The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In Brief Investigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system. The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system. The Bangladesh Bank hackers, who managed to steal $81 Million from the bank last month in one of the largest bank heists in history, actually made their tracks clear after hacking into SWIFT, the heart of the global financial system. SWIFT , stands for the Society for Worldwide Interbank Financial Telecommunications, is a global messaging network used for most international money and security transfers. More than 11,000 Global Banks on HIGH ALERT! Nearly 11,000 Banks and other financial institutions around the World use SWIFT system to send securely and receive payment ...

Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se...

In Brief Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network. When it was reported last month that an unknown hacking group attempted to steal $1 Billion from Bangladesh's Federal Reserve bank account with the help of a malware and, in fact, successfully stole over $80 Million , the investigators would not say how the hackers managed to bypass the security solutions on its network. But in reality, there was no security solution installed to help protect against increasingly sophisticated attacks. This lack of security practices made it incredibly easier for the hackers to break into the system and steal $81 Million, though a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds. The network computers that we...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr...

In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s...

In Brief: Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users. Sony confirmed to Polygon today that it is planning to introduce two-factor verification to its PlayStation Network widely soon after a Twitter user saw a reference to it in the latest 4.80 firmware update for the PlayStation 3. Although there is no official announcement from the company revealing when two-step authentication will be implemented in PSN, the representative told sources that "more details will be shared at a later date." Microsoft has been providing two-step verification to its Xbox Live users since 2013. The feature is also used on Battle.net and Steam. Two-Factor authentication, also known as two-step verification, is a process that requires you to submit two different forms of verification when logging into a service: One is your...

In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's  legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's announcement last month that it bought a hacking tool to break into the locked iPhone 5C belonging to the alleged San Bernardino shooter Syed Farook. At the time, the FBI did not disclose the name of the third party neither it revealed the cost of the hacking tool. But yesterday while speaking at the Aspen Security Forum in London, FBI Director James Comey gave a hint on the price it gave to the unnamed "outside party" for the hacking solution after Apple refused to help the agency bypass the iPhone's security mechanisms. The FBI Paid Over $1.3 MILLION f...

On Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa , on suspicion of money laundering and involvement in selling encrypted smartphones to criminals. Manupassa owns a company called Ennetcom , which provides customized Blackberry Phones with the secure PGP-encrypted network. Reportedly, Ennetcom sold nearly 19,000 encrypted cell phones at 1500 euros each in last few years. Police have seized Ennetcom servers based in the Netherlands and Canada and pulled them offline. The seized servers contain data of encrypted communications belong to a large number of criminals. According to a press release , the investigation is ongoing and seized data from the servers will be analyzed soon. Police believe this operation would result in collecting evidence required for solving numerous ongoing investigations involving drug trafficking, assassinations, and other serious crimes. Moreover, Canadian Police is also involved in this investigation and surprisingly, i...

In Brief Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone. Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security. Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks. Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click. That's a great deal! For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. Free VPN Service with Unlimited Data Usage Unlike several other free VPN services,...

In Brief Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware. Both hackers were charged with stealing hundreds of millions of dollars from banking institutions worldwide. Masterminds behind the development and distribution of the infamous " SpyEye " botnet have finally been sentenced to a combined total of 24 years and 6 months in prison. Aleksandr Andreevich Panin and Hamza Bendelladj have been sentenced for their roles in developing and distributing SpyEye malware that is said to have caused hundreds of millions of dollars in losses to the financial sector, the U.S. Justice Department said  on Wednesday. SpyEye, a successor to the notorious Zeus banking malware , has affected financial institutions since 2009. Once infected, the malware connec...

In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption al...

In Brief Apple's head of legal has denied all rumors about providing its complete source code or any backdoor to the Chinese government. Apple officially confirmed that the Chinese government has asked Apple twice in the past two years to hand over the source code for its operating system, but the company refused in both the cases. In a Tuesday hearing entitled "Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,"  the police officials put allegations on Apple for handing over user data to Beijing while refusing the authorities at its home in the US. However, speaking under oath at the congressional hearing, Apple's General Counsel Bruce Sewell denied the claims, saying "We have been asked by the Chinese government" for the source code behind the iPhone. But, "we refused." The response came just after Indiana State Police Captain Charles Cohen accused Apple of providing its source code to China. N...

In Brief Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users. Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data. Viber is the latest messaging platform to join WhatsApp , Telegram , and Apple iMessage , who strengthened their default privacy features in recent times. Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today. The move comes just a couple of weeks after Facebook-owned Whatsapp messaging app implemented full end-to-end encryption by default ...

In Brief What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security? Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called ' AI2 ,' which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy. Cyber security is a major challenge in today's world, as government agencies, corporations and individuals have increasingly become victims of cyber attacks that are so rapidly finding new ways to threaten the Internet that it's hard for good guys to keep up with them. A group of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) are working with machine-learning startup PatternEx to develop a line of defense against such cyber threats. The team has already  developed an Artificial Intelligence system that can detect 85 percent of attacks by...

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We...

In Brief The famous '60 Minutes' television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles. Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages. The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks. All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations. SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one ...

BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010. The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010, according to a new report from Vice News published yesterday. The report suggests that the Canadian police used the master key to intercept and decrypt over 1 Million messages sent using its own encrypted and allegedly secure BlackBerry Messenger ( BBM ) service in a criminal investigation over the course of 2 years. Single Encryption Key to Protect All Customers The issue with Blackberry's security mechanism is that the company uses a single global encryption key to protect all its regular customers, though the corporate BlackBerry phones use their own encryption keys generated...

The San Bernardino terrorist's iPhone that the Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) said was critical in their investigation has absolutely nothing useful on it , at least so far. Yes, the same iPhone that was subject of so much attention from the past few months. Here's a brief look at what happened in recent months over the iPhone: The DoJ and Apple were engaged in a legal battle over a court order that was forcing Apple to help the FBI access data on a locked iPhone tied to Syed Farook. Farook was one of two terrorists involved in the San Bernardino shooting incident last year that left 14 people dead. The FBI desperately wanted access to that locked iPhone , not because it was expecting any case-breaking evidence on Farook's work-issued iPhone, but it was just trying to gather all available information, leaving no stone unturned. When Apple refused to comply with the court order, the FBI found an altern...

Microsoft is suing the Department of Justice (DoJ) to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act (ECPA) allows the government to issue gag orders saying that the people or companies involved in a legal case cannot talk about the case or anything related to it in public. So, the government is continuously forcing tech companies to hand over their customers' emails or personal records stored in the cloud servers without their clients' knowledge. Microsoft has filed a lawsuit [ PDF ] against the DoJ, arguing that it is " unconstitutional " and violates constitutional protection of free speech to force the tech companies for not informing their customers when their stored data has been shared with authorities. "We believe these actions violate two of the fundamental rights that have been part of this countr...

The United States anti-encryption bill will kill your Privacy. In the wake of the Apple vs. FBI case, two leading Intelligence Committee Senators have introduced an anti-encryption bill that would effectively ban strong encryption. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released the official version of their bill today in response to concerns that criminals and terrorists are increasingly using encrypted devices to hide their plans and plots from authorities. As its name suggests, the Compliance with Court Orders Act of 2016 [ PDF ] would require people and technology firms like Apple and Google to comply with court orders to decrypt phones and its data. The draft copy of the Burr-Feinstein proposal was leaked last week, which has already faced heavy criticism from both the technology and legislative communities. Even the White House has declined to support the bill. The official version of the anti-encryption bill seems to be even wors...