The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l...

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det...

Are your internet-connected devices spying on you? Perhaps. We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services. But, these connected devices are not just limited to conduct DDoS attacks ; they have far more potential to harm you. New research [ PDF ] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices. The hackers then turn, what researchers call, these " Internet of Unpatchable Things " into proxies for malicious traffic to attack internet-based targets and 'internet-facing' services, along with the internal networks that host them. Unlike recent attacks via Mirai botnet , the new targeted attack, dubbed SSHowDowN Proxy , specifically ma...

U.S. drones are again in news for killing innocent people. The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year. Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in dark and air-conditioned rooms, 7100 miles from Syria and Afghanistan, remotely control their " targeted killing " drone campaign in a video-game-style warfare. From this ground zero, Air Force pilots fire missiles just by triggering a joystick on a targeted areas half a world away, as well as operate drones for surveillance and intelligence gathering. Drone operation facility at Creech Air Force Base -- a key base for worldwide drone and targeted killing operations -- has been assigned as ' Special Access Programs ', to access SIPRnet. What is SIPRnet? SIPRNet, or Secret Int...

UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article. If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It's Down! Yes, Blockchain.info, the world's most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it's believed that a possible cyber attack has disrupted the site. The site is down at the time of writing, and the web server reports a bad gateway error, with a message on the website that reads: "Looks like our site is down. We're working on it and should be back up soon." With more than 8 million Digital Wallet customers, BlockChain is users' favorite destination to see recent transactions, stats on mined blocks and bitcoin economy charts. A few hours ago, BlockChain team tweeted about the sudden breakdown of the site, saying: "We're researching a DNS...

In the year 2014, we came to know about the NSA's ability to break Trillions of encrypted connections by exploiting common implementations of the Diffie-Hellman key exchange algorithm – thanks to classified documents leaked by ex-NSA employee Edward Snowden. At that time, computer scientists and senior cryptographers had presented the most plausible theory: Only a few prime numbers were commonly used by 92 percent of the top 1 Million Alexa HTTPS domains that might have fit well within the NSA's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities." And now, researchers from University of Pennsylvania, INRIA, CNRS and Université de Lorraine have practically proved how the NSA broke the most widespread encryption used on the Internet. Diffie-Hellman key exchange (DHE) algorithm is a standard means of exchanging cryptographic keys over untrusted channels, which allows protocols such as HTTPS, SSH, VPN, SMTPS and IPsec to negotia...

Facebook, Instagram, Twitter, VK, Google's Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday. Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology corporations gave "special access" to Geofeedia. Geofeedia is a controversial social media monitoring tool that pulls social media feeds via APIs and other means of access and then makes it searchable and accessible to its clients, who can search by location or keyword to quickly find recently posted and publicly available contents. The company has marketed its services to 500 law enforcement and public safety agencies as a tool to track racial protests in Ferguson, Missouri, involving the 2014 police shooting death of Mike Brown. With the help of a public records request, the...

Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not. That's because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose which individual patches to install. October's patch bundle includes fixes for at least 5 separate dangerous zero-day vulnerabilities in Internet Explorer, Edge, Windows and Office products that attackers were already exploiting in the wild before the patch release. The patches for these zero-day flaws are included in MS16-118, MS16-119, MS16-120, MS16-121 and MS16-126. All the zero-days are being exploited in the wild, allowing attackers to execute a remote command on victim's system. Although none of the zero-day flaws were publicly disclosed prior to Tuesday, the company wa...

Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services. But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible. Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity , which has put a lot of efforts in targeting users of software designed for encrypting data and communications. The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites. Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or...

Yahoo! has disabled automatic email forwarding -- a feature that lets its users forward a copy of incoming emails from one account to another. The company has faced lots of bad news regarding its email service in past few weeks. Last month, the company admitted a massive 2014 data breach that exposed account details of over 500 Million Yahoo users. If this wasn't enough for users to quit the service, another shocking revelation came last week that the company scanned the emails of hundreds of millions of its users at the request of a U.S. intelligence service last year. That's enough for making a loyal Yahoo Mail user to switch for other rival alternatives, like Google Gmail, or Microsoft's Outlook. Yahoo Mail Disables Auto-Forwarding; Making It Hard to Leave But as Yahoo Mail users are trying to leave the email service, the company is making it more difficult for them to transition to another email service. That's because since the beginning of Octob...

If you are concerned about the insecurity of Internet of Things, have good hands at programming and know how to hack smart devices, then you can grab an opportunity to earn $50,000 in prize money for discovering the non-traditional ways to secure IoT devices. Internet of Things (IoT) market is going to expand rapidly over the next decade. We already have 6.5 billion to 8 billion IoT devices connected to the Internet worldwide, and the number is expected to reach 50 billion by 2020. While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially. This rise in the number of security risks would continue to widen the attack surface, giving hackers a large number of entry points to affect you some or the other way. Recently, we saw a record-breaking DDoS attack (Distributed Denial of Service) against the France-based hosting provider OVH that reached over...

Turkey is again in the news for banning online services, and this time, it's a bunch of sites and services offered by big technology giants. Turkey government has reportedly blocked access to cloud storage services including Microsoft OneDrive, Dropbox, and Google Drive, as well as the code hosting service GitHub, reports censorship monitoring group Turkey Blocks. The services were blocked on Saturday following the leak of some private emails allegedly belonging to Minister of Energy and Natural Resources Berat Albayrak — also the son-in-law of President Recep Tayyip Erdogan. Github, Dropbox, and Google Drive are issuing SSL errors, which indicates interception of traffic at the national or ISP level. Microsoft OneDrive was also subsequently blocked off throughout Turkey. The leaks come from a 20-year-old hacktivist group known as RedHack, which leaked 17GB of files containing some 57,623 stolen emails dating from April 2000 to September this year. A court in Turkish ...

Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta...

A Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign. Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week. Leahu is believed to be a member of a European ATM hacking gang that stole more than £1.5 Million ($2 Million) from cash machines across the UK in 2014 using ATM malware to bypass security controls. The gang physically broke into ATMs to directly load malware onto the machines, allowing it to withdraw "large amounts of cash." The malware was good enough to erase itself to hide its tracks, making it difficult to identify the culprit. Three out of Five Gang Members Arrested Luckily, due to the gang's carelessness, one of its members was recorded by a hidden ATM surveillance camera, which allowed the police to id...

It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo! Verizon, which has agreed to purchase  Yahoo for $4.8 Billion , is now asking for a $1 Billion discount, according to recent reports. The request comes after Verizon Communications learned about the recent disclosures about hacking  and spying in past few weeks. Just two weeks ago, Yahoo revealed that at least a half Billion Yahoo accounts were stolen in 2014 hack, marking it as the biggest data breach in history. And if this wasn't enough, the company faced allegations earlier this week that it built a secret tool to scan all of its users' emails last year at the behest of a United States intelligence agency. Due to these incidents, AOL CEO Tim Armstrong, who runs the Verizon subsidiary, is "pretty upset" about Yahoo's lack of disclosure, and is even seeking to pull out of the deal completely or cut the price, the New York Post claimed, citing multiple sources. ...

Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that's simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well. Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection. Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X. Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants. Wardle is scheduled to present h...

If you are looking for ways to start a secret conversation on Facebook Messenger with your friends, then you are at the right place. In this article, I am going to tell you about Facebook Messenger's new end-to-end encrypted chat feature, dubbed " Secret Conversations ," but before that, know why do you need your chats to be end-to-end encrypted? Your online privacy is under threat not only from online marketers and hackers but also from governments. Just yesterday, it was revealed that Yahoo secretly built hacking tool to scan all of its customers' incoming emails for US intelligence officials. So, to hide your personal life online from prying eyes, you need end-to-end encryption that allows you to send and receive messages in a way that no one, including the feds with a warrant, hackers and not even the company itself, can intercept or read them. Last year, WhatsApp became the largest end-to-end encrypted messaging network in history by rolling out anoth...

Another Edward Snowden? The FBI has secretly busted another National Security Agency (NSA) contractor over a massive secret data theft. The United States Justice Department charged Harold Thomas Martin , 51, with theft of highly classified government material, including " source codes " developed by the NSA to hack foreign government, according to a court complaint ( PDF ) unsealed on Wednesday. According to the DoJ's chief national security prosecutor John Carlin, Martin was employed by Booz Allen Hamilton , the same consulting firm that employed whistleblower Edward J. Snowden when he disclosed the global surveillance conducted by the NSA. Currently, the FBI is investigating whether Martin stole and leaked highly classified computer source codes developed to hack into the networks of Russia, China, Iran, North Korea and other United States adversaries, the New York Times reports . If stolen, this would be the second time in last 3 years when someone with ...

TalkTalk, one of the biggest UK-based Telecoms company with 4 million customers, has been issued with a record £400,000 ($510,000) fine for failings to implement the most basic security measures to prevent the hack that made global headlines last year. The penalty has been imposed by the Information Commissioner's Office (ICO) over the high-profile cyber attack occurred in the company last October, which allowed hackers to steal the personal data of its 156,959 customers "with ease." The ICO said on Wednesday that TalkTalk, which offers TV, phone and broadband services, could have prevented the cyber attack if the company had implemented even basic security measures to protect its customers' data. The hacked data of 156,959 customers included full names, postal addresses, dates of birth, telephone numbers, email addresses and TalkTalk accounts information. The hacker also had even access to bank account details and sort codes in almost 16,000 cases. "When i...