The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe's Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet. Now, a new zero-day vulnerability has been reported in Oracle's Java that is reportedly being exploited in the wild by hackers to target government armed forces. Cybercriminals are actively exploiting the Java-based zero-day flaw in an attempt to target U.S. defense agencies and members of NATO, Trend Micro security researchers warned in a blog post published Sunday. According to researchers, the vulnerability affects only the latest version of Java, version 1.8.0.45. Though the older Java versions, Java 1.6 and 1.7 are not at all affected by this zero-day exploit. So far, there isn't many details disclosed about the Java zero-day bug, considering a patch is yet to be released by Oracle. Although hackers are exploi...

Last Week someone just hacked the infamous Hacking Team , The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data , including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date of purchase and amount paid Hacking Team is known for its advanced and sophisticated Remote Control System (RCS) spyware , also known as Galileo , which is loaded with lots of zero-day exploits and have ability to monitor the computers of its targets remotely. Today, Trend Micro security researchers found that the Hacking Team " uses a UEFI  (Unified Extensible Firmware Interface)  BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems ." That clearly means, even if the user reinstalls the Operating System, formats the hard disk, and even buys a new hard disk, the agents are implanted after Microsoft Windows is...

Bitcoin Cloud Mining service Cloudminr.io has been hacked and its whole users database is on sale for 1 Bitcoin . The unknown hackers have successfully taken full control of the website's server and defaced the homepage of the website. Users visiting the website are greeted with a defaced homepage showing the partial database of around 1000 clients including their usernames and unencrypted passwords in completely plain text format. This clearly indicates that the company is not following the best security practices to secure their users private data as the passwords were not even hashed before storing into the database. Hackers offering around 80,000 users database for 1BTC The database of 1000 users shown on the website homepage is just a sample given by the hackers while they have compromised around 80,000 users database in total from the cloud mining service. The hackers are offering the entire database of thousands of users for the just 1BTC , w...

Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge , even if you have already uninstalled the Google Photos app from your device. Nashville Business Journal editor David Arnott found that Google Photos app uploaded all his personal photographs from the device into the service even after uninstalling it. Arnott provided a video demonstration showing that after uninstalling the Google Photos app from his Samsung smartphone, the photograph he took off his coffee mug still wound up being synced into his account on the web. "Months ago, I downloaded the [Photos] app to play with it, but I did not like it and so un-installed the app after just a few days," Arnott tweeted Wednesday. "This evening, I went back to Google Photos on my l...

It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users. Malicious Android Apps downloaded 50,000-1,000,000 times The Android game, dubbed " Cowboy Adventure ," and another malicious game, dubbed " Jump Chess " – downloaded up to 50,000 times, have since been removed from Google Play Store. However, before taking them off from the app store, the creepy game apps may have compromised an unknown number of victims' Facebook credentials . Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspec...