The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a " dark day for Russia ." The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested. The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years. Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government. "Putin ...

Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed " Secret Conversations ," will allow Messenger users to send and receive messages in a way that no one, including the FBI with a warrant, hackers and not even Facebook itself, can intercept them. But, this new feature will currently be available only to a small number of users for testing. So if you are one of those lucky users, you will be able to send end-to-end encrypted Secret Conversations through your Messenger app. Rest of the Messenger users will get Secret Conversations feature later this summer or in early fall, the company wrote in a Facebook newsroom post published today. Sounds exciting, right? But, there's a catch: Your conversations on Messenger will not be end-to-end encrypted by default, like what WhatsApp and Apple are offering. Instead, Facebook will require ...

The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s...

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your smartwatch or fitness tracker is not as secure as you think – and it could be used to steal your ATM PIN code. The risk lies in the motion sensors used by these wearable devices. The sensors also collect information about your hand movements among other data, making it possible for "attackers to reproduce the trajectories" of your hand and "recover secret key entries." In the paper, titled " Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN," computer scientists from the Stevens Institute of Technology and Binghamton University used a computer algorithm that can guess your password and PIN with about 80% success rate on the first attempt, and ...

The Internet of things or connected devices are the next big concerns, as more Internet connectivity means more access points which mean more opportunities for hackers. When it comes to the threat to Internet of Things, Car Hacking is a hot topic. Since many automobiles companies are offering cars that run mostly on the drive-by-wire system, a majority of functions are electronically controlled, like instrument cluster, steering, brakes, and accelerator. No doubt these auto-control systems in vehicles improve your driving experience, but at the same time increase the risk of getting hacked. Recently, security researcher Benjamin Kunz Mejri  have disclosed zero-day vulnerabilities that reside the official BMW web domain and ConnectedDrive portal and the worst part: the vulnerabilities remain unpatched and open for hackers. Benjamin from Vulnerability-Labs has discovered both the vulnerabilities. The first one is a VIN ( Vehicle Identification Number ) session vulner...

Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden's revelations, it's clear that how desperately government agencies wants to put secret backdoors in your network, devices, and software. However, Bulgaria has come forward with an all new set of laws that would be appreciated by privacy lovers and open-source community. Also Read:  Top Best Password Managers . The Bulgarian Parliament has passed legislative amendments to its Electronic Governance Act that require all software written for the country's government to be fully open-sourced and developed in the public Github repository . This means that source code of software developed for the Bulgarian government would be accessible to everyone and provided free for use without limitations. Article 58A of the Electronic Governance Act states that administrative...

Breaking News for Today: Antivirus company Avast Software is planning to acquire Dutch rival AVG Technologies for $1.3 Billion in cash. Avast announced today that it would buy Amsterdam-based AVG Technologies for $25 per share in an all-cash transaction valued at $1.3 Billion in an aim to expand its presence in the emerging markets. With more than 230 Million users worldwide, Avast provides free and paid security software packages for both PCs as well as mobile devices to businesses and individuals. The deal between the two popular security software companies will provide Avast with 400 Million endpoints -- devices that have some form of Avast or AVG application installed. Around 160 Million of those are mobile. However, AVG technologies was in controversies for updating its policy that clearly said that the company will be allowed to collect and sell users' "non-personal data" to online advertisers in order to "make money" from their "free of...

Big technology companies are in the race of bringing Internet connectivity to unconnected parts of the world through flying drones , high-altitude balloons, and laser beams , but Facebook has announced a far less expensive method to provide connectivity to rural areas. Facebook CEO Mark Zuckerberg announced Wednesday the creation of a new open-source wireless communication platform called OpenCellular that can be easily deployed in remote locations by anyone. OpenCellular is a doorbell-sized hardware device that could be attached to a pole or tree at a range of heights from where it can deliver a wireless network, from 2G cell-phone networks to higher speed LTE, and Wi-Fi networks like those inside your home, or local coffee shop. The device is designed to work in rural locations in conditions, including high winds, extreme temperatures, and harsh climates. But, wait! This doesn't mean that Facebook is rolling out its own broadband services. Facebook to Open-Source ...

To make the configuration of routers easier, hardware vendors instruct users to browse to a domain name rather than numeric IP addresses. Networking equipment vendor TP-LINK uses either tplinklogin.net or tplinkextender.net for its routers configuration. Although users can also access their router administration panel through local IP address (i.e. 192.168.1.1). The first domain offered by the company is used to configure TP-LINK routers and the second is used for TP-LINK Wi-Fi extenders. Here's the Blunder: TP-Link has reportedly " forgotten " to renew both domains that are used to configure its routers and access administrative panels of its devices. Both domains have now been re-registered using an anonymous registration service by an unknown entity and are being offered for sale online at US$2.5 Million each. This latest TP-Link oversight, which was first spotted by Cybermoon CEO Amitay Dan, could lead its users to potential problems. However, it ...

An Android-based malware campaign has been found to control as many as 85 million Android devices globally and is making its gang an estimated $300,000 per month in fraudulent ad revenue. A Chinese advertising company called Yingmob is responsible for distributing the malware on a massive scale and would appear to be the same firm behind Yispecter iOS malware , cybersecurity company Check Point revealed. Yingmob, based in Chongqing, China, markets itself as an advertising firm, claiming to provide easy-to-deploy ads support (text, pictures and video ads), without affecting the user experience. The service offers pop-up, sidebar, and in-app ads. However, Check Point researchers claim that the company's "Development Team for Overseas Platform" is responsible for two of the biggest waves of malware: HummingBad for Android and Yispecter for iOS. "Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technolog...

A second man has pleaded guilty for his role in ' The Fappening ' breach of 2014, in which the Internet was flooded with thousands of photographs of popular celebrities, including Jennifer Lawrence , Kim Kardashian , Kate Upton and Kirsten Dunst. Edward Majerczyk (28) of Chicago, Illinois agreed to plead guilty last Friday to hacking into the Apple iCloud and Gmail accounts of more than 300 victims, including 30 celebrities, between November 2013 and August 2014, federal prosecutors said. Like Ryan Collins , Majerczyk used phishing scheme to trick celebrities into entering their account credentials into bogus 'security' sites and then accessed private and photographs and videos of celebrities. The hackers then leaked hundreds of thousands of explicit photos of Hollywood actresses on the Internet in September 2014 that later known as The Fappening (or 'Celebgate') breach. "This defendant not only hacked into email accounts — he hacked into his...

A former United States undercover agent who stole hundreds of thousands of dollars worth of Bitcoins during an investigation into the underground drug marketplace Silk Road is now suspected of stealing even more of the cryptocurrency from two other cases. Shaun Bridges is one of two former US agents who pleaded guilty last year and was sentenced in December to almost six years in prison for stealing over $800,000 in Bitcoin while investigating the Darknet marketplace. Bridges and his partner stole money from Silk Road accounts and framed someone else for it, which lead the Silk Road chief Ross Ulbricht to plan a murder. Ulbricht is now serving life in prison sentence . Ulbricht was convicted in February 2015 of running the underground black market . According to court filings unsealed on Thursday, Bridges is believed to have stolen additional funds from a Secret Service account on two different occasions months after he was initially charged. Bridges and 46-ye...

Own an Android smartphone? Hackers can secretly install malicious apps, games, and pop-up adverts on your smartphone remotely in order to make large sums of money. Security researchers at Cheetah Mobile have uncovered one of the world's largest and most prolific Trojan families, infecting millions of Android devices around the world. Dubbed Hummer , the notorious mobile trojan stealthily installs malicious apps, games, or even porn apps onto victim's phones and yields its creators more than $500,000 (£375,252) on a daily basis. First discovered in 2014 by Cheetah Mobile, Hummer gained traction in early 2016 when the Trojan family was infecting "nearly 1.4 Million devices daily at its peak" with 63,000 infections occurring daily in China, according to researchers at Cheetah Mobile Security Research Lab. "This Trojan continually pops up ads on victims' phones, which is extremely annoying," researchers wrote in a blog post. "It also pushe...

The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible. We can not say a lot about Apple's users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data. Android's full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices. And the worst part: There may not be a full fix available for current Android handsets in the market. Google started implementing Full Disk Encryption on Android by default with Android 5.0 Lollipop. Full disk encryption (FDE) can prevent both hackers and even powerful law enforcement agencies from gaining unauthorized access to device's data. Android's disk encryption, in short, is the process of encoding all user's data on an Android device before ever wri...

Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent , granted on Tuesday by the United States Patents and Trademark Office, is highly technical. Apple's latest patent describes an iPhone or iPad camera receiving coded infrared signals beamed from emitters in public places would temporarily disable device camera functionality, preventing any photography or recording for as long as the signal is on. "An infrared emitter can be located in areas where picture or video capture is prohibited," reads the patent. "An electronic device can then receive the infrared signals, decode the data and temporarily disable the device's recording function based on the command." The technology patented by Apple could also be used to be...

No, it's not Nutella. Google has finally announced the official name of the latest version of its Android mobile software, codenamed Android N: " Nougat ." Yes, the next version of sugary snack-themed Android and the successor to Android Marshmallow will now be known as Android Nougat, the company revealed on Snapchat and Twitter. The announcement comes days after Google set up a website for users to submit suggestions for the name of Android N . Android has maintained its tradition of naming its Android mobile operating system by the names of alphabetically-ordered sugary delights starting from Android Cupcake, Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, Lollipop, and Marshmallow . The final release of Android Nougat is still in beta and due later this summer. The good news is that the Google Android team has brought several meaningful features to your smartphone and tablet with the release of Android Nougat. Andro...

Twitter account of another high profile has been hacked! This time, it is Facebook-owned virtual reality company Oculus CEO Brendan Iribe who had his Twitter account hacked Wednesday. Iribe is the latest in the list of technology chief executives to have had their social media accounts hacked in recent weeks. Recently, Google's CEO Sundar Pichai , Twitter's ex-CEO Dick Costolo , and Facebook's CEO Mark Zuckerberg , have all fallen victim to similar hacks. The hacker, who has not been identified yet, changed Iribe's cover photo and replaced his bio to " im not testing ya security im just having a laugh. " The hack became apparent when a tweet from Iribe Twitter account was made saying: "We here @Oculus are very excited to announce our CEO. @Lid ! :)." This tweet was followed by another saying: "Imagine creating the coolest s*** to ever be introduced to gaming and technology but using the same pass for 4 years lol... silly mr CE...

It's no secret that Google knows a lot about you. The company tracks almost everything you do on the Internet, including your searches, music you listen to, videos you watch, and even the places you travel to, and it does this for targeting relevant ads to its users and better improve its service. Now the technology giant has a plan to make it easier to control all the data the company collects throughout all your different devices. Google has rolled out a new My Activity page that shows a searchable history of pretty much everything you do online, including previously visited websites, voice searches, searched things and places, watched Netflix programs, and all activities you did on each of its products. "My Activity is a central place to view and manage activity like searches you've done, websites you've visited, and videos you've watched," Google says. "Your activity is listed as individual items, starting with the most recent. These items...

A massive database of terrorists and "heightened-risk individuals and entities" containing more than 2.2 Million records has reportedly leaked online. Researcher Chris Vickery claimed on Reddit that he had managed to obtain a copy of 2014 version of the World-Check confidential database, which is being used by banks, governments, and intelligence agencies worldwide to scope out risks including suspected terrorists. The leaked database contains more than 2.2 Million records of people with suspected terrorist, organized crime, money laundering, bribery, corruption links, and "other unsavory activities." According to Thomson Reuters, who run World-Check, its service is used by 4,500 institutions, including 49 of the world's 50 largest banks, more than 300 government and intelligence agencies, and law firms. Although the access to the World-Check database is supposed to be strongly restricted under European privacy laws, Reuters says an unnamed third-p...

China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world's most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into mobile apps, targeting operators including Apple. However, Google currently doesn't operate its app store in China. The Cyberspace Administration of China (CAC) has imposed new regulation on distributors of mobile apps that requires both app stores and app developers keep a close eye on users and maintain a record of their activities for at least 60 days . The Chinese internet regulator has introduced the new legislation with the intent to fight issues like terrorism, pornography, violence, money fraud and distribution of malicious contents. However, this new move by the Chinese government will tighten its control over the Internet, especially the mobile apps used for private encry...