The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mobile security may not be secure as you think. In September we have reported that the National Security Agency has the ability to access data on iOS, Android and even BlackBerry devices. Everyday a new revelation of NSA Surveillance Program makes Security and Privacy a major concern for all of us. Today we feel the need of highly secured Networks and Encrypted Devices to safeguard our privacy from Cyber Criminals as well as Government. Phil Zimmerman , Inventor of the email encryption tool PGP and Silent Circle's Co-founder (company specializes in mobile privacy and peer-to-peer encryption ) has announced ' BLACKPHONE ', a Smartphone that's been designed to enable secure, encrypted communications, private browsing and secure file-sharing. The company will launch BLACKPHONE in the ' Mobile World Congress ', Spain next month, offers ' PrivatOS ', an Android based operating system which will allow users to make and receive secure phone calls, exchange secure te...

More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom .  Algerie Telecom provides  TP-LINK TD-W8951ND  Router to most of their home customers who Opt-In for Internet services and each of which has ZYXEL embedded firmware installed in it. ABDELLI Nassereddine, penetration tester and Algerian Computer Science Student has reported highly critical unauthorized access and password disclosure vulnerabilities in the Routers provided by Algerie Telecom. He told ' The Hacker News ' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware. First, he found that an unauthorized access is available to ' Firmware/Romfile Upgrade'  Section on the Router's panel that can be accessed without any login password i.e. https://IP//rpFWUpload.html This page actually allows a user to upgr...

Oops.. Hackers got Hacked! The Syrian Electronic Army , who has hacked hundreds of High Profile targets in 2013-14, today they got hacked by a Turkish hacker. Turkguvenligi , a Turkish hacker told The Hacker News that he hacked and defaced the official website of the hacking group SEA ( sea . sy  and  leaks . sea . sy ). SEA Group has taken down many serious targets like Microsoft, Obama & New York Times' twitter accounts & websites in the past, but today their own server got breached. The most common hacking technique used by the SEA Group is Phishing , but the Turkguvenligi hacked then using an exploit known for vulnerabilities in the server or website. At the time of writing this news, the whole website of SEA was down, but our readers can see the defacement mirror on Zone-H . Turkguvenligi tagged SEA in a  tweet , says " hi guys, you have been hacked ": The Syrian Electronic Army group has not commented anything about the hack, b...

After the revelations from NSA internal documents leaked by Edward Snowden, the world knows the NSA as the Real Techie Gangster of this 21st Century, with the ability to brutally infiltrate every kind of electronic device, the Internet, and global communications.  " It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge. " The Inventor of JavaScript & current CTO of Mozilla, Mr. Brendan Eich said in a blog post NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and from laptops to mobi...

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory , detailed about the similar vulnerability affecting their three networking products. Cisco has rated the flaw highly critical and marked it as 10.0 on the Common Vulnerability Scoring System (CVSS). A security researcher found a secret service listening on port 32764 TCP, allowed a remote user to send unauthenticated commands to the device and reset the administrative password. Successful exploitation of the vulnerability allows the hacker to execute arbitrary commands on the device with escalated privileges. Vulnerable Cisco products are: WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security. "This vulnerability is due to an undocumented test interface in t...