The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Don't panic! You heard it right. A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub . The Ransomware dubbed Hidden Tear , uses AES Encryption to lock down files before displaying a ransom message warning to get users to pay up. The currently undetectable version of ransomware can be modified and implemented accordingly, as it contains every feature a cybercriminal can expect from modern malware. Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people. The Hidden Tear — Free Ransomware Kit The " Hidden Tear " Ransomware package consists of four files namely: Hidden-Tear-Decrypter Hidden-Tear .gitignore README.md Hidden Tear Ransomware is capable of : Using AES algorithm to encrypt files Sendi...

Well, Cheaters are about to have a very Bad Night Today! Hackers who claimed to have stolen customers' data from Ashley Madison , the popular online casual sex and cheating website with a tagline " Life is short. Have an affair ," recently leaked nearly 10GB of its users' personal data online. The group of hackers, which called itself The Impact Team , has reportedly leaked personal data of Ashley Madison customers on the so-called dark web, meaning the data is accessible anyone on encrypted browsers. The leaked data includes personal details of nearly 36 Million Ashley Madison customers' accounts , which includes: Username First and Last Names Email addresses Hashed passwords Partial Credit Card data Street Names Phone Numbers Records documenting 9.6 Million Credit Card Transactions No Mercy for You Cheaters! The Impact Team stole the data  from the popular cheating website last month and threatened the company to reveal all a...

World's largest hardware supplier of mainframe computers IBM (International Business Machine) Corp. has launched two mainframe servers that run only on Linux operating system. IBM used RAS as a term to describe the strength of the mainframe computers; RSA stands for R eliability, A vailability, and S erviceability. However, IBM has now added a new feather to its mainframe servers in an effort to increase the open source software combined with mainframe hardware RAS. Dubbed LinuxONE , the new mainframe servers comes with two different flavors: LinuxONE Emperor for large enterprises and runs on the IBM z13 LinuxONE Rockhopper designed for mid-size businesses The IBM LinuxONE Emperor is capable of ultimate flexibility, scalability, performance and trust for business critical Linux applications whereas… The IBM LinuxONE Rockhopper offers all the same great capabilities, value and innovation of LinuxONE system with the flexibility of a small package with g...

If you are one of those 70 Million users who have upgraded their systems to the newest Windows 10 operating system, Microsoft could be scanning your PC for pirated games and unauthorized hardware . Almost three weeks have passed after the worldwide launch of Windows 10, Millions of users have upgraded their systems to the Microsoft's latest operating system.  However, we have seen many privacy concerns around the new OS, including: Turned ON bandwidth sharing to distribute updates to other Windows 10 users Default settings sending users' data to Microsoft servers Wi-Fi password sharing feature i.e. Windows Wi-Fi Sense enabled Forcing Automatic software updates for Windows 10 Also Read: How to Fix 35+ Windows 10 Privacy Issues With Just One Click Unlike at first glance, these changes made by Microsoft in its new Free Windows upgrade do not actually felt free to its users due to a lack of transparency from the company about the reality of the new ...

"Android M will be Muffin?, or Mango shake?, Milkshake?, Malt ball?, Moon Pie?, Macaroon?, or is it Mars?, Marshmallow?"... …this was the guessing game that occupied most of us when Google created a suspense three months ago, at the launch of the Android M Developer Preview at Google I/O in May. Much awaited Android M is named as ' Marshmallow '; it is the thirteenth Google's Android operating system. Google revealed the 'Marshmallow' by following its ritual of keeping the statue of Android robot with a Marshmallow in his hand. Google has maintained its tradition of naming the dominant mobile Android operating system by the names of sugary delights, starting from: Cupcake Donut Eclair Froyo Gingerbread Honeycomb Ice Cream Sandwich Jelly Bean KitKat Lollipop Official Android 6.0 SDK Available for Download After the final Developer Preview, the official Android 6.0 Software Developer Toolkit (SDK) is now available for d...

Two weeks ago, we reported about a critical mediaserver vulnerability that threatened to crash more than 55 percent of Android devices, making them unresponsive and practically unusable to perform most essential tasks. Now, security researchers at Trend Micro have uncovered another flaw in the Android's mediaserver component that could be remotely exploited to install malware onto a target device by sending a specially crafted multimedia message. The vulnerability ( CVE-2015-3842 ) affects almost all the versions of Android devices from Android 2.3 Gingerbread to Android 5.1.1 Lollipop, potentially putting hundreds of Millions of Android devices open to hackers. Since Google has patched this issue, but hopefully the patch issued by Google this time isn't incomplete like its patch for the Stagefright vulnerability that affects 950 Million Android devices worldwide. How the Vulnerability Works? The security flaw involves a mediaserver component called Aud...

A flaw discovered in several widely used BitTorrent applications, including uTorrent, Vuze and Mainline , could be used to carry out a devastating distributed denial of service (DDoS) attack that makes it very easy for a single undetectable hacker to bring down large sites. A new research by Florian Adamsky of the City University London shows that open BitTorrent protocol can be exploited to carry out Distributed Reflective Denial of Service (DRDoS) attacks . The bitTorrent protocol is a file-sharing protocol used by Millions of active online users at any given point in the day to exchange files over the Internet. DRDoS attack is a more sophisticated form of conventional DDoS attack where open and misconfigured DNS (Domain Name System) can be used by anyone to launch high-bandwidth DDoS attacks on target websites. In a paper , titled " P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks ," the resea...

Previously, we posted about a privacy issue in Facebook messenger ; Aran Khanna , a Harvard University student, discovered ' A Marauder's Map ' that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook… …But destiny had planned something else for him, as after publicly stating the risk associated with the app; Facebook withdrew his candidature as a summer intern. Why Facebook Fired Him? Khanna himself confessed to be an avid user of the Facebook Messenger app , as it is an integral part of his social life. However, one day, while going through his chat history he found that a location is attached to each message he has sent and received from his device. Also, the location is shared with the ' power of default ' even if you choose to turn the location sharing option off. This made him look for the complete inside story, which brought him to a strange thing while writing the...

Wanna hack someone's Android smartphone by sending just an MMS message? Yes, you can, because Google's patch for the Stagefright vulnerability in hundreds of Millions of Android devices is BUGGY. Last week, Google issued an official patch for Stagefright vulnerability that affects 95 percent of Android devices running version 2.2 to version 5.1 of the operating system, an estimated 950 Million Android devices in use worldwide. But, the patch is so flawed that hackers can still exploit the Stagefright vulnerability (CVE-2015-3824) anyways. "The [original] patch is four lines of code and was (presumably) reviewed by Google engineers prior to shipping," researchers at Exodus Intelligence wrote in a blog post published Thursday. "The public at large believes the current patch protects them when it, in fact, does not." Buggy Patch Issued by Google The patch doesn't fix the vulnerability, allowing booby-trapped MP4 videos that supplied...

Are you a proud owner of a Smartwatch, a Smart TV , a Smart fridge, a Smart lock, an Internet-enabled car , or live in a smart city? Caution! Recently, it has been reported that the growth of the Internet of Things would eventually lead to cyber criminals in making lots of money, as they started attacking the Internet of Things for Ransom. Yes, the latest Interest of the cyber criminals in the field of Internet of Things is ' Ransomware '. Internet of Things (IoT) such as Android and iOS-based wearable Smartwatches and the concept of connected homes has now given a treat to the current generation Ransomware. With the advancements in Technology, cyber criminals are simultaneously promoting themselves from the threat known for restricting computers or encrypting files and asking users for money in return for gaining back access to their systems. From computers to mobile phones, now criminals are targeting the IoT and the wearables devices. Security resea...

In our previous articles, we raised concern about Windows 10 privacy issues , including its controversial Wi-Fi Sense feature . Also, to cope up with these issues, I provided you a one-click solution to fix  all privacy compromising features that allow Microsoft to track users. But unfortunately, all those efforts got wasted because Microsoft still tracks you, even after you harden your Windows 10 privacy to an extreme level by disabling all privacy-infringing settings. This time the culprits are – Cortana and Bing search . Windows 10 features, including Cortana and Bing search, continue communicating with Microsoft's servers and sending it data, even after you turned the features off. A Technical Analysis done by Ars showed that even when you tell Microsoft to not to make any Internet-related inquiries by changing various privacy settings, it appears that Windows 10 still communicate with the software giant's servers for different information. Cortana ...

Facebook User: Who Can Find Me...? Hacker: Yes, I CAN!! A Security Researcher claimed " digi-crims could easily scan the population of an entire country to find targets ". Reza Moaiandin , technical director at Salt Agency, has figured out a way to exploit an important Facebook feature to gather personal data belonging to the users. Facebook Privacy Setting That Makes Your Identity Vulnerable If you pay attention to the security settings in your Facebook profile, you will find a privacy setting that says ' Who can look me up? ', or " Who can look you up using the phone number you provided? " which has been set to ' Everyone ' by default. This configuration allows you to search anyone just by entering his or her phone number; as a result, the search box in Facebook will display the profile of that person. But, Can you imagine, How Cybercriminals can take advantage of this crucial privacy blunder? By exploiting this default feature with a sim...

Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware . One of the most popular Chinese computer manufacturers 'Lenovo' has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells. The feature is known as " Lenovo Service Engine " (LSE) – a piece of code presents into the firmware on the computer's motherboard.  If Windows is installed, the LSE automatically downloads and installs Lenovo's own software during boot time before the Microsoft operating system is launched, overwriting Windows operating system files. More worrisome part of the feature is that it injects software that updates drivers, firmware, and oth...

In the month of February 2015, second generation Raspberry Pi was made available and was commonly known as Raspberry Pi 2 . Buzz was that Windows 10 will be supporting the hardware for its compatibility with the smart objects, popularly known as the ' Internet of Things '. So, finally the Free version of Windows 10 for Raspberry Pi 2 is here. On Monday, public release of Microsoft's Windows 10 for IoT Core, offering support for the Raspberry Pi 2 and the Minnowboard Max , was made available. Microsoft's goal of spreading Windows 10 to a Billion user is going to get fulfilled with this specially trimmed edition for small and embedded devices, that may or may not have screens. Also for devices with screens, Windows 10 IoT Core operating system does not have a Windows shell experience; rather you can write a Universal Windows app that is the interface and 'personality' for your device. It's neither the Windows, as we already are familiar with, nor a substitut...

Updated your PCs to Windows 10 ? Now it's time to patch your Windows 10 software. Microsoft has issued its monthly Patch Tuesday by releasing 14 security bulletins , nearly half of it address vulnerabilities in its latest operating system, Windows 10. Four of them are marked critical, affecting Windows, .Net Framework, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Silverlight and Edge Browser . Yes, the critical update includes even Edge browser – Microsoft's newest and supposedly super-secure web browser. Windows users are advised to patch their system as soon as possible because the security flaws can be remotely exploited to execute malicious code on vulnerable systems, allowing hackers to install malware and take full control of systems. Most Critical Security Updates: MS15-079 – The critical update fixes a total of 10 privately disclosed flaws in Internet Explorer. Most of these flaws allow a hacker to execute malicious code on v...

Offensive Security , the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of  Kali Linux 2.0 . Kali Linux 2.0 (Codename 'Kali Sana') , an open-source penetration testing platform brings hundreds of Penetration Testing, Forensics, Hacking and Reverse Engineering tools together into a Debian-based Linux distribution. Kali Linux 2.0 offers a redesigned user interface for streamlined work experience, along with a new multi-level menus and tool categories options. Kali Linux 2.0 is now a rolling distribution, means users will receive tools and core system updates frequently. Kali Linux 2.0 Features: Runs on Linux kernel 4.0,  use full Gnome 3 Desktop instead of gnome-fallback,  improved hardware and wireless driver coverage,  support for a variety of Desktop Environments,  updated desktop environment and tools,  Featuring new cutt...

After the release of Windows 10 , Millions of Windows 7, 8 and 8.1 users have upgraded their systems to Windows 10. Thanks to Microsoft's free system update. Windows 10 inbuilt rollback vs. EaseUS System GoBack Microsoft even offers Windows users with an opportunity to downgrade their computer to their previous version of operating system after an upgrade, but the opportunity lasts for only 30 days. This is really cool, but what if you upgraded your system to Windows 10 , used it for more than a month and then realized that it's hard for you to adopt? Now, How do you get your favorite Windows version back? You don't need to go through that lengthy procedure of downloading and installing the old Windows again to downgrade your system to the previous version. I have a better and an easy solution to your problem. You can now quickly go back to your previous Windows Operating System and restore all your old applications & games with just one click. Tha...