The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past. Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection. For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account. But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns. Here's what the relevant paragraph of the latest DAG draft reads: "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not wi...

Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type. Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks. The latest findings by the same security firm are even worse. Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it. Dubbed KeySniffer , the hack is death for millions of wireless, radio-based keyboards. The Cause: Lack of Encryption and Security Updates The KeySniffer vulnerability affects wireless keyboards from eight different hardware manufacturers that use cheap transceiver chips ( non-Bluetooth chips ) – a less secure, radio-based communication protocol. T...

Researchers have discovered over 100 malicious nodes on the Tor anonymity network that are "misbehaving" and potentially spying on Dark Web sites that use Tor to mask the identities of their operators. Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. The nodes, also known as the Tor hidden services directories ( HSDirs ) are servers that act as introductory points and are configured to receive traffic and direct users to hidden services (" .onion " addresses). In other words, the hidden services directory or HSDir is a crucial element needed to mask the true IP address of users on the Tor Network. But, here's the issue: HSDir can be set up by anyone. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and...

On Friday, just three days prior to the start of the party's national convention, WikiLeaks released almost 20,000 e-mails with more than 8,000 stolen from the US Democratic National Committee (DNC) following a cyber attack in June. Two days later, on Sunday, DNC Chairwoman Debbie Wasserman Schultz announced her resignation and now had no major role on the party's convention stage. Many of the leaked emails indicted that the top DNC officials were actively working against the campaign of Sen. Bernie Sanders and strongly favoring Hillary Clinton over Sanders during the primaries, when they were supposed to be neutral. The controversy ruined the start of the DNC's national convention in Philadelphia and forced the Wasserman Schultz to resign. The leak, from January 2015 to May 2016, is believed to be an attempt by the Russian government to influence the presidential election, some U.S. lawmakers and cybersecurity experts say. The leak features DNC staffers debat...

No More Ransom, so is the Ransomware Threat. The European Police agency Europol has joined forces with police and cyber security companies to launch a worldwide initiative to combat and tackle together the exponential growth of Ransomware used by cyber criminals. Europol announced today the initiative, dubbed NO More Ransom, that has been backed by technology giant Intel, cyber security firm Kaspersky Lab and the Netherlands police, aiming at decreasing an "exponential" rise in Ransomware threat. Ransomware is a piece of malware that typically locks victim's device using encryption and demands a fee to decrypt the important data. The estimated number of ransomware victims tripled in the first quarter of this year alone. "For a few years now ransomware has become a dominant concern for EU law enforcement," said Europol's deputy director Wil van Gemert. "We expect to help many people to recover control over their files, while raising awareness...