The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now freely available and already included in the cost of your smartphone. For the very first time, Google has announced its plans to charge a fee to European Android phone manufacturers who want to include a free version of Google apps on their Android handsets. In short, Android phone makers will now have to pay Google for installing the Play store, Gmail, YouTube, Maps, and Chrome, that are usually considered to be core parts of the Android operating system, but are actually Google services. "Since the pre-installation of Google Search and Chrome together with our other apps helped us...

A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The bug was patched in iOS 12.0.1, but he now discovered a similar iPhone passcode bypass hack that works in 12.0.1 and is easier to execute than the bug Rodriguez discovered and reported two weeks ago. The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages. Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone's photo...

All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols. Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to establish a secure and encrypted communications channel between clients and servers. There are currently four versions of the TLS protocol—TLS 1.0, 1.1, 1.2 and 1.3 ( latest )—but older versions, TLS 1.0 and 1.1, are known to be vulnerable to a number of critical attacks, such as  POODLE  and  BEAST . Since TLS implementation in all major web browsers and applications supports downgrade negotiation process, it leaves an opportunity for attackers to exploit weaker protocols even if a server supports the latest version. All Major Web Browsers Will Remove TLS 1.0 and TLS 1.1 Su...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it when required, instead of re-configuring all the apps after formatting or switching to a new phone. However, until now your backup data was not encrypted and visible to Google, and now the company is going to change its storage procedure. Starting with Android Pie, Google is going to encrypt your Android device backup data in the following way: Step 1: Your Android device will generate a random secret key (not known to Google), Step 2: The secret key will then get encrypted using your lockscreen PIN/pattern/passcode (not known to Google), Step 3: This passcode-protected ...

Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature. At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million. Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn't manage to access any third-party app data . Here's How Facebook Classified the Stolen Data: Facebook vice president of product management Guy Rosen published a new blog post  Friday morning to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows: For about 1...