The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Your device's lock screen PIN is believed to keep your phone's contents safe from others, but sadly not from a new piece of ransomware that is capable of hijacking safety of your Android devices . A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their own smartphone or tablet. This Android PIN-locking ransomware, identified as Android/Lockerpin.A , changes the infected device's lock screen PIN code and leaves victims with a locked mobile screen, demanding for a $500 (€450) ransom . Here's the Kicker: Since the lock screen PIN is reset randomly, so even paying the ransom amount won't give you back your device access, because even the attackers don't know the changed PIN code of your device , security researchers at Bratislava-based antivirus firm ESET warn . LockerPIN , as dubbed by the researchers,...

Yesterday we reported you that Microsoft is auto-downloading Windows 10 installation files — between 3.5GB and 6GB — onto users' PCs even if they have not opted into the upgrade. Microsoft plans to deploy Windows 10 on over 1 Billion devices worldwide, and this auto-downloading Windows 10 could be one of its many strategies to achieve its goal. The company has dropped and saved a hidden $Windows.~BT folder on your PC's main drive (C drive), if you are running Windows 7 or Windows 8.1 . The bottom line is: Many Windows users are on limited or metered Internet connections. As Microsoft is not only consuming storage space but also using user's Internet bandwidth for large unrequested files, as the Windows 10 installer downloads up to 6 gigabytes. So, here are some methods that you can use to stop Microsoft from automatically downloading Windows 10 installation files. Method 1 This method is applicable for both Windows 7 and Windows 8.1 us...

Microsoft wholeheartedly wants you to upgrade to Windows 10. So much that even if you have not opted-in for Windows 10 upgrade, you will get it the other way. Surprised? If you have Windows Update enabled on your PCs running Windows 7 or Windows 8.1, you'll notice a large file — between 3.5GB and 6GB — mysteriously been downloaded to your computer in the background. The huge file is actually linked to Windows 10 installation that Microsoft is reportedly downloading on Windows 7 and Windows 8.1 computers even if users have not opted into the upgrade. The news comes days after it was disclosed that Microsoft is installing Windows 10's data collecting and user behavior tracking features onto Windows 7 and 8.1 machines. With this latest automatic Windows 10 installation, Microsoft is not only consuming your storage space but also using your Internet bandwidth for unrequested files, as the Windows 10 installer downloads up to 6 gigabytes, depending on which Wind...

Zimperium Mobile Security Labs (zLabs) have been working hard to make Android operating system more safe and secure to use. Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit , demonstrating the process of Remote Code Execution (RCE) by an attacker. The released exploit is a python code creating an MP4 exploiting the 'stsc' vulnerability dubbed Stagefright. The purpose behind the release is to put penetration testers and security researchers to test and check the vulnerability of the code and analyze the results. Considered as the most critical flaw among all the existing vulnerabilities; the Stagefright flaw is capable of revealing user's information remotely by injecting malicious code, even without any involvements of the user. Two months ago, Zimperium Labs uncovered multiple vulnerabilities in 'libstagefright,' a service attached with the software-based codecs natively in Android smartphones for media playback. The vulnera...

Health Care Hacks  —   the choice of hackers this year! In a delayed revelation made by Excellus BlueCross BlueShield (BCBS) ,   which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides finance and health care services across upstate New York and long-term care insurance nationwide. On August 5, 2015, Excellus BCBS discovered that the hackers targeted their IT systems back in December 2013, initiating a sophisticated attack to gain access to their systems and record client's personal data. The Compromised Data includes: Social Security Number (SSN) Date of birth Mailing address Telephone number Member identification number Financial account information Claims information Did they forget something?...It seems everything is gone! Moreover, it's been two years Excellus systems were open to the hackers. So, what the company was doi...

Good News for Jailbreakers! Just within 24 Hours after the launch of iOS 9 at Apple's Annual Event, a well-known iOS hacker has managed to untether jailbreak iOS 9. That's quite impressive. Believe it, iOS 9 has been Jailbroken! A reputed hacker ' iH8sn0w ', who previously developed the popular jailbreak tools like Sn0wbreeze and P0sixspwn , published a new YouTube video last night, demonstrating the first untethered jailbreak for the yet-unreleased iOS 9 . Apple plans to publicly release its latest iOS 9 software update for all supported devices on 16th September while the company has already made the Gold Master seed of the software available to developers. Untethered Jailbreak for iOS 9 iH8sn0w has jailbroken his iPhone 5 running the iOS 9 GM seed . The jailbreak is an untethered – a jailbreak where your devices don't require any reboot every time it connects to an external device capable of executing commands on the device. You ...

Here're a good news and bad news for you. The good news is that if you lose the keys for your TSA-compliant "Travel Sentry" luggage locks then you can just 3D print your very own TSA master keys. The bad news is that anyone can now 3D print their own master keys to open your bags. Yes, the security of 300 Million TSA-approved Travel Sentry luggage locks has been compromised , and now anyone with a 3D printer can unlock every single TSA-approved padlocks. Thanks to a security blunder by the American government agency. A security researcher with online moniker " Xyl2k " published the 3D printing files for a range of master keys with blueprints to GitHub , allowing anyone to 3D print his or her own copies of TSA-approved locks—the ones the authorities can unlock with their keys during airport inspections. How did the Researcher get the Print? A story about the " Secret Life " of Baggage in the hands of the US Transportation Securi...

Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website ' Ashley Madison ', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted . But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password Cracking Group, which calls itself CynoSure Prime , has cracked more than 11 Million user passwords just in the past 10 days, not years. Yes, the hashed passwords that were previously thought to be cryptographically protected using Bcrypt, have now been cracked successfully. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to brute-force all of the Ashley Madison account passwords. How do they Crack Passwords? The Password cracking team identified a weakness after reviewing the leaked data, which included u...

A group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat) is hijacking commercial satellites to hide command-and-control operations, a security firm said today. Turla APT group, which was named after its notorious software Epic Turla , is abusing satellite-based Internet connections in order to: Siphon sensitive data from government, military, diplomatic, research and educational organisations in the United States and Europe. Hide their command-and-control servers from law enforcement agencies. Despite some of its operations were uncovered last year, Turla APT group has been active for close to a decade, while remaining invisible by cleverly hiding from law enforcement agencies and security firms. Now, security researchers from Moscow-based cyber security firm Kaspersky Lab claim to have identified the way Turla APT group succeeded in hiding itself. The researchers said the group disguised itself by using commercial satellite Internet ...

With Launch of Galaxy S6 and Galaxy S6 Edge , Samsung was the first one to bring 4GB RAM access in the Android mobile phones; with Samsung Note 5 and the current OnePlus 2 carrying the same RAM capacity. Now, today Samsung has again taken the technology a step further with the launch of 12GB LPDDR4 ( low power, double data rate 4 ) DRAM Chip that will offer 6GB RAM for the upcoming Next Generation Smartphones and tablets. The latest DRAM chip version 12 comes with such technology that accelerates: Advanced 20-nanometer (nm) Process Technology 30% fast speed than the previous 8GB LPDDR4 20% Less energy consumption Increased Manufacturing productivity to 50% The next generation mobile phones are supposed to be equipped with the new mobile DRAM chip enabling increased capacity and fastest speed with simultaneously providing essentials (for building a smarter mobile device) such as: Excellent energy efficiency Reliability Ease of design Smooth multitasking Better pe...

Ever wonder, How can you Track your Stolen Smartphone , Laptop or any Smart Device? ...With IMEI Number? ...Or IP address? ...Or may be some special types of equipment? Well, Not required, because now it is possible to track stolen devices just by scanning their MAC addresses. Yes, Just MAC addresses, which is assigned to each device on a unique basis by the IEEE, but crooks can modify it in an attempt to hide the origin of the stolen device. But given the people's practice to never notice the MAC address of their mobile phone, tablet, laptop, desktop, smart TV, smart refrigerator, or broadband router, MAC addresses can be used to track stolen electronics. This exactly is what an Iowa City cop wants to do.  How Police Can Track Stolen Devices? According to Gazette, an Iowa police officer David Schwindt has developed a sniffing software that helps police find more stolen properties. The software, Schwindt dubbed L8NT (short for Latent analysi...

With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are r...

WhatsApp recently claimed to have hit 900 Million monthly active users , but a dangerous security flaw in the web version of the popular instant messaging app puts up to 200 Million of its users at risk . Yes, the web-based extension of WhatsApp is vulnerable to an exploit that could allow hackers to trick users into downloading malware on their computers in a new and more sophisticated way. WhatsApp made its web client, WhatsApp Web , available to iPhone users just last month, after first rolling out its web-based instant messaging service for Android, Windows and BlackBerry Phone earlier in the year. Similar to Facebook Messenger, WhatsApp Web is an effective way to experience the mobile app in a web browser, allowing you to view all of the conversations you have made with your friends – including images, audio files, videos, GPS location and contact cards – straight on your PCs. However, a security flaw discovered by Check Point's security researcher Kasif...

Until today, there existed such Fingerprint Biometric Readers that required your touch to authenticate yourself as an authorized person. However, the latest research shows that the future of fingerprint scanners lies in a " no-touch " activity by an individual for gaining access. Recently, NIST ( National Institute of Standards and Technology ) has funded a number of startup and companies to develop touchless Fingerprint readers. The Contactless Biometric Technology requires the person's presence, but from meters away. As the fingerprint scanners can sense and read your fingerprint information while you are standing few meters away from the scanner. Contactless Fingerprint Scanners: Fast and Time Saving The touch-free technology is such where authentication is done with a faster speed, saving time while giving importance to hygiene when compared to conventional biometric devices. Imagine a situation, where there's a long queue and to pass through biometric fingerprint...

Do you know? Microsoft has the power to track every single word you type or say to its digital assistant Cortana while using its newest operating system, Windows 10 . Last fall, we reported about a ' keylogger ' that Microsoft openly put into its Windows 10 Technical Preview saying the company 'may collect voice information' as well as 'typed characters.' It was thought that the company would include the keylogger only within the Technical Preview of Windows 10, just for testing purpose. But, the thought was Wrong! The keylogger made its ways to Windows 10 public release offered by Microsoft for free due to which Windows 10 gained millions of adoption in just a few days after its first roll out back in July – but the free upgrade is not always free. Also Read:   Tip — Installing Windows 10‬? Fix 35+ Privacy Issues With Just One Click Yes, besides various privacy issues , there is a software component that tracks your inputs using your k...

How difficult is for hackers to take over your personal photographs? They just need to trick you to download an app, or may be a Porn app . Yes, if you are one of those who can't resist watching porn then you could be an easy target for hackers who are distributing ransomware via malicious pornography app to run you out of your money. A pornography application for Android called Adult Player that promises free pornographic videos has been caught taking photographs of users and then extorting them for ransom ( Cyber Extortion ). Once installed, Adult Player gains administrator access to the victim's device, which then allows it to load malicious ransomware files. When Hackers Turn to Blackmail: Demands $500 Ransom When a user opens the app, Adult Player secretly takes photos of the user with the help of front-facing camera and then demands a $500 (£330) ransom in order to restore the device access and delete all photos stored on attackers server. ...

In Part I of this  two-part series from The Hacker News , the First Four list of Top Brutal Cyber Attacks shows that whoever you are, Security can never be perfect. As attackers employ innovative hacking techniques and zero-day exploits, the demand for increased threat protection grows. In this article, I have listed another three cyber attacks, as following: #5 Car Hacking Driving a car is a network's game now! ' Everything is hackable ,' but is your car also vulnerable to Hackers ? General Motors' OnStar application and cars like Jeep Cherokee, Cadillac Escalade, Toyota Prius, Dodge Viper, Audi A8 and many more come equipped with more advanced technology features. These cars are now part of the technology very well known as the " Internet of Things ". Recently two Security researchers, Chris Valasek and Charlie Miller demonstrated that Jeep Cherokee could be hacked wirelessly over the internet to hijack its steering, brakes, and transmi...