The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Especially after the Snowden revelations of global  mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries. The US government has powers to comply US-based tech companies with the court orders to hand over their customers' data stored on servers, even if the data centers are beyond US borders. Now, the recent court decision has proven that the data centers and servers located outside the US boundaries are safe haven. The Second Circuit Court of Appeals in New York ruled Thursday that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers' data stored on servers located in other countries. US Government Can't go Beyond its Boundaries to Collect Data Yes, the Stored Communicatio...

Yes, you heard it right. If I tell you not to visit my website, but you still visit it knowing you are disapproved, you are committing a federal crime, and I have the authority to sue you. Wait! I haven't disapproved you yet. Rather I'm making you aware of a new court decision that may trouble you and could have big implications going forward. The United States Court of Appeals for the Ninth Circuit has taken a critical decision on the Computer Fraud and Abuse Act (CFAA): Companies can seek civil and criminal penalties against people who access or visit their websites without their permission. Even Sharing Password is also a Federal Crime... Yes, a similar weird decision was taken last week when the Ninth Circuit Court of Appeals ruled that sharing passwords can be a violation of the CFAA, making Millions of people who share their passwords "unwitting federal criminals." Now, you might be wondering how visiting a publically open website could be a crime. We...

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site. Below are the three separate Drupal modules that affect up to 10,000 websites: 1. RESTful Web Services – a popular module used for creating REST APIs, which is currently installed on at least 5,804 websites. The vulnerability in RESTWS alters the default page callbacks for entities to provide additional functionality, allowing attackers to "send specially crafted requests resulting in arbitrary PHP execution." Since anonymous users can exploit this vulnerability and there isn't any mitigating factor, users are advised to patch their websites as soon as possible. Admins using RESTful Web Services versions 7.x-2.x prior to 7.x-2.6 and versions 7.x-1.x prior to 7.x-1.7 for their Drupal websites are...

Why we can't detect all security loopholes and patch them before hackers exploit them? Because... we know that humans are too slow at finding and fixing security bugs, which is why vulnerabilities like Heartbleed , POODLE and GHOST remained undetected for decades and rendered almost half of the Internet vulnerable to theft by the time patches were rolled out. Now to solve this hurdle, DARPA has come up with an idea: To build a smart Artificial Intelligence System that will automatically detect and even patch security flaws in a system. Isn't it a revolutionary idea for Internet Security? The Defense Advanced Research Projects Agency (DARPA) has selected seven teams of finalists who will face off in a historic battle, as each tries to defend themselves and find out flaws without any human control. The DARPA Cyber Grand Challenge will be held at the annual DEF CON hacking conference in Las Vegas next month. Must Read : Artificial Intelligence System that can detec...

The extraordinary ' Panama Papers leak ' from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world's richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular content management systems: Drupal and WordPress. Now, we are quite sure that the Panama Papers, which implicated 72 current and former heads of state, was due to vulnerabilities in Drupal and WordPress that allowed hackers to get into the law firm's system and stole over 11.5 Million files (around 2.6 Terabytes of data). The Drupal Security Team has announced that critical patches to address several security issues in Drupal contributed modules, including several highly critical Remote Code Execution (RCE) vulnerabilities, will be released today at 16:00 UTC. According to an advisory, the critical arbitrary remote PHP code execution vulnerability ( PSA-2016-001 ) affects up to 10000 Drupal websites. However, "Drupal c...