The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Recently, you may have seen some of your Facebook friends started posting a Facebook " Privacy Notice " clarifying that they no longer give Facebook permission to use their photos, personal information, and so on. The Privacy message looks something like this: "From Monday, 27th June, 2016, 1528 IST, I don't give Facebook permission to use my pictures, my information or my publications, both of the past and the future, mine or those where I show up. By this statement, I give my notice to Facebook it is strictly forbidden to disclose, copy, distribute, give, sell my information, photos or take any other action against me on the basis of this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308-1 1 308-103 and the Rome statute). Note: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version....

The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them. Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins. And now… Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks. Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack . Al...

If just relying on the security tools of Microsoft Office 365 can protect you from cyber attacks, you are wrong. Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools. According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments. The Cerber ransomware is invoked via Macros. Yes, it's hard to believe but even in 2016, a single MS Office document could compromise your system by enabling ' Macros '. Locky and Dridex ransomware malware also made use of the malicious Macros to hijack systems. Over $22 Million were pilfered from the UK banks with the Dridex Malware that got triggered via a nasty macro virus. You can see a screenshot of the malicious document in the latest malware campaign belo...

Since the launch of Windows 10 in July last year, Microsoft is constantly pestering users to upgrade their PCs running older versions of the operating system. However, many users who are happy with Windows 7 or Windows 8.1 and don't want upgrade to Windows 10 now or anytime soon are sick of this forceful unwanted upgrade. One of the victims to this unwanted Windows 10 installation has made Microsoft pay $10,000. A California woman has won $10,000 from Microsoft over an unwanted Windows 10 upgrade. Must Read: How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically . Teri Goldstein sued Microsoft for upgrading her computer to Windows 10 without her authorization, which made it slow and unusable for days at a time, reports the Seattle Times. The PC used by Goldstein, who operates a Californian travel agency, was apparently upgraded to Windows 10 shortly after Microsoft offered free upgrade to Windows 7 and 8.1 users last year. Goldstein said the updat...

A Ukrainian bank has become the latest victim of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT. Hackers have reportedly stolen $10 Million from an unnamed bank in Ukraine by exploiting the SWIFT international banking system, according to an independent IT monitoring organization called the Information Systems Audit and Control Association (ISACA). Swift or the Society for Worldwide Interbank Financial Telecommunication is the global banking messaging system responsible for managing Billions of dollars in money transfers each day between financial institutions worldwide. The ISACA branch in Ukraine, who has been hired by the targeted bank to investigate the heist, disclosed that some unknown hackers were able to compromise the bank's security in similar way they hacked Bangladesh central bank and stole $81m (£56m), the Kyiv Post reports. "At the current moment, dozens of ba...

Nobody is immune to being Hacked! After hacking Mark Zuckerberg's Twitter and Pinterest accounts, Hacking group OurMine has successfully hacked the Quora account Google CEO Sundar Pichai and then cross-posted to his Twitter account. The hack became apparent when OurMine posted messages on Quora through Pichai's account, which then appeared on his official Twitter feed late Sunday night — Thanks to the two accounts being linked. All the tweets in question have since been removed from Pichai's Twitter feed. Unlike Mark Zuckerberg, the three-man team Saudi hackers group did not use password exposed by 2012 LinkedIn data breach; rather they claimed to have discovered a vulnerability in Quora, which is a Q&A community launched in 2010. The group behind OurMine claims it is "testing security" of accounts and teaching people to secure their online accounts better. "We are just testing people security (sic), we never change their passwords, we did it...

Hey! Welcome to the United States. May we have your Twitter handle, please? That's exactly what you'll likely be asked by the U.S. Customs and Border Protection at the airport prior to entering U.S. soil. Yes, your Twitter handle may soon be part of the US Visa process as U.S. Customs and Border Protection has entered a new proposal into the federal register, suggesting a new field in which foreign visitors can declare their online presence. This new proposal submitted by the US Department of Homeland Security (DHS) to the Federal Register on Thursday would update the required entry forms with a question asking travelers to " Please enter information associated with your online presence -- Provider/Platform -- Social media identifier. " This information would not be mandatory, but of course, foreign travelers who decline to reveal their online presence may subject for additional scrutiny. What's the idea behind Knowing the visitors' Online Prese...

We have heard a lot about ATM skimmers, but it's nearly impossible to spot one. Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM. But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable. Tedesco was hanging out in Vienna and when about to draw some cash from a cash machine outside St. Stephen's Cathedral, he decided to do a quick visual inspection of the ATM machine and surprisingly spotted the dodgy device attached to it. Warning: Beware of Skimming Devices Installed on the ATM Vestibule Doors . That was a credit card skimmer – a perfect replica of the actual card reader that was designed to steal credit card information of users when they swipe their card to take off cash from the ATM. "Being security paranoid, I repeated my typical habit of checking the card read...

It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize. Researchers at Trend Micro have detected a family of malicious apps, dubbed ' Godless ,' that has the capability of secretly rooting almost 90 percent of all Android phones. Well, that's slightly terrifying. The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps. Also Read:   Crazy hacker implants NFC Chip in his hand to hack Android phones . The malicious apps packed with Godless contain a collection of open-source or leaked Android rooting exploits that works on any device running Android 5.1 Lollipop or earlier. 90% Android Devices are Vulnerable to Godless Rooting Malware Since Android eco...

An Independent Security Researcher from Egypt has discovered a critical vulnerability in Uber app that could allow an attacker to brute force Uber promo code value and get valid codes with the high amount of up to $25,000 for more than one free rides. Mohamed M.Fouad has discovered a " promo codes brute-force attack " vulnerability in the sign-up invitation link for Uber that allows any user to invite another user to join the service and get one or more than one free rides based on the promotion code value. Fouad realized that the Uber app did not have any kind of protection against brute-force attacks, allowing him to generate promo codes ( that start with 'uber+code_name' ) until he found valid ones. The brute force attempt helped Fouad find several numbers of valid promo codes with high value in US dollar between $5,000 to $25,000, which would have helped him get a number of free rides between one to three. Fouad has also provided a video demonstration...

Apple's new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel ...

We have been hearing a lot about Rule 41 after the US Department of Justice has pushed an update to the rule. The change to the Rule 41 of the Federal Rules of Criminal Procedure grants the FBI much greater powers to hack legally into any computer across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge. However, both civil liberties groups and tech companies have blasted the proposed change, saying it is an affront to the Fourth Amendment and would allow the cops and Feds in America to hack remotely into people's computers and phones around the world. Google, Electronic Frontier Foundation (EFF), Demand Progress, FightForTheFuture, TOR (The Onion Router), Private Internet Access and other VPN providers have joined their hands to block changes to Rule 41. " The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the ...

When it comes to data breaches of major online services like LinkedIn , MySpace , Twitter and VK.com , it's two-factor authentication that could save you from being hacked. Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling the feature just to save themselves from irritation of receiving and typing a six-digit code that takes their 10 to 15 extra seconds. Now, Google has made the 2-Step Verification (2FV) process much easier for its users, allowing you to login with just a single tap instead of typing codes. Previously, you have had to manually enter a six-digit code received via an SMS or from an authenticator app, but now… Google has introduced a new method called " Google Prompt " that uses a simple push notification where you just have to tap on your mobile phone to approve login requests. Also Read: Google Plans to Kill your Passwords . In other words, while signing in to your...

What do you do to protect your 'Privacy' and keep yourself safe from potential hackers? Well, Facebook CEO Mark Zuckerberg just need a bit of tape to cover his laptop webcam and mic jack in order to protect his privacy. Yes, Zuck also does the same as the FBI Director James Comey . Zuckerberg posted a photo on Tuesday to celebrate Instagram's 500 Million monthly user milestone, but the picture end up revealing about another security measure he takes to ensure that nobody is spying on him – and it's surprisingly simple. Some eagle-eyed observers quickly noticed that the MacBook Pro on Zuckerberg's desk in the background of the image has the tape covering not only the webcam, but also the laptop's dual microphones. While some tried to argue that it was not Zuckerberg's desk, Gizmodo pointed out that Zuckerberg has posted videos, live streams and images from there before, so it seems like a safe assumption. So, Zuckerberg joins FBI director Jam...

China beats its own record with the World's fastest supercomputer. Sunway TaihuLight , a newly built supercomputer from China, now ranks as the world's most powerful machine. During the International Supercomputer Conference in Germany on Monday, Top500 declared China's 10.65 Million-core Sunway TaihuLight as the world's fastest supercomputer. Moreover, the supercomputer is leading by a wide margin, too. With 93 petaflops of processing power, Sunway TaihuLight is nearly three times more powerful than the world's previous fastest supercomputer, Tianhe-2 , which had been the world's fastest computer for last 3 years with speeds of 33.9 petaflops per second. That's 93 quadrillion floating point operations per second (FLOP), which means the supercomputer can perform around 93,000 trillion calculations per second, at its peak. The Sunway TaihuLight supercomputer is installed at the National Supercomputing Centre in Wuxi. "Sunway TaihuLight, with ...

The same group of teenage hackers that hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person. This time, it's Twitter's ex-CEO, Dick Costolo . The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitter account of former Twitter CEO on Sunday and managed to post three tweets on Costolo's Twitter timeline, first spotted by a Recode reporter. However, the tweets seemed to be just simple-worded tweets with no disturbing content. It looked like the hacking group was testing its access to the account. All the three tweets in question have since been deleted, and Costolo soon regained access to his account. Moreover, Twitter also suspended the Twitter account belonging to OurMine once again, after the company already suspended its original account following the Zuckerberg hacks. After regaining access to his account, Costolo said that the group of hackers ma...

T-Mobile is the latest in the list of recent high-profile data breaches, though this time the breach is not carried out by "Peace" - the Russian hacker who was behind the massive breaches in some popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . Instead, one of the T-Mobile's employees stole more than 1.5 Million customer records at the T-Mobile Czech Republic in order to sell it on for a profit, according to local media , MF DNES. Yes, the customer service staff member tried to sell the T-Mobile customer marketing database, though it is not clear that how much of names, e-mail addresses, account numbers and other personal data of over 1.5 Million customers the database contained. The T-Mobile Czech Republic has also refused to provide any "additional specific information" about what data was leaked, due to an ongoing police investigation. Although the company assured its customers that the stolen database did not contai...

A critical flaw in the video conferencing software of the Quebec Liberal Party (PLQ) − a Canadian federalist provincial political party − allowed a user to spy on and hear the strategy discussions of the party at its premises and even access the live video camera feeds. But luckily, the unknown white hat hacker who discovered the flaw alerted the PLQ staff of the security issue, showing them some videos of the discussions held at the party headquarters as a proof-of-concept. What if the hacker was having a malicious intent? He could have spied on the party's video feeds covertly and could have handed over the feeds and sensitive information, along with the working intrusion bug, to the opposition party for monetary benefits. It seems like the hacker spied on video conference meetings between PLQ's Quebec and Montreal branches. According to the hacker, the PLQ's software not only contained a security vulnerability but also used the factory default password, rep...

One of the founders of notorious file-sharing website The Pirate Bay has been ordered to pay a fine worth nearly US$400,000 to several major record labels after their content was shared illegally via the platform. The penalty has been imposed on The Pirate Bay co-founder Peter Sunde by a court in Helsinki, Finland. Interestingly, Sunde, who already left the notorious file sharing site in 2009, said on Twitter that he lost the court case he did not even know about. The court case was brought by the Finnish divisions of Sony Music, Universal Music, Warner Music and EMI, accusing the Pirate Bay of illegally sharing the music of 60 of their artists through its service. The artists mentioned in the brief included " Juha Tapio, Teräsniska, Chisu, Deniece Williams, Suvi Vesa-Matti Loiri, Michael Monroe, Anna Abreau, Antti Tuisku, and Children of Bodom, " according to the local outlet Digitoday . However, the recording division did not accuse Sunde of direct infringeme...

Popular code repository site GitHub is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches . Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter . According to a blog post published by Shawn Davenport, VP of Security at GitHub, an unknown attacker using a list of email addresses and passwords obtained from the data breach of " other online services " made a significant number of login attempts to GitHub's repository on June 14. After reviewing the logins, administrators at GitHub found that the attacker had gained access to a number of its users' accounts in order to gain illicit access to their accounts' data. Although the initial source of the leaked credentials isn't clear, the recent widespread "megabreaches" of LinkedIn , MySpace , Tumblr , and the dating site Fling, ...