The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In Brief Arthur Budovsky, co-founder of popular digital currency business 'Liberty Reserve', was sentenced Friday to 20 years in prison for running a money laundering scheme for hackers, identity thieves, child pornographers and drug dealers around the globe. Since its inception, 2005, to the year 2013, when Liberty Reserve was shut down by authorities, the company processed more than $8 billion worth of transactions for more than 5.5 million users worldwide. He was also ordered to forfeit $122 million and fined $500,000. The co-founder of Liberty Reserve, a widely-used digital currency, was sentenced to 20 years in prison on Friday for running a global money-laundering scheme that operated as "the financial hub for cyber criminals around the world." Arthur Budovsky Belanchuk, 42, ran an online digital currency business out of Costa Rica called Liberty Reserve from around 2005 until it was shut down by the federal authorities in 2013 with the arrest of Bud...

Without adequate analysis and algorithms, mass surveillance is not the answer to fighting terrorism and tracking suspects. That's what President Obama had learned last year when he signed the USA Freedom Act , which ends the bulk collection of domestic phone data by US Intelligence Agencies. There is no doubt that US Government is collecting a vast quantity of data from your smartphone to every connected device i.e. Internet of the things , but… Do they have enough capabilities to predict and identify terrorists or cyber criminals or state-sponsored hackers before they act? Well, if they had, I would not be getting chance to write about so many brutal cyber attacks , data breaches, and terrorist attacks that not only threatened Americans but also impacted people worldwide. The Ex-NSA technical director William E. Binney, who served the US National Security Agency for over 30-years, said last year in the front of Parliamentary Joint Committee that forcing analysts t...

In Brief What would you do if you get access to a Quantum Computer? IBM Scientists launches the world’s first cloud-based quantum computing technology, calling the IBM Quantum Experience, for anyone to use. It is an online simulator that lets anyone run algorithms and experiments on the company's five-qubit quantum computer. Quantum computers are expected to take the computing technology to the highest level, but it is an experimental and enormously complex technology that Google and NASA are working on and is just a dream for general users to play with. Hold on! IBM is trying to make your dream a reality. IBM just made its new quantum computing project online ( with tutorials ), making it available for free to anyone interested in playing with it. Quantum Computers — Now A Reality! The technology company said on Wednesday that it is giving the world access to one of its quantum computing processors, which is yet an experimental technology that has the potential...

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic . OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. One of the high-severity flaws, CVE-2016-2107 , allows a man-in-the-middle attacker to initiate a " Padding Oracle Attack " that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. A Padding Oracle flaw weakens the encryption protection by allowing attackers to repeatedly request plaintext data about an encrypted payload content. The Padding Oracle flaw ( exploit code ) was discovered by Juraj Somorovsky using his own developed tool c...

A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports. An anonymous Russian hacker, who goes by the moniker " the Collector ," was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web forum. The stolen credentials apparently came from some of the world’s biggest email providers, including Gmail, Yahoo, Microsoft and Russia’s Mail.ru. When security analysts at Hold Security reached out to the hacker and began negotiating for the dataset to verify the authenticity of those records, the hacker only asked for 50 Rubles (less than a buck) in return of the complete dump. However, it seems that there is actually nothing to worry about. Hold Security CEO Alex Holden said that a large number of those 1.17 Billion accounts credentials turned out to be duplicate an...

A serious zero-day vulnerability has been discovered in ImageMagick , a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The ImageMagick tool is supported by many programming languages, including Perl, C++, PHP, Python, Ruby and is being deployed by Millions of websites, blogs, social media platforms, and popular content management systems (CMS) such as WordPress and Drupal. Slack security engineer Ryan Huber disclosed a zero-day flaw (CVE-2016–3714) in the ImageMagick image processing library that allows a hacker to execute malicious code on a Web server by uploading maliciously-crafted image. For example, by uploading a booby-trapped selfie to a web service that uses ImageMagick, an attacker can execute malicious code on the website...

Yesterday, BBC broke a story allegedly revealing Craig Wright as the original creator of Bitcoin digital currency Satoshi Nakamoto. However, the highly skeptical cryptographic community is definitely not yet convinced with the technical proofs Wright has yet provided to the media outlets and on his  blog . Now, Wright has promised to provide further evidence for his claim that he is behind the pseudonym, Satoshi Nakamoto. Wright’s spokesman told BBC that he would " move a coin from an early block " of Bitcoin owned by Nakamoto " in the coming days. " However, the spokesman did not specify a deadline. " So, over the coming days, I will be posting a series of pieces that will lay the foundations for this extraordinary claim, which will include posting independently-verifiable documents and evidence addressing some of the false allegations that have been levelled, and transferring bitcoin from an early block. ", Wright said in a latest blog post...

A Russian man who spent about 3 years behind bars in the United States has been spared further prison time but ordered to pay $7 Million to cover damages he caused to banks using a vicious computer virus. Nikita Vladimirovich Kuzmin was arrested in 2010 and imprisoned in August 2011 for developing a sophisticated computer malware called Gozi and infecting more than 1 million computers worldwide, causing tens of millions of dollars in losses. Kuzmin was sentenced Monday to the 37 months he has already served in custody, and ordered to pay $6,934,979 that authorities have identified as the damages experienced by two major Banks, one located in the U.S. and the other in Europe, Department of Justice says . Kuzmin received a lighter sentence due to his "substantial assistance" in the investigation that resulted in the conviction of Latvian national Deniss Calovskis as well as the arrest of Romanian Mihai Ionut Paunescu, who is awaiting extradition to the United States. ...

In Brief For the second time in past five months, a Brazil court ordered local telecommunications companies to block the popular messaging app WhatsApp for 72 hours, afterFacebook-owned WhatsApp company refused to hand over information requested in a drug trafficking investigation. The WhatsApp's shutdown is affecting more than 100 million users throughout the country. Moreover, if Brazilian telecommunications companies do not comply, they could face a fine of $143,000 per day. Brazil just blocked its roughly 100 Million citizens from using WhatsApp, the popular messaging service owned by Facebook, for 72 hours (3 days). A Brazilian Judge ordered the blackout after WhatsApp failed to comply with a court order asking the company to help a branch of civil police access WhatsApp data tied to a criminal investigation. This is for the second time in last five months when a Brazil court ordered local telecommunications companies to block access to the popular messaging servi...

Yes, you heard it right. You can now end up your whole life behind bars if you intentionally hack into a vehicle's electronic system or exploit its internal flaws. Car Hacking is a hot topic. Today, many automobiles companies are offering cars that run mostly on the drive-by-wire system, which means the majority of functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these auto-control electronic systems improve your driving experience, but at the same time also increase the risk of getting hacked. Previous research demonstrated hackers capabilities to hijack a car remotely and control its steering, brakes and transmission, and to disable car's crucial functions like airbags by exploiting security bugs affecting significant automobiles. Messing with Cars can Cost You Keeping these risks in mind, the Michigan state Senate has proposed two bills which, if passed into law, will introduce life sentences i...

The mysterious creator of the BITCOIN digital cryptocurrency seems to have been identified as an Australian entrepreneur, and his name is: Craig Steven Wright. Five months after Wright, an Australian computer scientist and businessman was outed as Satoshi Nakamoto , revealed himself as the original inventor of Bitcoin digital currency. Wright has published a blog post offering Cryptographic Key as proof of his work, backed up by other technical information and the prominent Bitcoin community members have also corroborated his claim. However, Satoshi Nakamoto has always shown the desire to remain anonymous, while Wright has not. " I am not seeking publicity, but want to set the record straight, " he explains. Wright has provided some technical proofs to BBC , The Economist, and GQ media outlets that link him to the identity of Nakamoto. Craig Wright Claims He is Satoshi Nakamoto At the meeting with the BBC and Economist, he digitally signed messages using th...

Ransomware has become an albatross around the neck, targeting businesses, hospitals , and personal computers worldwide and extorting Millions of Dollars . Typical Ransomware targets victim's computer encrypts files on it, and then demands a ransom -- typically about $500 in Bitcoin -- in exchange for a key that will decrypt the files. Guess what could be the next target of ransomware malware? Everything that is connected to the Internet. There is a huge range of potential targets, from the pacemaker to cars to Internet of the Things, that may provide an opportunity for cybercriminals to launch ransomware attacks. Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility's internal computer systems offline. Also Read: FBI Suggests Ransomware Victims — ' Just Pay the Ransom '. The attack took place earlier this week when one of the compan...

In Brief Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years. Microsoft has purchased 10 Million strands of synthetic DNA, called Oligonucleotides a.k.a. DNA molecules, from biology startup Twist and collaborated with researchers from University of Washington to explore the idea of using synthetic DNA to store huge amount of data. Microsoft is planning to drastically change the future of data storage technology as we know it today. The volume and rate of production of data being produced and stored every day are so fast that the servers and hard drives needing to be replaced periodically, potentially increasing the risk of corruption and data loss. According to stats, 5.4 zettabytes (4.4 trillion gigabytes) of digital data, circulating and available worldwide, had been created by 2015, and it will boost to 54 zettabytes (ZB) by 2020. How will the world suppose to store this 10 times amount of data in next four years? For this, Microsof...

In Brief The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction. Under the original Rule 41, let’s say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York. But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world. The Federal Bureau of Investigation (FBI) can now Hack your computers anywhere, anytime. The FBI appeared to have been granted powers to hack any computer legally across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any United States judge. The U.S. Supreme Court approved yesterday a change in Rule 41 of the Federal Rules of Criminal Procedure that would let U.S. judges issue warrants for remote access to electronic devices outside their jurisdict...

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop’s web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [ Watch Video Demo ] "Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says. However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account’s settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client. " I sent [bug report] it to them [Telegram team]...

In Brief A suspect of child pornography possession, Francis Rawls, who is a former Philadelphia Police Department sergeant, has been in solitary confinement without charges for last seven months and will remain until he complies with a court order forcing him to decrypt his password-protected hard drives seized in connection with a child pornography investigation. Remember Ramona Fricosu? In 2012, a Colorado woman was ordered to unlock her laptop while investigating financial fraud, but she refused to unlock it saying that she did not remember the password. Later the US Court ruled that Police can force defendants to decrypt their electronic devices, of course, as it does not violate the Fifth Amendment that prevents any citizen from having to incriminate themselves. Forget the password? It might be a smart way to avoid complying with a court order, but not every time. A Philadelphia man has been in jail for seven months and counting after being refused to comply with a c...

In Brief According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road. Do you know who created malware for the FBI that allowed Feds to unmask Tor users? It's an insider's job… A former Tor Project developer. In an investigation conducted by Daily Dot journalists, it turns out that  Matthew J. Edman , a former part-time employee of Tor Project, created malware for the Federal Bureau of Investigation (FBI) that has been used by US law enforcement and intelligence agencies in several investigations, including Operation Torpedo . Matthew Edman is a computer scientist who specializes in cyber security and investigations and  joined the Tor Project in 2008 to build and enhance Tor software's interactions with Vidalia software, cross-platform ...

In Brief The Microsoft’s Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products. PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia. Practically speaking, the most important thing for a sophisticated APT hacker and a cyber-espionage group is to remain undetected for the longest possible period. Well, that's exactly what an APT (Advanced Persistent Threat) group has achieved. The Microsoft’s Windows Defender Advanced Threat Hunting team has discovered that an APT group, dubbed Platinum, has been spying on high-profile targets by abusing a " novel " technique called...

No matter how smart and fast your devices would be, the biggest issue is always with the battery technology. Whenever you go to buy any electronic gadget — smartphone, laptop, or any wearable — the most important specification isn’t its processor speed or its camera quality but its Battery Backup , which is not getting better any time soon. What if you could eliminate the very thing entirely? Well, that's exactly what the electrical engineers from the University of Washington has developed. A team of researchers from the University of Washington’s Sensor Lab and the Delft University of Technology has developed a new gadget that doesn’t need a battery or any external power source to keep it powered; rather it works on radio waves. So, this means you have to turn on your radio every time to keep this device charged. Right? No, you don’t need to do this at all, because the device sucks radio waves out of the air and then converts them into electricity. Wireless Ident...

In Brief The Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public. Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple’s iOS and OS X operating system and was patched nine months ago, with the release of iOS 9 for iPhones and Mac OS X El Capitan, according to Apple. The FBI informed Apple of a vulnerability in its iPhone and Mac software on April 14, but it’s not the one used to unlock an iPhone of one of the San Bernardino shooters, Reuters  reported . But, Why didn’t the FBI disclose the hack used to get data off the San Bernardino iPhone ? Well, the answer came from the FBI is not much complicated. According to the FBI Director James Comey, the FBI is still assessing whether the hack used to unlock Farook...