The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A self-described teenage hacker has claimed to have hacked into personal AOL email account of Central Intelligence Agency (CIA) Director John Brennan and swiped sensitive top-secret data. It's Really a major embarrassment for Brennan as well as the CIA. The hacker, who describes himself as an American high school student, called the New York Post to describe his exploits. According to the teenage hacker, Brennan's private email account held a range of sensitive files, which includes: His 47-page application for top-secret security clearance Social Security numbers (SSNs) and personal information of more than a dozen top US intelligence officials A government letter discussing " harsh interrogation techniques " used on terrorist suspects Sensitive Information Leaked The teenage hacker operates with under the Twitter name " Crackas With Attitude " with Twitter handle @_CWA_ . He confirmed the Post that he also controlled the...

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a ...

Facebook just launched a new notification feature that will alert you if the social network strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state. The message, which you can see below, recommends users to turn ON " Login Approvals ," so that their Facebook accounts can only be accessed using stronger two-factor authentication. Facebook insists that some necessary steps are already taken to secure users' Facebook accounts that may be targeted by hackers, but the company has also stepped up to directly warn its users when a government-sponsored attack is under away. In a blog post published Saturday, Facebook Chief Security Officer (CSO) Alex Stamos announced that this step to secure accounts is necessary "because these types of attacks tend to be more advanced and dangerous than others." Stamos added that "it's important to understand that this warning is not related t...

Microsoft wants Windows 10 users to use its Edge browser , and the company is pulling every trick out to make it happen. In a newly leaked Windows 10 preview release ( build 10568 ) , Microsoft has added a new prompt that appears whenever you try to switch away from default apps, including Microsoft Edge . Considering the wide adoption of Microsoft's newest operating system Windows 10, it seems that users are still hesitant in adopting Edge browser that comes bundled with  Windows 10 . To help encourage a higher adoption of Microsoft's default apps bundled with Windows 10, the software giant seems to be taking some steps. Come, Give Microsoft Edge A Shot!  If you already have Microsoft Edge as your default browser, then installing another rival browser, such as Google Chrome or Mozilla Firefox , and switching the defaults will make a dialog box with " Give Microsoft Edge a shot " appear. The prompt highlights some of the latest features in ...

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them (ICYMI). Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use Radio-waves to control our Smartphones from 16 feet away and How did the NSA break Trillions of Encrypted connections. Also, some of last week's news included USB Killer v2.0 and a real-life Thor-like Hammer . I recommend you to read the entire news (just click ' Read More ' because there's some valuable advice in there as well). Here's the list: 1. Google OnHub Router Runs on Chrome OS; Here's How to Root it Google OnHub Router runs Chrome operating system, the same Linux-based OS that powers Google Chromebook laptops and desktops. Google OnHub is a modern wireless router designed by Google and TP-Link. It operates networks on both t...

Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player . The vulnerability was exploited in the wild by a well-known group of Russian hackers, named " Pawn Storm ," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the Flash Player users at a potentially high risk. Since then, there was no patch available to make flawed utility safe. However, Adobe has now patched the zero-day vulnerability, along with some critical vulnerabilities whose details are yet to be disclosed. Yesterday, the company published a post on their official security bulletin ( APSB15-27 ) detailing the risks associated with the zero-day and how a user can get rid of them. The critical vulnerabilities are assigned following CVE numbers: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 Also, Adobe is kn...

Malaysian authorities have arrested a Kosovo citizen in Kuala Lumpur on Computer hacking charges and allegedly providing personal data about United States military members to the Islamic State Terrorists group ( also known as ISIS or ISIL ). According to the US Department of Justice (DOJ) and the FBI, Kosovo citizen Ardit Ferizi allegedly hacked into the US web hosting company's servers and stole personal data of more than 1,300 US government and military employees. Ferizi didn't use the stolen data for identity theft; instead he allegedly handed the hacked information over to Junaid Hussain ( also known as Abu Hussain Al Britani ), an ISIS member and hacker who was killed in a US drone strike in August. The stolen data includes names, email addresses, passwords, phone numbers and locations of US military service members and government workers. Hacker May Face up to 35 Years in Prison Moreover, Ferizi also accessed customers' information from a...

Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe. Also Read:  Top Best Password Managers . Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a co...

If you are running Windows 7 or Windows 8.1 and have no plans to switch to Windows 10, then Microsoft could force you to install Windows 10, making it harder for you to cancel or opt-out of upgrading. Note: Above image has been photoshopped, but the original screenshot taken by Windows users is given below. Reports are circulating that some Windows 7 and Windows 8.1 users are claiming that the latest Windows 10 OS has begun to automatically install itself on their PCs. According to complaints by users, Windows Update screen is only offering them the option to either: Start the upgrade process, or Reschedule the upgrade for a later date Other users are finding that the dialog boxes they are presented display a message saying that the " Upgrade to Windows 10 is Ready ," and prompting users to " Restart your PC to begin the installation ." The issue actually resided in the Windows Update process. Microsoft has listed Windows 10 as an " Op...

While the US military continues to build more advanced unmanned aerial vehicles ( UAVs ), popularly known as Drones , the US company Battelle has developed a shoulder-mounted rifle to deal with unwanted drones flying around. Dubbed DroneDefender , the revolutionary weapon specifically designed to target and knock drones out of the sky at a range of just 400 meters, without totally destroying them. The Battelle DroneDefender utilizes radio waves to neutralize in-flight Drones and force them to land or hover or return to its point of origin. Video Demonstration You can watch the video given below to know how the DroneDefender works. It shows how the weapon is able to stop a drone in its tracks and cause it to land. The DroneDefender weighs less than 5 kilograms and can disable a hostile drone within a 400-meter radius. How does DroneDefender Work? As soon as the trigger is pulled, DroneDefender emits radio pulses that interrupt the communications system...

The Chinese Pangu jailbreak team has once again surprised everyone by releasing the first untethered jailbreak tool for iOS 9 – iOS 9.0, iOS 9.0.1, and iOS 9.0.2. The untethered jailbreak is a jailbreak where your device don't require any reboot every time it connects to an external device capable of executing commands on the device. The Pangu team released their iOS 9 jailbreak into the wild instead of submitting it to Zerodium, a company which promised a $1 Million reward for iOS 9 jailbreaks . How to Jailbreak iOS 9.0, 9.0.1 and 9.0.2? Jailbreaking is a process of removing limitations on Apple's iOS devices so you can install third party software not certified by Apple. Before proceeding to Jailbreak your device, back up all personal data of your device using iCloud or iTunes. Also, Disable any Anti-virus programs or firewalls that could prevent Pangu from connecting to the Internet. Now, let's start. Follow these steps to jailbreak your iPhone,...

What if your phone starts making calls, sending text messages and browsing Internet itself without even asking you? No imaginations, because hackers can make this possible using your phone's personal assistant Siri or Google Now. Security researchers have discovered a new hack that could allow hackers to make calls, send texts, browser a malware site, and do many more activities using your iOS or Android devices' personal assistant Siri or Google Now — without even speaking a single word. A Group of researchers from French government agency ANSSI have discovered that a hacker can control Apple's Siri and Android's Google Now by remotely and silently transmitting radio commands from as far as 16 feet away... ...only if it also has a pair of headphones plugged into its jack. How does the Hack Work? It is very interesting and a mind-blowing technique. The Hack utilizes: An iPhone or Android handset with headphones plugged in A radio tra...

Does Adobe Flash , the standard that animated the early Web, needs to Die? Unfortunately, Yes. Despite Adobe's best efforts, Flash is not safe anymore for Internet security, as a recent zero-day Flash exploit has been identified. Just Yesterday Adobe released its monthly patch update that addressed a total of 69 critical vulnerabilities in Reader, Acrobat, including 13 critical patches for Flash Player. Now today, Security researchers have disclosed a new zero-day vulnerability in fully patched versions of Adobe Flash, which is currently being exploited in the wild by a Russian state-sponsored hacking groups, named " Pawn Storm ". NO Patch For Latest Flash Exploit That means, even users with an entirely up-to-date installation ( versions 19.0.0.185 and 19.0.0.207 ) of the Flash software are also vulnerable to the latest zero-day exploit. Luckily, for the time being, this exploit is only being used against Government agencies and several foreign affairs...

If you have watched the most recent Avengers movie, then you would be aware of a scene where all the superheroes Iron Man, War Machine, Hawkeye, and Captain America take turns to lift Thor's hammer but fail. Someone has an explanation, Why? Inspired by Thor's legendary hammer Mjolnir that is not liftable by anyone except Thor, an electrical engineer has built a real-life Mjolnir that only he can pick up. Electrical engineer Allen Pan , who also runs the Sufficiently Advanced YouTube channel, created a giant hammer that only he can lift, so long as the hammer is on a metal surface. To make his hammer immovable, Pan made use of: A capacitive touch sensor ( fingerprint sensor ) attached to the handle An Arduino Pro Mini and a solid state relay, which serves as a switching device. A microwave oven transformer electromagnet that uses electricity to produce a very strong magnetic field. The electromagnet creates a very strong magnetic field, strong enough ...

OK, Google is Listening… and Recording too. Google is not just listening to your searches, but the search engine is also recording and storing every single voice search you make. Google is incredibly accurate at understanding your voice. The company secretly stores its users' searches from its voice-activated assistant Google's Voice Search and search feature Google Now to turn up relevant advertisements as well as improve the feature. But what many of you do not realize is that after every voice searches you made, Google makes a recording of it and stores it in a remote part of your account. Listen to Your Own Voice Recorded by Google However, it's no surprise to know that Google is recording our voice because it's nothing new, but it made me really scary when I heard myself so cleared. Don't believe me? Listen to your own voice recording by visiting your " Voice & Audio Activity " page in the Google Dashboard and you...

Microsoft has rolled out six security updates this Patch Tuesday , out of which three are considered to be " critical, " while the rest are marked as " important. " Bulletin MS15-106 is considered to be critical for Internet Explorer (IE) and affects absolutely all versions of Windows operating system. The update addresses a flaw in the way IE handles objects in memory. The flaw could be exploited to gain access to an affected system, allowing hackers to gain the same access rights as the logged-in user. A hacker could " take advantage of compromised websites, and websites that accept or host user-provided content or advertisements ," the advisory states. " These websites could contain specially crafted content that could exploit the vulnerabilities. " Therefore, the dependency here is that an IE user must knowingly click on the malicious link, which then be leveraged by an attacker to get the full control over a computer t...