The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Smartphone manufacturers are adding ways for owners to track and manage their phones if they ever get lost or stolen. Find My iPhone is a service that comes with every iOS device that allows you to track your iPhone, whether it was lost or stolen. Normally, the iPhone requires a password if you want to deactivate " Find My iPhone ", but it isn't entirely perfect and thieves are now smart enough to disable ' Find My iPhone ' on devices running iOS 7.0.4 and lower version, without having to enter a password. The exploit was discovered and demonstrated security researcher ' Bradley Williams ' and performing a successful bypass means you won't be able to locate, make sound and wipe out. The vulnerability could put the devices at risk, and the exploitation method involves a few simple steps that involve making changes in the iCloud settings, even if they don't know the password. Steps to hack 'Find My iPhone': Navigate to iCloud in the settin...

In the era of Smart devices, we have Smartphones, Smart TVs, Smart Fridges, and even the Smart cars! We have made our life very easy and comfortable by providing the master control of every task to such smart devices. But imagine if an attacker wants to take revenge or hurt someone, now they can hack your car, rather failing breaks in the traditional way. Sounds Horrible ! WELL, Two Security researchers - Javier Vazquez-Vidal and Alberto Garcia Illera have developed a home-made gadget called ' CAN Hacking Tools (CHT) ', a tiny device smaller than your Smartphone, which is enough to hack your Cars. The Kit costs less than $20, but is far capable to give away the entire control of your car to an attacker from windows and headlights to its steering and brakes. The device uses the Controller Area Network (CAN) ports that are built into cars for computer-system checks, and draws power from the car's electrical system. Injecting a malicious code to CAN ports all...

SNAPCHAT , photo sharing app is the majority choice for variety of users. Recently, the company has faced data breach and Captcha bypass vulnerability, and just yesterday a new denial-of-service attack has been revealed which can crash an iPhone . Jamie Sanchez , a security researcher has found the app vulnerable, which can enable a hacker to launch a denial-of-service attacks , resulting prompt the user to reset the mobile device. The flaw into the Snapchat app allows someone to flood a user with thousands of messages in a measure of seconds, " By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals " he said. He demonstrated the vulnerability to LA Times reporter, bombarded his handset with thousands of messages within five seconds in a denial-of-service ...

Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it. Emsisoft has detected a new piece of malware called " Linkup ", dubbed as " Trojan-Ransom.Win32.Linkup " that doesn't lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot.  Sounds Interesting?? Once the Linkup Trojan is installed in your system, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. Injected poisoned DNS Server will only allow the malware and Bitcoin miner to communicate with the internet. It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe , that accuses you of viewing " Child Pornography " and only returns th...

The Major US Financial institution, Bank of America is being targeted by a stealthy malicious financial malware campaign, according to AppRiver report. Last month the researchers at AppRiver has noticed enormous volumes of traffic through their data centers, with the peaks of traffic reaching three or four times than their normal network traffic.  They caught and blocked a malware campaign that was using the new and novel tactics designed specifically to beat the filtering engines. Last Wednesday the company experienced huge spam traffic i.e. 10 to 12 times the normal amount of their normal routine traffic. " These spikes have been driven by a tremendous increase in the number of incoming messages being sent with viruses attached. " and some user experienced delays in sending and receiving mail. They found the malware campaign, distributing a Financial Trojan designed to target, the Bank of America customers, known as ' Bredo virus ', capable of stealing inf...

Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw. A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer. Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability. Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating syste...