The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our  official 'The Hacker News' Facebook Page , and with the curiosity to check that link I visited that website. And what I saw… One by one my every single account I logged in into my web browser got automatically logged out just in few seconds in front of my eyes. This is exactly what Super Logout does. Log Out All Your Accounts in Just One Click Yes, Super Logout – a website that logs you out of over 30 major Internet services just in one click. You can visit 'Super Logout' here . ( Note : Once clicked, this will log you out instantly from all your online accounts and don't worry it is neither harmful, nor malicious ) This is a great tool for people who: Usually visit Internet Cafes for surfing In...

Can you name which Operating System is most Secure ? ...Windows, Mac, Linux or any particular Linux Distribution? Yes, we get that! It's not an easy thing to pick. Besides Windows, Even the so-called ultra-secure Linux Distros were found to be vulnerable to various critical flaws in past years. Because, almost all Linux Distros use the same Kernel, and the most number of cyber attacks target the Kernel of an operating system. So, It doesn't matter which Linux distribution you use. The kernel is the core part an operating system, which handles all the main activities and enforces the security mechanisms to the entire operating system. Making an Operating System secure requires that vulnerabilities shall not exist in the Kernel, which is the communicating interface between the hardware and the user.  To overcome the above situation, Security Researchers, Mathematicians and Aviation gurus from Boeing and Rockwell Collins joined a team of dedicated NIC...

It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication...

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves . This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link , which accidently published its Private code signing keys inside the company's open source firmware packages. Dutch news site Tweakers made aware of the issue by one of its readers with online moniker " bartvbl " who had bought a D-Link DCS-5020L security camera and downloaded the firmware from D-Link, which open sources its firmware under the GPL license. However, while inspecting the source code of the firmware, the reader found what seemed to be four different private keys used for code signing. Hackers Could Sign Malware After testing, the user managed to successfully create a Windows application , which he was able to sign with one of the four code signing keys belonging to D-Lin...

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu...