The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

We are once again here with our weekly round up based on last week's top cyber security threats and challenges. I recommend you to read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: 1. Reminder! If You have not yet, Turn Off Windows 10 Keylogger Now Microsoft is very powerful in tracking every single word you type or say to its digital assistant Cortana using its newest Windows 10 operating system. The keylogger that Microsoft put in the  Technical Preview of Windows 10  last fall made its way to  Windows 10 Free  public release first rolled out back in July. Besides various  Windows 10 privacy issues , there is a software component that is a bit more complicated than you thought. It tracks your inputs using: Keyboard Voice Screen Mouse Stylus Information about your Calendar and Contacts If this keylogger, which is more than just a keylogger, makes yo...

Yes, you heard it correct! First the Password Cracking Team 'CynoSure Prime'  cracked more than 11 Million Ashley Madison's passwords in just 10 days ( quite an achievement, though ), now a member of the team shares the same list of passwords with few calculations. The calculations are... ... What passwords are mostly used and by how many users? Terrible? Out of 11 million passwords, only 4.6 million passwords were unique, and the rest were such weak and horrible ones that one could even think. ArsTechnica to whom CynoSure Prime updated the news published the calculations and say that this is expected to change as they still left with 3.7 million passwords to decrypt. While going through the list of password, top 5 used were: 123456 by 120511 users 12345 by 48452 users password by 39448 users DEFAULT by 34275 users 123456789 by 26620 users for more s ee the list of passwords in above image. AND, Even a 5th grader can literally guess t...

Apple iOS 9 , codenamed Monarch , will be available to the world on September 16th. While most of the upgrades on iOS 9 focus on making devices: Faster Smarter Secure and more efficient. Today we are going to discuss the improved Two-Factor Authentication (2FA) pumped within the new iOS operating system. WHAT'S NEW AND HOW IT WORKS Apple has strengthened the foundation of iOS 9 and further of your device by modifying the operating system with an improved two-factor authentication built into it. As the two-factor authentication structure lies within the operating system, this makes the device's Apple ID even harder to break. 2FA secures your Apple ID by acting as an additional support to protect your data on your device, preventing any intrusion to occur on your device. Also, when you have more than one devices running Apple's operating system, 2FA enables sign-in on a new device in a streamlined manner… ...Besides verifying your identi...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Your device's lock screen PIN is believed to keep your phone's contents safe from others, but sadly not from a new piece of ransomware that is capable of hijacking safety of your Android devices . A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their own smartphone or tablet. This Android PIN-locking ransomware, identified as Android/Lockerpin.A , changes the infected device's lock screen PIN code and leaves victims with a locked mobile screen, demanding for a $500 (€450) ransom . Here's the Kicker: Since the lock screen PIN is reset randomly, so even paying the ransom amount won't give you back your device access, because even the attackers don't know the changed PIN code of your device , security researchers at Bratislava-based antivirus firm ESET warn . LockerPIN , as dubbed by the researchers,...

Yesterday we reported you that Microsoft is auto-downloading Windows 10 installation files — between 3.5GB and 6GB — onto users' PCs even if they have not opted into the upgrade. Microsoft plans to deploy Windows 10 on over 1 Billion devices worldwide, and this auto-downloading Windows 10 could be one of its many strategies to achieve its goal. The company has dropped and saved a hidden $Windows.~BT folder on your PC's main drive (C drive), if you are running Windows 7 or Windows 8.1 . The bottom line is: Many Windows users are on limited or metered Internet connections. As Microsoft is not only consuming storage space but also using user's Internet bandwidth for large unrequested files, as the Windows 10 installer downloads up to 6 gigabytes. So, here are some methods that you can use to stop Microsoft from automatically downloading Windows 10 installation files. Method 1 This method is applicable for both Windows 7 and Windows 8.1 us...

Microsoft wholeheartedly wants you to upgrade to Windows 10. So much that even if you have not opted-in for Windows 10 upgrade, you will get it the other way. Surprised? If you have Windows Update enabled on your PCs running Windows 7 or Windows 8.1, you'll notice a large file — between 3.5GB and 6GB — mysteriously been downloaded to your computer in the background. The huge file is actually linked to Windows 10 installation that Microsoft is reportedly downloading on Windows 7 and Windows 8.1 computers even if users have not opted into the upgrade. The news comes days after it was disclosed that Microsoft is installing Windows 10's data collecting and user behavior tracking features onto Windows 7 and 8.1 machines. With this latest automatic Windows 10 installation, Microsoft is not only consuming your storage space but also using your Internet bandwidth for unrequested files, as the Windows 10 installer downloads up to 6 gigabytes, depending on which Wind...

Zimperium Mobile Security Labs (zLabs) have been working hard to make Android operating system more safe and secure to use. Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit , demonstrating the process of Remote Code Execution (RCE) by an attacker. The released exploit is a python code creating an MP4 exploiting the 'stsc' vulnerability dubbed Stagefright. The purpose behind the release is to put penetration testers and security researchers to test and check the vulnerability of the code and analyze the results. Considered as the most critical flaw among all the existing vulnerabilities; the Stagefright flaw is capable of revealing user's information remotely by injecting malicious code, even without any involvements of the user. Two months ago, Zimperium Labs uncovered multiple vulnerabilities in 'libstagefright,' a service attached with the software-based codecs natively in Android smartphones for media playback. The vulnera...

Health Care Hacks  —   the choice of hackers this year! In a delayed revelation made by Excellus BlueCross BlueShield (BCBS) ,   which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides finance and health care services across upstate New York and long-term care insurance nationwide. On August 5, 2015, Excellus BCBS discovered that the hackers targeted their IT systems back in December 2013, initiating a sophisticated attack to gain access to their systems and record client's personal data. The Compromised Data includes: Social Security Number (SSN) Date of birth Mailing address Telephone number Member identification number Financial account information Claims information Did they forget something?...It seems everything is gone! Moreover, it's been two years Excellus systems were open to the hackers. So, what the company was doi...

Good News for Jailbreakers! Just within 24 Hours after the launch of iOS 9 at Apple's Annual Event, a well-known iOS hacker has managed to untether jailbreak iOS 9. That's quite impressive. Believe it, iOS 9 has been Jailbroken! A reputed hacker ' iH8sn0w ', who previously developed the popular jailbreak tools like Sn0wbreeze and P0sixspwn , published a new YouTube video last night, demonstrating the first untethered jailbreak for the yet-unreleased iOS 9 . Apple plans to publicly release its latest iOS 9 software update for all supported devices on 16th September while the company has already made the Gold Master seed of the software available to developers. Untethered Jailbreak for iOS 9 iH8sn0w has jailbroken his iPhone 5 running the iOS 9 GM seed . The jailbreak is an untethered – a jailbreak where your devices don't require any reboot every time it connects to an external device capable of executing commands on the device. You ...

Here're a good news and bad news for you. The good news is that if you lose the keys for your TSA-compliant "Travel Sentry" luggage locks then you can just 3D print your very own TSA master keys. The bad news is that anyone can now 3D print their own master keys to open your bags. Yes, the security of 300 Million TSA-approved Travel Sentry luggage locks has been compromised , and now anyone with a 3D printer can unlock every single TSA-approved padlocks. Thanks to a security blunder by the American government agency. A security researcher with online moniker " Xyl2k " published the 3D printing files for a range of master keys with blueprints to GitHub , allowing anyone to 3D print his or her own copies of TSA-approved locks—the ones the authorities can unlock with their keys during airport inspections. How did the Researcher get the Print? A story about the " Secret Life " of Baggage in the hands of the US Transportation Securi...

Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website ' Ashley Madison ', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted . But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password Cracking Group, which calls itself CynoSure Prime , has cracked more than 11 Million user passwords just in the past 10 days, not years. Yes, the hashed passwords that were previously thought to be cryptographically protected using Bcrypt, have now been cracked successfully. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to brute-force all of the Ashley Madison account passwords. How do they Crack Passwords? The Password cracking team identified a weakness after reviewing the leaked data, which included u...

A group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat) is hijacking commercial satellites to hide command-and-control operations, a security firm said today. Turla APT group, which was named after its notorious software Epic Turla , is abusing satellite-based Internet connections in order to: Siphon sensitive data from government, military, diplomatic, research and educational organisations in the United States and Europe. Hide their command-and-control servers from law enforcement agencies. Despite some of its operations were uncovered last year, Turla APT group has been active for close to a decade, while remaining invisible by cleverly hiding from law enforcement agencies and security firms. Now, security researchers from Moscow-based cyber security firm Kaspersky Lab claim to have identified the way Turla APT group succeeded in hiding itself. The researchers said the group disguised itself by using commercial satellite Internet ...

With Launch of Galaxy S6 and Galaxy S6 Edge , Samsung was the first one to bring 4GB RAM access in the Android mobile phones; with Samsung Note 5 and the current OnePlus 2 carrying the same RAM capacity. Now, today Samsung has again taken the technology a step further with the launch of 12GB LPDDR4 ( low power, double data rate 4 ) DRAM Chip that will offer 6GB RAM for the upcoming Next Generation Smartphones and tablets. The latest DRAM chip version 12 comes with such technology that accelerates: Advanced 20-nanometer (nm) Process Technology 30% fast speed than the previous 8GB LPDDR4 20% Less energy consumption Increased Manufacturing productivity to 50% The next generation mobile phones are supposed to be equipped with the new mobile DRAM chip enabling increased capacity and fastest speed with simultaneously providing essentials (for building a smarter mobile device) such as: Excellent energy efficiency Reliability Ease of design Smooth multitasking Better pe...

Ever wonder, How can you Track your Stolen Smartphone , Laptop or any Smart Device? ...With IMEI Number? ...Or IP address? ...Or may be some special types of equipment? Well, Not required, because now it is possible to track stolen devices just by scanning their MAC addresses. Yes, Just MAC addresses, which is assigned to each device on a unique basis by the IEEE, but crooks can modify it in an attempt to hide the origin of the stolen device. But given the people's practice to never notice the MAC address of their mobile phone, tablet, laptop, desktop, smart TV, smart refrigerator, or broadband router, MAC addresses can be used to track stolen electronics. This exactly is what an Iowa City cop wants to do.  How Police Can Track Stolen Devices? According to Gazette, an Iowa police officer David Schwindt has developed a sniffing software that helps police find more stolen properties. The software, Schwindt dubbed L8NT (short for Latent analysi...

With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are r...

WhatsApp recently claimed to have hit 900 Million monthly active users , but a dangerous security flaw in the web version of the popular instant messaging app puts up to 200 Million of its users at risk . Yes, the web-based extension of WhatsApp is vulnerable to an exploit that could allow hackers to trick users into downloading malware on their computers in a new and more sophisticated way. WhatsApp made its web client, WhatsApp Web , available to iPhone users just last month, after first rolling out its web-based instant messaging service for Android, Windows and BlackBerry Phone earlier in the year. Similar to Facebook Messenger, WhatsApp Web is an effective way to experience the mobile app in a web browser, allowing you to view all of the conversations you have made with your friends – including images, audio files, videos, GPS location and contact cards – straight on your PCs. However, a security flaw discovered by Check Point's security researcher Kasif...