The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Major US Financial institution, Bank of America is being targeted by a stealthy malicious financial malware campaign, according to AppRiver report. Last month the researchers at AppRiver has noticed enormous volumes of traffic through their data centers, with the peaks of traffic reaching three or four times than their normal network traffic.  They caught and blocked a malware campaign that was using the new and novel tactics designed specifically to beat the filtering engines. Last Wednesday the company experienced huge spam traffic i.e. 10 to 12 times the normal amount of their normal routine traffic. " These spikes have been driven by a tremendous increase in the number of incoming messages being sent with viruses attached. " and some user experienced delays in sending and receiving mail. They found the malware campaign, distributing a Financial Trojan designed to target, the Bank of America customers, known as ' Bredo virus ', capable of stealing inf...

Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw. A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer. Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability. Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating syste...

Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers. Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your Phone's SD Card. To prevent the data from being misused by any other app, the best implementation is to encrypt the data, but that will drop the performance of the device. On its 10th birthday, as a treat for mobile developers, Facebook has unveiled the source code of its Android security tool called ' Conceal ' cryptographic API Java library, that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface. Smaller th...

Science Fiction Movies always show the possible direction of the development of technology and gives us the opportunity to think about it. The U.S. Government is also trying to develop such technology that was introduced in movies like Star Trek and TERMINATOR i.e. Self destructing Network of computers, Sensors and other devices. The agency of the United States Department of Defense which is responsible for funding the development of many technologies, Defense Advanced Research Projects Agency (DARPA) has handed over a contract to IBM for creating a microchip that will self-destruct remotely. The project announced a year back, known as Vanishing Programmable Resources ( VAPR ) , which is dedicated to developing a CMOS microchip that self-destructs when it receives a certain frequency of radio signal from military command, in order to fully destroy it and preventing it from being used by the enemy. The U.S. Military uses all kinds of embedded systems and there are obvio...

The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not...