The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The OPM Data Breach  ( Office of Personnel Management ) is getting even worse than we thought. We already know more than 21 Million current and former federal employees had their personal and highly sensitive private information hijacked in a massive data breach that affected Defense Department's OPM. But, now it has been revealed that the hackers have made off a lot more than just names, residential addresses, and social security numbers of the US government employees. And it's the unique and all time constant identity – The Fingerprints . 5.6 MILLLLLION Fingerprints Breached The US officials on Wednesday admitted that nearly 5.6 Million Fingerprints of its federal employees were also stolen in the massive data breach took place in April this year. The OPM, the US government agency that handles all federal employee data, had previously reported that some 1.1 Million Fingerprints were stolen. However, this figure has now been increased to 5.6 Million. L...

Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player. The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday. Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them. Critical Vulnerabilities These 18 security vulnerabilities, all deemed highly critical, are as follows: Type Confusion Vulnerability (CVE-2015-5573) Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682) Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678) Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2...

You may call this a misleading headline. Right? Yes, it's True. And I apologize for this. But… ...before someone else tricks you to visit any malicious link with intent to hijack your Computer or to Hack Facebook Profile , I just tricked you to visit this ' WARNING ' article about Facebook Scam of the Dislike button. Facebook Scam: Get Facebook Dislike Button Facebook users are being targeted in a new scam that takes advantage of the recent widely publicized announcement by Facebook CEO Mark Zuckerberg that a ' Facebook Dislike Button ' is in development. Zuckerberg said that there're obvious moments in life or bad fortunes where people do not want to "like" posts and wants to express their empathy. He also confirmed that the social network giant was working on such technology but didn't say that it's actually a " Dislike. " The much-vaunted " Dislike " or "empathy" feature has not rolled out ju...

A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-down button, then you are dead wrong. Why Not Thumbs-Down? Because: … The Dislike Concept will lead to more bad behavior than good — vitriol or bullying or worse. Facebook's founder Mark Zuckerberg says, " We didn't want to just build a Dislike button because we don't want to turn Facebook into a forum where people are voting up or down on people's posts. " So what will this Dislike or Empathy button look like? Instead of a simple thumbs down to express disapproval or pity, it could be as simple as Emojis. Yes, Emojis reaction ( Emoticons ) Faces. A ' two-years old ' Patent filed by Facebook uncovered how the new feature might work. The Patent illustr...

Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that... ...Indian Government and related Policy-making organizations are going to set up their so-called " CyberSecurity Task Forces " or drafted a " National Cyber Security Policies ," with an aim to boost cyber security in India… The first thing that comes to my mind is: Why Doesn't my Government Understand How Encryption and Online Cyber Security Works? Yes, My Government really have no idea, How Encryption relates to users' Privacy. And… Narendra Modi's Government has done it again! With the release of the draft National Encryption Policy , the government wants access to all your messages whether sent over online email services like Gmail or messaging services like WhatsApp, Viber, or Messenger. The National Encryption Policy ( before addendum ) required: Access to your Private Data To stor...

While the Indian people continue to struggle for Net Neutrality, a new problem surrounded them with the release of the latest policy for ' National Encryption Policy ' by the Indian Government. If you delete your WhatsApp Messages or Emails that you receive or send before 90 days, it might be a crime and you can End-up In Jail. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. With the aim to 'provide confidentiality of information' and ensure 'protection of sensitive or proprietary information', the draft policy, proposed by an so-called ' expert panel ' from the Department of Electronics and Information Technology ( DeitY ) , requires: Access to your Private Data The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a privat...

Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your device. However, it's pretty easy for anyone to access your personal photographs and contacts from your iPhone running iOS 9 in just 30 seconds or less, even with a passcode and/or Touch ID enabled. Just yesterday, the Security firm Zerodium announced a Huge Bug Bounty of 1 Million Dollars for finding out zero-day exploits and jailbreak for iPhones and iPads running iOS 9. Now... A hacker has found a new and quite simple method of bypassing the security of a locked iOS device (iPhone, iPad or iPod touch) running Apple's latest iOS 9 operating system that could allow you to access the device's photos and contacts in 30 seconds or less. Yes, the passcode on any iOS device running iOS 9.0 is possible to bypass using the benevolent nature of Apple's personal assistant Siri. Here's the List of Steps to Bypass Passcode: You need to follow...

Bitcoins are making their way, in Bits and Pieces. In a recent report The Hacker News (THN) had mentioned about banks adopting the Blockchain Technology from Bitcoins ; to create a safe and secure distributed ledger. Now, last week U.S. Commodity Future Trading Commission (CFTC) , has added Bitcoins and other virtual currencies to the commodities basket which previously includes Gold, Crude Oil, foreign exchange, and Stocks. CFTC is an oversight committee of the USA, established to protect the interest of the people who have invested in any of the commodities by ensuring the conduct of no malpractices. The commodity swaps are working according to the Commodity Exchange Act (CEA). BITCOIN - Commodity for the Conduct of Trade Implying which now the Bitcoins and other virtual currencies, considered as cryptocurrency earlier, are now known as commodities for the conduct of trade. Moreover, after being tagged as a commodity and making its entry into CEA by...

Good news for Hackers and Bug hunters! You can now WIN 1 Million Dollars for finding zero-day hacks for iPhones and iPads. Yes, $1,000,000.00 Reward This Huge Bug Bounty is offered by the new Security firm  Zerodium , a startup of the infamous French-based Security firm " VUPEN ", who is well known for buying and selling zero-day vulnerabilities. Zerodium, which describes itself as "the premium zero-day acquisition platform," announced a total of $3 Million ($3,000,000) bounty bounty rewards for iOS exploits and jailbreaks. $3 Million Reward for Zero-day exploits and Jailbreaks  The Zero-day Acquisition Firm challenges hackers, researchers, and bug hunters to discover zero-day flaws and exploits in Apple's latest mobile operating system iOS 9 that must allow an attacker to remotely compromise a non-jailbroken iOS device through: A web page, In-app browsing action, or text message or MMS (Multi-Media Messages) "The whol...

Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by  several hundred Million iPad and iPhone owners . Out of them, Palo Alto Networks published a list of 39 malicious yet legitimate apps that made ways to the App Store.  First Major Malware Attack on Apple's App Store Yes, Apple App Store is targeted by a malware attack in which some versions of software used by software developers to build their apps for iOS and OS X were infected with malware, named XcodeGhost . XcodeGhost secretly sniffs off data from customer's device and uploads it to the attacker's servers without the user's knowledge, according to security firm Palo Alto Networks. Apps were infected after developers used a malicious version...

Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly. Yes, you can crash the latest version of Chrome browser with just a simple tiny URL. To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser. The issue was discovered by security researcher Andris Atteka , who explained in his blog post that just by adding a NULL char in the URL string could crash Chrome instantly. Atteka was able to crash the browser with a 26 character long string, which is given b...

Are you a Die Hard Android Fan? If you are also one of those millions Android fans, for whom the brand has turned into an insane religious devotion, then Apple has something that could give you second thoughts. Apple is losing control, wants you to ditch your Android! Few days ago, Apple made its debut on Google Play Store with its First App, called " Move to iOS ", for Android Users. With its first ever Android app, Apple tried to kill Android Community and fans, But failed badly! Apple's new app works as an " Uncalled Assistance " in a manner where you have bought a new iPhone, iPad or iPod Touch and are confused about how to migrate data from your current Android device. Apple's ' Move to iOS ' app is designed to help Android users transfer their content quickly and safely from an Android device to an iOS device. The Apple App will help you in Migrating Data, like: Calendars Camera photos and videos Contacts Mail accounts Message history Web b...

We at The Hacker News are big fans of Security Software – The first thing we install while setting our Computers and Devices. Thanks to Free Security Software that protects Internet users without paying for their security. But, Remember: Nothing comes for FREE " Free " is just a relative term, as one of the world's most popular anti-virus companies is now admitting. Czech Republic-based antivirus company AVG has announced its privacy policy in which the company openly admits that it will collect and sell users' data to online advertisers for the purpose of making money from its free antivirus software. This new policy, which will come into effect on October 15 , clearly explains that AVG will be allowed to collect and sell users' " non-personal data " in order to " make money from our free offerings so we can keep them free ." Have a Look on Your Data AVG wants to Sell  Here's the list of, what AVG calls, ...

My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our  official 'The Hacker News' Facebook Page , and with the curiosity to check that link I visited that website. And what I saw… One by one my every single account I logged in into my web browser got automatically logged out just in few seconds in front of my eyes. This is exactly what Super Logout does. Log Out All Your Accounts in Just One Click Yes, Super Logout – a website that logs you out of over 30 major Internet services just in one click. You can visit 'Super Logout' here . ( Note : Once clicked, this will log you out instantly from all your online accounts and don't worry it is neither harmful, nor malicious ) This is a great tool for people who: Usually visit Internet Cafes for surfing In...

Can you name which Operating System is most Secure ? ...Windows, Mac, Linux or any particular Linux Distribution? Yes, we get that! It's not an easy thing to pick. Besides Windows, Even the so-called ultra-secure Linux Distros were found to be vulnerable to various critical flaws in past years. Because, almost all Linux Distros use the same Kernel, and the most number of cyber attacks target the Kernel of an operating system. So, It doesn't matter which Linux distribution you use. The kernel is the core part an operating system, which handles all the main activities and enforces the security mechanisms to the entire operating system. Making an Operating System secure requires that vulnerabilities shall not exist in the Kernel, which is the communicating interface between the hardware and the user.  To overcome the above situation, Security Researchers, Mathematicians and Aviation gurus from Boeing and Rockwell Collins joined a team of dedicated NIC...

It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication...

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves . This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link , which accidently published its Private code signing keys inside the company's open source firmware packages. Dutch news site Tweakers made aware of the issue by one of its readers with online moniker " bartvbl " who had bought a D-Link DCS-5020L security camera and downloaded the firmware from D-Link, which open sources its firmware under the GPL license. However, while inspecting the source code of the firmware, the reader found what seemed to be four different private keys used for code signing. Hackers Could Sign Malware After testing, the user managed to successfully create a Windows application , which he was able to sign with one of the four code signing keys belonging to D-Lin...

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu...

Sit Tight on your seats, because you're gonna get a Shock. Microsoft has developed an Operating System powered by LINUX. Close your mouth first. It's True! Microsoft has built its own Linux-based operating system called Azure Cloud Switch (ACS ) and believe me, under Satya Nadella, Microsoft has become more open than ever. According to the announcement made through an official blog post on Microsoft website, Azure Cloud Switch (ACS) describes as "cross-platform modular operating system for data center networking built on Linux." or Simply, " Commodity switch software stack for data center networks". The Purpose of developing Linux-based Azure Cloud Switch (ACS) operating system at Microsoft is to make it simpler to control the hardware from multiple vendors ( such as Switches ) that powers their cloud-based services. And here's the Kicker: "Running on Linux, ACS [Azure Cloud Switch] is able to make use of its vibrant eco...