The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Are you also one of those 18 Million users using SARAHAH? You should beware of this app because the anonymous feedback application may not be as private as it really sounds. Sarahah is a newly launched app that has become one of the hottest iPhone and Android apps in the past couple of weeks, allowing its users to sign up to receive anonymised, candid messages from other Sarahah users. However, it turns out that the app silently uploads users' phone contacts to the company's servers for no good reason, spotted by security analyst Zachary Julian. When an Android or iOS user downloads and installs the app for the first time, the app immediately harvests and uploads all phone numbers and email addresses from the user's address book, according to The Intercept . While an app requesting access to the user's phonebook is quite common if the app provides any feature that works with contacts, no such functionality in Sarahah is available right now. "The pri...

"Ransomware" threat is on the rise, and cyber criminals are making millions of dollars by victimizing as many people as they can—with WannaCry , NotPetya and LeakerLocker being the ransomware threats that made headlines recently. What's BAD? Hacker even started selling ransomware-as-a-service (RaaS) kits in an attempt to spread this creepy threat more easily, so that even a non-tech user can create their own ransomware and distribute the threat to a wider audience. The WORSE —You could see a massive increase in the number of ransomware campaigns during the next several months—thanks to new Android apps available for anyone to download that let them quickly and easily create Android ransomware with their own devices. Security researchers at Antivirus firm Symantec have spotted some Android apps available on hacking forums and through advertisements on a social networking messaging service popular in China, which let any wannabe hacker download and use Trojan ...

The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials' fingerprints . Yu Pingan , identified by the agency as the pseudonym "GoldSun," was arrested at Los Angeles international airport on Wednesday when he was arrived in the United States to attend a conference, CNN reported . The 36-year-old Chinese national is said to face charges in connection with the Sakula malware , which was not only used to breach the US Office of Personnel Management (OPM) but also breached Anthem health insurance firm in 2015. The Anthem breach resulted in the theft of personal medical records of around 80 million current and former customers of the company. Sakula is a sophisticated remote access Trojan (RAT) that was known to be developed by Deep Panda , a China-based advanced persistent threa...

If you came across any Facebook message with a video link sent by anyone, even your friend — just don't click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software. Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link. The attackers make use of social engineering to trick users into clicking the video link, which purports to be from one of their Facebook friends, with the message that reads "< your friend name > Video" followed by a bit.ly link, as shown. Here's How this Cross-Platform Malware Works: The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail, like a playable movie, based on the sender'...

WikiLeaks has just published another Vault 7 leak, revealing how the CIA spies on their intelligence partners around the world, including FBI, DHS and the NSA, to covertly collect data from their systems. The CIA offers a biometric collection system—with predefined hardware, operating system, and software—to its intelligence liaison partners around the world that helps them voluntary share collected biometric data on their systems with each other. But since no agency share all of its collected biometric data with others, the Office of Technical Services (OTS) within CIA developed a tool to secretly exfiltrate data collections from their systems. Dubbed ExpressLane , the newly revealed CIA project details about the spying software that the CIA agents manually installs as part of a routine upgrade to the Biometric system. The leaked CIA documents reveal that the OTS officers, who maintain biometric collection systems installed at liaison services, visit their premises and se...