The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researchers at mobile security firm Lookout discovered a security flaw in Google Glass which allowed them to capture data without the user's knowledge, when the user merely took a photo that captured a malicious QR code. Lookout was able to force Google Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability , the hack apparently gave researchers full control of the Glass headset. The problem was that Google Glass could be told to execute a QR code without the user having to give permission. Because of Glass's limited user interface, Google set up the device's camera to automatically process any QR code in a photograph. In a video posted on YouTube, Lookout Security described the vulnerability: " That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud ." said Mar...

Android Security Squad, the China-based group that  uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures.  The whole point of digitally signing a document or file is to prove the file hasn't been modified. The process uses a form of public-key cryptography . In Chinese version of hacking attack, malicious code can be added into the file headers, but the method is limited because targeted files need to be smaller than 64K in size. APK files are packed using a version of the widespread ZIP archiving algorithm. Most ZIP implementations won't permit two same-named files in one archive, but the algorithm itself doesn't forbid that possibility. So basically, two versions of the classes.dex file are placed inside of the package, the original and a hacked alternative. When checking an app's digital signature, the Android OS looks at the first matching file, but when act...

Ransomware is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. This kind of malware has typically been the domain of Windows users, but has made its way to OS X. A new piece of FBI themed Ransomware Malware is targeting Mac OS X and hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application and accusing them of illegally accessing pornography. The address bar shows a URL clearly trying to fool users - fbi.gov.id657546456-3999456674.k8381.com  and the warnings appearing to be from the FBI tell the victim: " you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300. " According to Malwarebytes , ransomware page is being pushed onto unsuspecting users browsing r...

There's a scam spreading through Twitter Direct messages (DMs) and fake emails, appealing users to visit a fake twitter phishing site i.e " twittler.com ". Scam uses a hijacked Twitter account to send out direct messages that appear completely legitimate. Security blogger, Janne Ahlberg blogged about this new phishing scam, " This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers. " The webpage resembles a Twitter login page and is trying to obtain your Twitter login credentials with a domain name looks very similar to original Twitter.com , with two extra word "LL" in it.   To play it safe, double-check your browser address bar to make sure that's where you are on orginal website  twitter.com before logging in. If you enter your Twitter usern...

Edward Snowden has helped to make the world a little bit better and safer. A Swedish professor of sociology has nominated NSA whistleblower Edward Snowden for the 2014 Nobel Peace Prize. In his letter addressed to the Norwegian Nobel Committee, sociology professor Stefan Svallfors recommended the Snowden be a candidate, for his " heroic effort at a great personal cost " shedding light on the expansive cyber-spying conducted by the NSA . A nomination for Snowden would be symbolic because it shows ' that individuals can stand up for fundamental rights and freedoms .' he said. But it may be too late for Snowden to receive the award this year, so he will not be eligible for this year's prize, which will be awarded in December, but could be considered for 2014. The head of the International Committee of the Russian State Duma Aleksey Pushkov tweeted, " Not in a million years will the United States allow Snowden to get the Peace Prize. But h...

You've got to ask yourself one question. How much hassle does patching cause you? Is the second Tuesday of each month something you dread, or is it just another day for you? If you spend days and days testing and deploying patches; if you stay up until the wee hours of the morning one weekend each month; if you have a current profile on every single server in your environment; then patching is likely to be a heavy burden. But there is another way. Patching is not something that should be a major pain each month. It should be a simple and straightforward administrative task. Admins who patch by hand or are worried about some patch crashing critical systems each month should consider automated patch management. This strategy will boost efficiency and give you back your weekends, and ensure that your systems can be patched quickly, efficiently and safely. Automated patch management helps IT admins patch their servers and workstations in the most efficient way possible, by removi...