The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yes, Google wants you to keep your bits and bytes as safe as possible through encryption. With the launch of Android 5.0 Lollipop last year, Google wanted to make full disk Encryption mandatory , but unfortunately, the idea did not go too well. However, Google thinks the idea will go right this time, and it will try again to require full-disk encryption by default for devices that release with the newest Android 6.0 Marshmallow and higher versions. Google has published the new version of the Android Compatibility Definition Document ( PDF ), mandating Android encryption with a couple of exceptions in Android 6.0 Marshmallow. The document reads: "For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience." New smartphones and tablets that ship with Androi...

Apple is cleaning up its iTunes App Store again – for the third time in two months – following another flood of iOS apps that secretly collect users' personal information. Researchers discovered more than 250 iOS apps that were violating Apple's App Store privacy policy , gathering personal identifiable data from almost one Million users estimated to have downloaded those offending apps. The offending iOS applications have been pulled out of the App Store after an analytics service SourceDNA reported the issue. After XcodeGhost , this is the second time when Apple is cleaning its App Store. Malicious iOS Apps Stealing Users' Private Info The malicious applications were developed using a third-party software development kit (SDK) provided by Youmi, a Chinese advertising company. Once compiled and distributed on Apple's official App Store, those apps secretly accessed and stored users' personal information, including: A list of apps installed on the victim's phone Serial nu...

Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome , in a way that you will not notice any difference while browsing. The new adware software, dubbed " eFast Browser ," works by installing and running itself in place of Google Chrome The adware does all kinds of malicious activities that we have seen quite often over the years: Generates pop-up, coupon, pop-under and other similar ads on your screen Placing other advertisements into your web pages Redirects you to malicious websites containing bogus contents Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft. What's Nefariously Intriguing About this Adware? The thing that makes this Adware different from others is that instead of taking contr...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A self-described teenage hacker has claimed to have hacked into personal AOL email account of Central Intelligence Agency (CIA) Director John Brennan and swiped sensitive top-secret data. It's Really a major embarrassment for Brennan as well as the CIA. The hacker, who describes himself as an American high school student, called the New York Post to describe his exploits. According to the teenage hacker, Brennan's private email account held a range of sensitive files, which includes: His 47-page application for top-secret security clearance Social Security numbers (SSNs) and personal information of more than a dozen top US intelligence officials A government letter discussing " harsh interrogation techniques " used on terrorist suspects Sensitive Information Leaked The teenage hacker operates with under the Twitter name " Crackas With Attitude " with Twitter handle @_CWA_ . He confirmed the Post that he also controlled the...

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a ...