The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A security researcher has won $24,000 from Microsoft for finding a critical flaw in its Live.com authentication system that could allow hackers to gain access to a user's complete Outlook account or other Microsoft services. Microsoft's Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft services, including OneDrive, Windows Phone, Skype, and Xbox LIVE. Hacking Hotmail (Outlook.com) Account It's one account for all services. So, if say, Outlook wants to access other apps, it uses a standard set of authentication code called OAuth . OAuth is an open standard for authorization that keeps your passwords safe on third-party sites and instead of sharing your password, it shares a special key called 'Access token' to access the app. OAuth authorizations are accomplished through a prompt, as shown below and to allow an app to gain access to your account, you n...

Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable. Now, the latest is the ' Kemoge Malware ' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of it. Security researchers from FireEye Labs have discovered that Kemoge malicious adware family is spreading in 20 countries around the globe. Also, the origin of the Adware's attack is suspected from China. What is Kemoge? The name given to the malicious Adware family is because of its command and control (C2) domain: aps.kemoge.net. Kemoge is an Adware in the disguise of popular Apps; it has circulated in such numbers because it takes the name of popular apps and repackages them with the malicious code and make them available to the user. They even use...

What if your phone suddenly slips into a bathtub? Maybe you'll end up losing all your important data, more specifically, your WhatsApp photos, videos, Voice Notes and Chat Data that flows through your chats. Sounds scary, isn't it?  But, now you need not worry if your phone suddenly died or broke – Thanks to the new integration to your favorite messaging app WhatsApp with Google Drive. Google and Facebook announced a partnership that will bring Google Drive integration to WhatsApp for Android, allowing you to automatically backup all your chat messages and multimedia content regularly to the cloud. BackUp Your WhatsApp Data to Google Drive With Google Drive integration, you can create a private backup of your: Chat History Voice Messages Photos Videos …to "keep your memory safe," Google says. You can also decide to backup your WhatsApp data: Daily, Weekly, Monthly, or Not at All. Data BackUp and Recovery with Enc...

Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The British Spying Agency have special tools that let them take over your smartphones with just a text message, said Edward Snowden , and there is " very little " you can do to prevent them having " total control " over your devices. By Sending just a Text message, the tools let spies: Listen in to what's happening in the room View files and the web history See messages and photos Taking secret pictures of smartphone owners Pinpoint exactly where a user is (to a much more sophisticated level than a typical GPS system) In other words, the tools allow agencies to monitor your every move and every conversation, even when your smartphone is turned OFF. Here's How GCHQ Ca...

Microsoft's Windows 10 , the latest version of Windows Operating System, has been creating waves since it rolled out, and reached to 110 million devices within just 2 months. If you are a long-time Windows user, you may remember a trick called, ' God Mode '. God Mode is an inbuilt, but hidden feature of Windows that provides additional customization options for the operating system. With Windows 10, all the Settings of the operating system are kept under Settings App, and categorized between System, Devices, Network & Internet, Personalization, Update & Security, Privacy and more. Enabling God Mode, also known as 'Windows Master Control Panel Shortcut ', in Windows 10 essentially unlocks a backdoor of the OS to access 260+ additional settings from a single folder. How to Enable God Mode in Windows 10? Follow the steps given below to enable the God Mode in your Windows 10: Create a new folder on your Windows desktop (New > Folder) and save it with th...

Hackers, Government Agencies and sophisticated malware, are collecting every piece of Digital data that we transmit through our Computers, Smartphones or Internet-enabled Gadgets. No matter how secure you think you might be, something malicious can always happen. Because, " With the right tools and Talent, a Computer is an open book. " Many people ask, How to stay safe and secure online? And, Answer is... ...Knowledge of Cyber threats, little Smartness and a Secure Operating System. Which Operating System is the Most Secure? Nearly every Operating System is designed with Security as a requirement, but believe me… there can't be a truly Secure Operating System. If you are Interested in Security and Hacking, you have probably already heard of various security-focused Operating Systems like Tails , Whonix and Kali Linux . All these operating systems, including Windows, Linux, BSD, even OSX, are all based on a Monolithic Kernels, and it requir...

Imagine you are sitting in your office and working on something confidential. Once you are done, you send a command to print that document. But, What if...  ...the whole confidential document send to a hacker attacking from the air? Sounds pity but may be your Boss fires you immediately if that confidential data is leaked or misused. This is no more an imagination now, as a group of researchers has done exactly the same. Researchers from Singapore have devised a unique set up consisting of a Drone that carries a smartphone running two custom apps that are capable of intercepting wireless printer transmissions, even from outside an office building. In short, hackers can gain access to your corporate network by using a smartphone-equipped drone to hack your printer. The project was developed by the researchers at iTrust , a research center at the Singapore University of Technology and Design. They developed two applications: Cybersecurity Patrol – ...

Researchers have unearthed a dangerous backdoor in Microsoft's Outlook Web Application (OWA) that has allowed hackers to steal e-mail authentication credentials from major organizations. The Microsoft Outlook Web Application or OWA is an Internet-facing webmail server that is being deployed in private companies and organisations to provide internal emailing capabilities. Researchers from security vendor Cybereason discovered a suspicious DLL file loaded into the company's OWA server that siphoned decrypted HTTPS server requests. Although the file had the same name as another benign DLL file, the suspicious DLL file was unsigned and loaded from another directory. Hackers Placed Malicious DLL on OWA Server According to the security firm, the attacker replaced the OWAAUTH.dll file ( used by OWA as part of the authentication mechanism ) with one that contained a dangerous backdoor. Since it ran on the OWA server, the backdoored DLL file allowed hacker...

While accessing your Bank account online, Have you ever thought… ...there could be a Hacker, somewhere in the World, who is after your Money? Maybe NO . Because, you believe that your bank offers Secure banking solution, Right? At The Hacker News, we have reported many incidents of cyber attacks , which proves that Banks are more often being targeted by Hackers, despite robust Banking Security mechanisms. Today we are going to talk about security of one of the  Denmark's Largest Bank , reviewed by Sijmen Ruwhof , an Ethical Hacker, and IT Security Consultant. Ruwhof recently published a blog post, " How I could Hack Internet Bank accounts of Danish Largest Bank in a few minutes ". His In-depth technical post explains the extent to which Danske Bank , one of the largest Danish Bank, is vulnerable to hacking. In August, Ruwhof got intrigued with the idea of testing Bank's security while interacting with a group of Danish hackers at the Chaos Communica...

Google reportedly fixed the latest round of Stagefright vulnerabilities in Android, pushing its latest over-the-air (OTA) update to Nexus devices. Last week, researchers warned of Stagefright 2.0 vulnerability that affected more than one Billion Android devices dating back to the latest versions of the Android operating system. The Stagefright bugs allowed hackers to take control of affected Android devices by sending a malicious audio or video file. In April, Zimperium researchers disclosed the first Stagefright vulnerability that allowed hackers to hijack any Android smartphones with just a simple text message ( exploit code ). As promised, Google on Monday pushed a patch that fixes the holes in Stagefright media playback engine used by Android to process, record and play multimedia files such as PDFs. The patch fixes 30 vulnerabilities in total, which includes: 14 critical vulnerabilities in Stagefright library 5 Remote Code Execution bugs 8 Eleva...

Do you hear the same as me? Is Facebook planning to Launch Satellite? Yes, it's True. Facebook has revealed its secret plan to launch a $500 Million Satellite by 2016 in order to provide Free or cheap Internet access in the developing nations. Facebook CEO Mark Zuckerberg made an announcement that the social network partnered with French satellite provider Eutelsat Communications to beam free Internet to several countries in Sub-Saharan Africa. Internet-by-Satellite The plan is part of Facebook's Internet.org project that has been criticized for net neutrality issues in some countries, particularly India, where businesses believes that the plans could give Facebook and its partners unfair benefits in developing Internet markets. Facebook has been exploring ways to provide the Internet to hard-to-reach places and this latest initiative to use Satellite technology for providing affordable Internet is part of the Facebook initiative to connect the...

We are back with our last week's top cyber security threats and challenges, just in case you missed any of them ( ICYMI ). THN Weekly Round Up is The Hacker News efforts to help you provide all important stories of last week in one shot. We recommend you read the full story ( just click 'Read More' because there's some valuable advice in there as well ). Here's the list: 1. Quantum Teleportation — Scientists Teleported Quantum Data over 60 Miles While the world is battling between Quantum computers and Encryption , the NIST Scientists have set a new record in the field of " Quantum Teleportation "... …by successfully Teleporting a small amount of data (qubit) inside light particles over a distance of 60 Miles (100 km) through a network of optical fiber – the record which is four times faster than previous one. To know how the Quantum Teleportation works and how the researchers able to reach this record, Read More … 2. Pirate Bay co-fo...

Has anyone ever heard about a " Vigilante-style Hacker ," who hacks every possible system to make them more Secure? No. It's not funny, neither a movie story: Reportedly, someone is hacking thousands unprotected Wi-Fi routers everywhere and apparently forcing owners to make them more Secure. Security firm Symantec has discovered a new malware, dubbed " Linux.Wifatch " a.k.a " Ifwatch ," infected more than 10,000 vulnerable ' Internet of Things ' devices, and spreading quickly. However, Linux.Wifatch not only removes malicious backdoor but also encourages users to update their weak passwords. How Does Linux.Wifatch Work? Once a device is infected, the Linux.Wifatch malware connects to a peer-to-peer network that is being used to distribute threat updates. Linux.Wifatch's code does not deploy any payload for malicious activities, such as to carry out DDoS attacks , rather it detects and remediates the known ...

Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices . Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost . And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan. Capabilities of YiSpecter Malware Dubbed YiSpecter , the malware infects iOS devices and once infected, YiSpecter can: Install unwanted apps Replace legitimate apps with ones it has downloaded Force apps to display unwanted, full-screen ads Change bookmarks as well as default search engines in Safari S...