The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75...

Uber was in controversies at the mid of this year for monitoring the battery life of its users, as the company believed that its users were more likely to pay a much higher price to hire a cab when their phone's battery is close to dying. Uber is now tracking you even when your ride is over, and, according to the ride-hailing company, the surveillance will improve its service. Uber recently updated its app to collect user location data in the background. So, if you have updated your Uber app recently, your app's location tracking permissions have changed, allowing the app to monitor your location before and five minutes after your trip ends, even if you have closed the app. A popup on the Uber app will ask you, "Allow 'Uber' to access our location even when you are not using the app?" You can click " Allow " or " Don't Allow " in response to this request. If you don't allow it, Uber won't track you. According to t...

Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. This issue is because Yahoo Mail failed to properly filter potentially malici...

The Russian government has introduced a draft bill that proposes prison sentences as punishment for hackers and cyber criminals creating malicious software used in targeting critical Russian infrastructure, even if they have no part in actual cyber attacks. The bill, published on the Russian government's website on Wednesday, proposes amendments to the Russian Criminal Code and Criminal Procedure Code with a new article titled, "Illegal influence upon the critical informational infrastructure of the Russian Federation." The article introduces punishment for many malicious acts, including the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems." When suspects found as part of any hacking operation, they will face a fine between 500,000 and 1 Million rubles (about $7,700 to $15,400) and up to five years in prison, even if the hacking causes little or no harm. Also R...

DDoS has become a game now that could knock any service offline. A Turkish hacking group is encouraging individuals to join its DDoS-for-Points platform that features points and prizes for carrying out distributed denial-of-service (DDoS) attacks against a list of predetermined targets. The points earned can later be redeemed for various online click-fraud and hacking tools. Dubbed Sath-ı Müdafaa , translated as Surface Defense in English, this DDoS-for-Points platform is advertised via local Turkish hacking forums, including Turkhackteam and Root Developer. Surface Defense prompts other hackers in Turkey to sign up and asks them to attack political websites using a DDoS tool known as Balyoz , translated as Sledgehammer. According to Forcepoint security researchers, who discovered this program, Balyoz works via Tor and requires a username and password to log in. The tool then uses a DoS technique to flood targets with traffic. Here's How the Balyoz Tool Works On...