The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers. Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your Phone's SD Card. To prevent the data from being misused by any other app, the best implementation is to encrypt the data, but that will drop the performance of the device. On its 10th birthday, as a treat for mobile developers, Facebook has unveiled the source code of its Android security tool called ' Conceal ' cryptographic API Java library, that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface. Smaller th...

Science Fiction Movies always show the possible direction of the development of technology and gives us the opportunity to think about it. The U.S. Government is also trying to develop such technology that was introduced in movies like Star Trek and TERMINATOR i.e. Self destructing Network of computers, Sensors and other devices. The agency of the United States Department of Defense which is responsible for funding the development of many technologies, Defense Advanced Research Projects Agency (DARPA) has handed over a contract to IBM for creating a microchip that will self-destruct remotely. The project announced a year back, known as Vanishing Programmable Resources ( VAPR ) , which is dedicated to developing a CMOS microchip that self-destructs when it receives a certain frequency of radio signal from military command, in order to fully destroy it and preventing it from being used by the enemy. The U.S. Military uses all kinds of embedded systems and there are obvio...

The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Since 2011, the collective hacking group, Anonymous and LulzSec were targeting both Government and law-enforcement websites of U.S and UK, by their own DDoS attack tactics which they used to communicate and plan on Chat rooms known as IRCs, but British intelligence agency GCHQ used their own weapon against them. According to the recent Edward Snowden document, a division of Government Communications Headquarters (GCHQ), which is also very well known as the British counterpart of the NSA, had shut down communications among Anonymous hacktivists by launching a " denial of service " (DDOS) attacks, making the British government the first western government known to have conducted such an attack, NBC news reports . The same DDoS technique the hackers use to take down government, political and industry websites, including the Central Intelligence Agency (CIA), Federal bureau of Investigation (FBI), the Serious Organized Crime Agency (SOCA), Sony News International and Westbor...

Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products.  Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as " by Google ". The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers. " We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly. " Google said in a blog post . Not only this, to improve the security of open-source proje...

On the 10th Anniversary of Social networking website Facebook, the hacker group ' Syrian Electronic Army ' claimed that they managed to hack into the administrator account of the Facebook's Domain Registrar - MarkMonitor. The hacking group changed the Facebook Domain's contact information to a Syrian email address on the company's WHOIS domain information page, as shown. " Happy Birthday Mark! https://Facebook.com owned by #SEA " the group tweeted . Hackers also claimed that it had updated the nameserver information to hijack domain, but the process had to be abandoned because it was " taking too much time... " whereas, Facebook spokesperson did confirm that the website's domain record email contact information had been changed. Why SEA Targeted Facebook? Syrian activists and Hackers claimed that Facebook has been deleting pages created by dissidents and removing content as it was violating the social network's standards, acc...