The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you are a torrent lover and have registered on  BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords. The BitTorrent team has announced that its community forums have been hacked, which exposed private information of hundreds of thousands of its users. As of now, BitTorrent is the most visited torrent client around the world with more than 150 Million monthly active users. Besides this, BitTorrent also has a dedicated community forum that has over hundreds of thousands of registered members with tens of thousands of daily visitors. A recent security alert by the team says the forum database has been compromised by hackers who were able to get their hands on its users' passwords, warning its users to update their passwords as soon as possible. The vulnerability is believed to be originated at one of its vendors, who alerted the BitTorrent team about the issue ...

Hackers and geeks always tinkered with their devices, regardless of their operating system, and are always behind the ways to run Android on iPhone, iOS on Android phones, or Dual-Boot iOS and Android together in a single device. Though there are many solutions available on the Internet to solve these queries, but recently a hardware hacker has demonstrated a new way to run Android OS virtually on iPhone within an app i.e. without booting the iOS device. Nick Lee, the CTO of mobile development firm Tendigi, has created a specialized iPhone case, that when connected to your iPhone, will let your iPhone run a full-fledged version of Android operating system. This hack is not the first weird thing Lee did; he previously was able to get his Apple Watch to run Windows 95. Lee showed how everything from WiFi to the Google Play Store to the calculator app worked fine. To run Android on iPhone, Lee first cloned the Android Open Source Project and built his own version of Android M...

What's the worst that could happen when a Ransomware malware hits University? Last month, the IT department of the University from where I have done my graduation called me for helping them get rid of a Ransomware infection that locked down all its student's results just a day before the announcement. Unfortunately, there was no decrypter available for that specific ransomware sample, but luckily they had the digital backup for the examination results in the form of hundreds of excel sheets. So, somehow backup helped administrator to re-compile complete result once again into the database, but this delayed the announcement for over 30 days. However, the situation is not same every time. Recently, the University of Calgary in Alberta  paid a ransom of $20,000 to decrypt their computer systems' files and regain access to its own email system after getting hit by a ransomware infection. The University fell victim to ransomware last month, when the malware instal...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Sometimes I receive emails from our readers who wanted to know how to hack Facebook account , but just to delete some of their messages they have sent to their friends or colleagues mistakenly or under wrong circumstances like aggression. How to hack a Facebook account? It is probably the biggest "n00b" question you will see on the Internet. The solution for this query is hard to find — but recently researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger. According to the researcher  Roman Zaikin  from cyber security firm Check Point , a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app, potentially allowing anyone to modify or delete any of his/her sent message, photo, file, and link. Though the bug is simple, it could be exploited by malicious users to send a legitimate link in a Facebook chat or group chat, and later change it to a malicious link t...

Last month, it was reported that the European Commission is planning to impose a record antitrust fine of about 3 BILLION euros ( US$3.4 Billion ) on Google for violating antitrust laws. Not just Europe, Google also lost an anti-monopoly appeal in Russia two months back against ruling for violating its dominant position with the help of its Android mobile OS by forcing its own apps and services like Google Map, Youtube, and others, on users — reducing competition. Now to put an end to the monopoly of major mobile Operating System, Russians are developing their own mobile operating system to compete with Android, iOS, and Windows mobile OS. The Minister of Russian Communication Ministry, Nikolai Nikiforov tweeted last month about the initiative to develop a new Russian mobile operating system, for which the Russian company Open Mobile Platform (Открытая Мобильная Платформа) is hiring developers, testers and security engineers. Open Mobile Platform is developing a Linux-ba...

From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars . Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). A security expert has discovered vulnerabilities in the Mitsubishi Outlander's Wi-Fi console that could allow hackers to access the vehicle remotely and turn off car alarms before potentially stealing it. The company has embedded the WiFi module inside the car so that its users can connect with their Mitsubishi mobile app to this WiFi and send commands to the car. Researchers from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander uses a weak WiFi access security key to communicates with the driver's phone. The key to getting into the Wi-Fi can be cracked through a brute force attack (" on a 4 x GPU c...

The man who runs the biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts. Yes, I'm talking about Facebook CEO Mark Zuckerberg , who had his Twitter and Pinterest accounts compromised on Sunday. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack and guess how the group did it? Thanks to the LinkedIn data breach ! The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts. Also Read: Hacker Removed Zuckerberg's Facebook Cover Photo The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter ( @finkd ) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offens...

Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed " IRONGATE ," affects Siemens industrial control systems. The malware only works in a simulated environment and is probably just a proof-of-concept that is likely not used in wild; therefore is not yet advanced enough to impact real-world systems . The Irongate malware "is not viable against operational Siemens control systems," the cybersecurity firm said in its blog post , and the malware "does not exploit any vulnerabilities in Siemens products." The researchers found this malware fascinating due to its mode of operation that included some Stuxnet-like behavior. The Stuxnet sab...

Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns ...

Have you ever felt Facebook is showing you very relevant ads about topics you're only discussing around your phone? If yes, then you may find this news worth reading. Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about. However, the social networking giant responds  it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads. " Facebook does not use microphone audio to inform advertising or News Feed stories in any way ," a Facebook spokesperson said. " Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection. " Facebook rolled out a feature in May of 2014 when the company said that it might target ads " in t...

Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole...

How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market? It's $95,000, at least, for the one recently spotted by security researchers. Researchers from Trustwave's SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10. The zero-day exploit for the previously unknown vulnerability in " every version " of Windows is openly sold for $90,000 ( over £62,000 ). The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000. The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim's PC and is less dangerous th...

Facebook is set to introduce end-to-end encryption for its Messenger app , allowing more than its 900 Million users to send and receive messages that can not be read or intercepted by law enforcement or even the social network itself. However, it's not the kind of end-to-end encrypted chat feature provided by Apple or WhatsApp in which all your conversation are entirely encrypted by default. Instead, the social networking giant will offer an end-to-end encrypted chat mode in Messenger as opt-in, just like Google's Allo smart chat app that provides encrypted chat feature only if users opt for it. Privacy advocates criticized Google for adding its ' incognito ' encrypted chat mode as an opt-in feature, rather than offering end-to-end encryption by default. Now, Facebook Messenger will roll out the same choice for its users in the next few months, when the company will roll out this new encrypted chat mode in Messenger as an opt-in feature, reports  The Guardian. ...

MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised. You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website. On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum. The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts . "We believe the data breach is attributed to Russian Cyberhacker 'Peace'," Myspace wrote in a blog post . "Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform ar...

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo. At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned . "As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts," read Tumblr's blog . A Hacker, who is going by "peace_of_mind," is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal . The compromised data includes 65,469,298 unique e-mail addresses and "salted & hashed passwords." The Same hacker is also selling the compromised login account data from Fling, Li...

Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens. Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people. All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported . In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers. However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp , Apple iMessage , and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even Whats...

There's nowhere to hide across the web, especially from the marketing and advertising companies. If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts. Until now, Facebook was showing targeted ads only to its users, but now the social networking giant says it needs extra data to make its ads better. Facebook announced on Thursday that the company is expanding its Audience Network , allowing publishers and developers to reach more people through Facebook advertising. To deliver interest-based Ads to its users as well as non-users alike, Facebook will now use cookies via third-party websites offering Facebook plug-ins (e.g. 'Like' button). "We've designed these updates so that we continue to comply with EU law. In particular, we reflected feedback from people who use Facebook, including a variety of privacy experts...

Google has finally won six-year long $9-billion legal battle with Oracle over the use of Java APIs in Android. Oracle filed its lawsuit against Google in 2010, claiming that the company illegally used 11,500 lines of Java code in its Android operating system, violating copyrights owned by Oracle. However, a federal jury of ten people concluded Thursday that Google's use of Java constituted "Fair Use" under US copyright law and delivered a verdict in favor of Google. The case was a big deal as the court decision could have the potential to change the way future apps are written for the Android operating system that is being used by almost 80% of the world's mobile devices. Also Read:   Google 'Android N' Will Not Use Oracle's Java APIs Oracle, who owns Java, had been seeking $9 Billion in damages for the use of application programming interfaces (APIs), which govern how code communicates with other bits of code. However, Google argued that...

SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist . Security researchers at Symantec have found evidence that malware used by the hacking group shares code similarities with the malware families used in targeted attacks against South Korean and US government, finance, and media organizations in 2009. These historic attacks were attributed to the North Korean hacking group known as Lazarus , who hacked Sony Pictures in 2014. Also Read:   How Hackers Stole $80 Million from Bangladesh Bank . " At first, it was unclear what the motivation behind these attacks were, however, code sharing between Trojan.Banswift (used in the Bangladesh attack used to manipulate SWIFT transactions) and early variants of Backdoor.Contopee provided a connection, " Symantec blog post says. In past few months, some unknown hackers have been targeting banks across the world by gaining access to SWIFT, the wor...