The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security. Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as " Not Secure " — the first step in Google's plan to discourage the use of sites that don't use encryption. The change will take effect with the release of Chrome 56 in January 2017 and affect certain unsecured web pages that feature entry fields for sensitive data, like passwords and payment card numbers, according to a post today on the Google Security Blog . Unencrypted HTTP has been considered dangerous particularly for login pages and payment forms, as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card data as they travel across the network. In the following release, Chrome will flag ...

US authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group " Crackas With Attitude ." Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of senior officials at the CIA, FBI, the White House, Homeland Security Department, and other US federal agencies. Andrew Otto Boggs, 22, of North Wilkesboro, N.C., who allegedly used the handle " INCURSIO ," and Justin Gray Liverman, 24, of Morehead City, who known online as " D3F4ULT ," were arrested on Thursday morning on charges related to their alleged roles in the computer hacking, according to a press release by Department of Justice. A 16-year-old British teenager suspected of being part of the group was arrested in February by the FBI and British police. Although court documents did not name the victims, the hacking group had allegedly: Hacked...

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution. Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms. One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X. Stefan Ortloff, a researcher from Kaspersky Lab's Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes , in January this year. Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakd...

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer ( but, logged-in ) and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop. Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim's machine. The attack is possible because most PCs automatically install Plug-and-Play USB devices, meaning "even if a system is locked out, the device [dongle] still gets installed," Fuller explains in his blog post . "Now, I believe there are restrictions on what types of devices are allowed to...

Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone. Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps. In fact, there is no need for a victim to click on the malicious photo because as soon as the image's data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it. The vulnerability is similar to last year's Stagefright bug ( exploit code ) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it. The Stagefright flaw affected more than 950 Million Android devices and resided in the core Android component Stagefright — a multim...