The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn't it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. How Browsers Works With Camera & Microphone Before jumping onto vulnerability details, you first need to know that web browser based audio-video communication relies on WebRTC (Web Real-Time Communications) protocol – a collection of communications protocols th...

As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow Brokers is the same hacking group who leaked NSA's built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace . When the Shadow Brokers promised its June 2017 release two weeks ago, the group announced that it would sell new zero-day exploits and hacking tools only to the private members with paid monthly subscription, instead of making them public for everyone. How to Become Member of the 'Wine of Month' Club? Now, just a few minutes ago, the hacking collective has released details about how to participate in the monthly subscription model – or the "Wine of Month Club," as the group called it – to get exclusive access to the ...

It's been almost four weeks since the outcry of WannaCry ransomware , but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to 'Lazarus Group,' a state-sponsored hacking group believed to work for the North Korean government. Now, new research from dark web intelligence firm Flashpoint indicates the perpetrators may be Chinese, based on its own linguistic analysis. Flashpoint researchers Jon Condra and John Costello analyzed each of WannaCry's localized ransom notes, which is available in 28 languages, for content, accuracy, and style, and discovered that all the notes, except English and Chinese versions (Simplified and Traditional), had been translated via Google Translate. According to the research, Chinese and English versions of the ransomware notes were most likely written by a human. On further analysis, researchers discovered that...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Security researchers have claimed to have discovered possibly the largest malware campaign on Google Play Store that has already infected around 36.5 million Android devices with malicious ad-click software. The security firm Checkpoint on Thursday published a blog post revealing more than 41 Android applications from a Korean company on Google Play Store that make money for its creators by creating fake advertisement clicks from the infected devices. All the malicious apps, developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp, contained an adware program, dubbed Judy, that is being used to generate fraudulent clicks to generate revenue from advertisements. Moreover, the researchers also uncovered a few more apps, published by other developers on Play Store, inexplicably containing the same the malware in them. The connection between the two campaigns remains unclear, though researchers believe it is possible that one developer borrowed code from...

We came across so many revelations of sensitive government and corporate data on the Internet these days, but what's the accuracy of that information leaked by unknown actors? Security researchers have discovered new evidence of one such sophisticated global espionage and disinformation campaign with suspected ties to the Russian government that's been aimed to discredit enemies of the state. Although there is no definitive proof of Russian government's involvement in the campaign, there is "overlap" with previously reported cyber espionage activities tied to a Russia-backed hacking group well known as APT28 . APT28 — also known as Fancy Bear, Sofacy, Sednit, and Pawn Storm — is the same group which was responsible for the Democratic National Committee (DNC) breach. The group has been operating since at least 2007 and has alleged tied to the Russian government. A new report, titled Tainted Leaks , published this week by the Citizen Lab at the Univers...