropolitan Police in connection with the disappearance of Bitcoins worth £247 Million. Police believe Mr. Karpeles had accessed the computer system of the Bitcoin exchange and manipulated the outstanding balance to cover up fraudulent transactions. The company said at the time that 750,000 customers' Bitcoins and another 100,000 belonging to the exchange were stolen due to an unknown vulnerability in the company's software. While he is not yet been charged, the authorities are investigating his involvement in the stealing of Millions of dollars of the Bitcoin virtual currency when the exchange collapsed in 2014. ...

After installing Windows 10, Feeling like your Internet Bandwidth is dropping away? Windows 10 is stealing your network bandwidth. Along with the privacy features related to Wi-Fi Sense , Windows 10 users should check for another hidden by default feature that uses your network bandwidth to share updates with other Windows 10 users across the Internet. Microsoft launched Windows 10 on July 29 and offered a free upgrade to Windows 7,8 and 8.1 users , and for anyone who wants to download it. But, handling millions of simultaneous 3.5GB downloads is quite difficult for the company. So, in order to cope up with the issue, Microsoft has baked a new feature into its latest desktop operating system that uses the torrent-style approach to obtain software updates , allowing Windows 10 users to download updates from other users. Also Read:  How to Fix 35+ Windows 10 Privacy Issues With Just One Click . Windows 10 is Stealing your Internet Bandwidth The feature, kn...

Good news for iOS 8.4 users! The Chinese jailbreaking team TaiG has finally released its long-awaited Untethered Jailbreak tool for Apple's iOS 8.4 mobile operating system for the Mac OS X platform. Yes, TaiG Jailbreak is now officially available for OS X users that will allow you to jailbreak iOS 8.4 on your Mac computer without having to resort to using a virtual machine. In late June, the TaiG team released the Jailbreak tool (.exe) only for Windows version, forcing Macs users to rely on other applications or use Boot Camp to tweak their iOS devices. TaiG Jailbreak for Mac, currently at Mac version 1.0.0, is designed from the ground up to support versions of iOS mobile operating system from 8.1.3 to 8.4. You can download the tool from the project's website. How to JailBreak your Device? The process of jailbreaking the device is so easy; anyone can do it. Download and Install the App Disable 'Find My iPhone' on your device's iCloud settings before p...

T he O nion R outer (Tor) is weeping Badly! Yes, Tor browser is in danger of being caught once again by the people commonly known as " Spies ," who's one and only intention is to intrude into others' network and gather information. A team of security researchers from Massachusetts Institute of Technology (MIT) have developed digital attacks that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy. The Tor network is being used by journalists, hackers, citizens living under repressive regimes as well as criminals to surf the Internet anonymously. A plethora of nodes and relays in Tor network is used to mask its users and make tracking very difficult. Any user when connects to Tor, the connection gets encrypted and routed through a path called a "circuit ." The request first reaches an entry node, also known as a ' Guard ' that knows the actual IP address of the user, and then goes through every ho...

Earlier this week, security researchers at Zimperium revealed a high-severity vulnerability in Android platforms that allowed a single multimedia text message to hack 950 Million Android smartphones and tablets. As explained in our previous article, the critical flaw resides in a core Android component called " Stagefright ," a native Android media playback library used by Android to process, record and play multimedia files. To Exploit Stagefright vulnerability, which is actively being exploited in the wild, all an attacker needed is your phone number to send a malicious MMS message and compromise your Android device with no action, no indication required from your side. Hacking Without Knowing Phone Number But, Now you Don't even require the mobile numbers of your victims to infect their devices, a recent research claimed. In the previously known attack scenario, an attacker can exploit Stagefright vulnerability only against his/her known contact n...

Forget about Financial services and Online shopping websites, but at least we expect from Security Firms and Antivirus vendors to keep our personal and Sensitive data Encrypted and Secured. One of the most popular and much-respected Antivirus and computer security firms 'BitDefender' has recently been hacked and has had a portion of its customer data leaked. The Data Breach in BitDefender is incredibly embarrassing for the security firm, not because the company failed to prevent its customers data from hackers, but because the Security company failed to encrypt its customers' most sensitive data . Now, this is something really not expected from a reputed Security Firm. It appears that the hacker, who uses the online alias DetoxRansome , was able to break into a Bitdefender server that hosted the cloud-based management dashboards for its small and medium-sized business clients, and pilfer usernames and passwords belonged to them. They Forget to Encrypt C...

Just one day after Microsoft released its new operating system, over 14 Million Windows users  upgraded their PCs to Windows 10 . Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away. Even some researchers advised Windows 10 users to rename their Wi-Fi access points. Before discussing the risks of Wi-Fi Sense, let's first know how it works. Also Read:  How to Fix 35+ Windows 10 Privacy Issues With Just One Click . How Windows 10 Wi-Fi Sense works? Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to netwo...