The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed " Marble ," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware. The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation. The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games. "Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributin...

Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling . And what's interesting? Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence. No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls. Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes. However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way ...

Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites. All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire face, as if they were taking a selfie, in order to unlock their phone. Biometric technology – that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA – is now being integrated into more consumer devices for improved security. But, we have seen a number of hacks involving Biometric security systems in the past, which prove that fingerprint scanner and IRIS scanner  are less secure than a passcode and can be fooled by anyone, perhaps, using a photograph of the user. But how secure is the built-in sensor from Samsung to allow for facial recognition? Not so much...at least for now...

If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data. The telecom giant has partnered with Evie Launcher to bring a new application called ' AppFlash ' — a universal search bar that will come pre-installed on the home screens of all Verizon Android handsets for quickly finding apps and web content. AppFlash is simply a Google search bar replacement, but instead of collecting and sending telemetry data including what you search, handset, apps and other online activities to Google, it will send to Verizon. What's worse? Just like other pre-installed bloatware apps, Android users can't uninstall AppFlash quickly, unless they have rooted their phone. AppFlash allows you to search inside apps or browse through listings of nearby restaurants and entertainment. The built-in Google Search ...

Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie , the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit architectures, download additional malware on infected systems, and self-destruct when ordered to. The malware has largely flown under the radar for the past three years – Thanks to its stealthy command and control methods. The threat was discovered in the mid of January this year when it was targeting multiple owners of Github repositories via phishing emails, but cyber-security firm Palo Alto, who reported the campaign on Tuesday, says the attacks started a few weeks before. Here's How the Attack Works: The attack starts by spamming the email inboxes of active GitHub users with booby-trap...