The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Unless we are a human supercomputer, remembering a different password for every different site is not an easy task. But to solve this problem, there is a growing market of best password manager and lockers, which remembers your password for every single account and simultaneously provides an extra layer of protection by keeping them strong and encrypted. However, it seems to be true only until a hacker released a hacking tool that can silently decrypt and extract all usernames, passwords, as well as notes stored by the popular password manager KeePass . Dubbed KeeFarce , the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub  for free download. Hackers can execute KeeFarce on a computer when a user has logged into their KeePass vault, which makes them capable of decrypting the entire password archive and then dumping it to a file that attackers can steal remotely. How Does KeeFarce Work? KeeFarce obtains passwords by l...

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv...

The Online Hacktivist group Anonymous announced it plans to reveal the identities of about 1,000 Ku Klux Klan (KKK) members on 5th November , the day of the Global Protest movement known as the Million Mask March. Million Mask March , where protesters don Guy Fawkes masks in hundreds of cities around the world, and march together against the corrupt Governments and corporations. Ku Klux Klan (KKK) is classified as a White Supremacist Racist group by the Anti-Defamation League and the Southern Poverty Law Center, allegedly having total 5,000 to 8,000 members. It was founded after the Civil War by former Confederate soldiers to fight against the reforms imposed by the North during Reconstruction. " We've gained access to yet another KKK Twitter account. Using the info obtained, we will be revealing about 1000 Klan member identities. ", Anonymous Hackers tweeted last week. The list of 1000 KKK Members, to be released on 5th November, apparently includes the...

Imagine the internet that would offer you to communicate privately with anyone else without censorship, safe from the prying eyes of surveillance authorities…. … Decentralized, Encrypted, Peer-to-Peer Supported and especially a non-IP Address based Internet. Yeah, a New Private Internet that would be harder to get Hacked. This Internet is a dream of all Internet users today and, of course, Kim Dotcom – the Famous Internet entrepreneur who introduced legendary Megaupload and MEGA file sharing services to the World. Kim Dotcom announced plans to start his very own private internet at the beginning of this year and has now revealed more details about MegaNet — a decentralized, non-IP based network that would share data via " Blockchains ," the technology behind Bitcoins. On Thursday, Dotcom remotely addressed a conference in Sydney, Australia, where he explained how MegaNet will utilize the power of mobile phones and laptops to operate. How will M...

Hackers are now going crazy and trying new ways in Biohacking . Until now, we have seen a hacker who implanted a small NFC chip in his hand in order to hack Android smartphones and bypass almost all security measures. However, now the level of craziness has gone to a whole new level. A Swedish hacker has devised a neat trick that makes him able to buy groceries or transfer money between bank accounts by just waving his hand. Yes, you heard that right.  Patric Lanhed , a software developer at DigitasLBi, implanted a small NFC (Near Field Communications) chip with the private key to his Bitcoin wallet under his skin. So How Does the Trick Work? So, while sending Bitcoin payment from one digital wallet to another, he just has to wave his hands against an NFC chip reader that will scan the data, and a custom software will confirm the authenticity of the key, triggering the money transfer. A proof-of-concept video demonstration by Patric and his acquain...

Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium , a startup by French-based company Vupen that Buys and Sells zero-day exploits. And Guess what, in How much? $1,000,000. Yes, $1 Million. Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through: A web page on Safari or Chrome browser, In-app browsing action, or Text message or MMS. Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. NO More Fun. It's Serious Threat to iOS Use...

Avoiding Credit Card Fraud is simply easy as long as you use cash. But, what if you even get hacked while withdrawing cash from an ATM? If you are living in Germany or traveling there, then think twice before using your payment cards in the ATMs. Here's why: A Security researcher in Germany has managed to hack ATM and self-service terminal from Sparkasse Bank that allowed him to reveal the sensitive details from the payment card inserted into the machine. Benjamin Kunz-Mejri , CEO of Germany-based security firm Vulnerability Lab , discovered a vulnerability while using a Sparkasse terminal that suddenly ejected his card, and changed status to " temporarily not available. " Meanwhile, the machine automatically started performing software update process in the background. However, Benjamin used a special keyboard combination to trick the ATM into another mode. Benjamin's trick forced ATM system to put update process console (cmd) in the foreground ...

Hey friends, guess what? Yes, yes.. you read that right... It's Party time for all of us, as The Hacker News (THN) is celebrating its 5th Anniversary Today. And what an epic 5 years it has been! We began our journey on this same day back on November 1, 2010, as a dedicated news platform for Hackers, Security researchers, technologists and nerds. And just because of your support ' The Hacker News ' has become one of the World's popular Hacking and Technology News Platform that went from ~100,000 Readers to more than 4 Million unique monthly readers. So now it's time to Celebrate… and most importantly, Congratulate you all for the success of THN. Thank you all for your enthusiasm, contribution, support, sharing, love, time and efforts as well. We wouldn't be here, five years on and still going strong, if you didn't support us too. Future Plans at The Hacker News We don't cover everything, never did, never could, we just publicized the th...

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te...

Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor . Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries. In April 2015, the Dutch police obtained ' Decryption keys ' database from a seized command and control server of CoinVault. Ransomware Decryption Tool Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service , which included a set of around 750 decryp...

The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco...

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed 16-year-old boy from Feltham in west London on suspicion of Computer Misuse Act offences. Latest TalkTalk Data breach put the Bank details and Personally Identifiable Information (PII) of millions of customers at risk, including: Nearly 21,000 Bank Accounts Almost 28,000 obscured Credit and Debit card details Less than 15,000 customer dates of birth Names, Email Addresses, and Phone Numbers of 1.2 Million Customers TalkTalk has confessed that " Not all of the data was encrypted "... yeah, its' too bad. However, " Investigations so far show that the information that may have bee...

Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1 users through the Windows Update process, but next year the company will do it on purpose. MISSION '1 BILLION': It doesn't come as a surprise, as Microsoft mentioned many times that it wants to get Windows 10 into as many hands as possible to reach its goal of 1 Billion installations. Starting next year, Microsoft is planning to re-categorize Windows 10 as a " Recommended Update " in its Windows Update service. Also Read:  Here's How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically . This means that the Windows 10 upgrade process will start downloading and initiating automatically on thousands of devices. Before: ...

The Tor Project has officially launched the first beta version of Tor Messenger, an open source and Encrypted instant messaging client that works on top of the Tor network. Tor Messenger is designed by keeping both simplicity and privacy in mind. The team claimed that their app encrypts the content of instant messages as well as makes it very difficult for snoopers and eavesdroppers to identify the user sending them. Tor Messenger integrates the " Off-the-Record " (OTR) to encrypt messages and then routes them over Tor network in the same manner as the Tor Browser does for the web. The app is built on Mozilla's instant messaging client Instantbird and works a lot like Adium, another popular instant messaging client. Here's How to Install Tor Messenger in your PC: Tor Messenger can be run on versions of Windows, Mac, or Linux PC. To do so, you simply have to follow these simple steps: Download Tor from here Drag the app to your Application...

Google is planning to merge its Chrome OS with Android operating system and roll out a single operating system by 2017. New Android OS Optimized for Laptops: Yes, a Single Operating system for Mobile devices, desktops, laptops and notebooks, just what Microsoft is offering to its users with  Windows 10 . Chrome OS is a lightweight operating system based on the Linux kernel and designed by Google to power its Chromebook Laptops and Desktops. Here's the deal: According to a recent report published by the Wall Street Journal, Google has been working for two years to merge Chrome OS and Android, and you can expect to see an early version of the 'single OS for all' as soon as next year at Google I/O event. Is Google Killing Chrome OS? NO, Google isn't Killing Chrome OS.  Some have reported that Google might "kill" Chrome operating system, but it's not what the company has planned about. Also Read:  Google OnHub Router actu...

Forget about Superman's X-rays vision, you can now see through walls using WI-FI device only. Scientists at MIT's Computer Science and Artificial Intelligence Lab ( CSAIL ) have developed a device that uses WiFi signals to effectively see through walls and other obstacles, and identify which persons are standing behind it. Dubbed RF Capture , the new system is enhanced version of their previous methods of capturing movements across a house – technology used by mothers to see their baby's breathing and firefighters to determine if there are survivors in a burning building. How Does RF Capture Work? The working of RF Capture is actually quite simple and relatively straightforward. RF-Capture works by transmitting wireless signals that, upon hitting a person standing behind a wall, are reflected off various body parts and then back to the device for analysis to piece together the whole image of people. RF-Capture transmits radio waves that pass thro...

The world's most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records. The stolen data includes usernames, passwords in plain text, email addresses, IP addresses and last names of around 13.5 Million of 000Webhost's customers. According to a recent report published by Forbes , the Free Hosting service provider 000Webhost was hacked in March 2015 by an anonymous hacker. In a post on its official Facebook page, the hosting company has acknowledged the data breach and posted the following statement: "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised , we are mostly concerned about the leaked client information." The stolen data was obtained by Troy Hunt , an Australian security researcher, who received the dat...

In our previous article, The Hacker News reported that the EFF had won its battle over the limits that were put on a car's copyrighted software, allowing car owners to fiddle with their car's software. EFF has participated in the rulemaking procedure held by the United States copyright office (DMCA) earlier also, and this time they have got a bag full of success. As… ...Library of Congress has not only allowed the consumers to repair and modify their Car's Software, but also exempted restrictions from: Device unlocking Jailbreaking Ripping videos for remix This simply means that now anybody can: Ripe off video from DVDs or BluRay disks, as well as online streaming services, for remixes. Jailbreak their phones, tablets, and smartwatches and run operating systems and applications from a third party source. Reconfigure video games that are no longer supported by their publisher. "We are pleased that the Librarian of Congress and the Copyright O...

Yes, you heard right. You can now hack a car by making necessary modifications – but to the car owned by you, not your neighbors. Last year, President Obama passed a bill called 'Unlocking Consumer Choice and Wireless Competition Act,' following which users could unlock their devices – generally those locked under a contract – to use a specific service provider. Also Read:   It's Now Legal to Jailbreak Smart TV, Smartphone Or Tablet . The same year, Electronic Frontier Foundation (EFF) filed a petition with the Librarian of Congress, which has the authority to grant Digital Millennium Copyright Act (DMCA) exemptions , for allowing customers and independent mechanics to repair their vehicles on their own by making necessary modifications. Though many automakers were in opposition to this petition, as they believed by doing so the safety measures of vehicles are going to be at a higher risk. EFF got Success! Yesterday, Library of Congress approve...