The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google's Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed proprietary software and because of lack in independent code review of those closed-source apps, it is complex to authenticate its integrity and to identify the existence of backdoors . Paul Kocialkowski , the developers of the  Replicant OS  has uncovered a backdoor pre-installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device. Replicant OS is an open source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. In a blog post , He explained that Samrtphones come with two separate processors, one for gen...

The massive data breaches in U.S retailers ' Target ' and ' Neiman Marcus ', in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, have put a spotlight on the need for more secure transactions. To tackle this issue, the two major payment card brands, MasterCard and Visa have announced the formation of a new cross-industry group that will focus on the security of the enhancing payment system to keep pace with the expectations of consumers, retailers and financial institutions in the United States. " The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," says Ryan McInerney, president of Visa Inc. "As we have long said, no one industry or technology can solve the issue of payment system fraud on its own. " The joint effort aims to advance the migration to EMV chip cards, also kno...

DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability ( CVE-2013-0235 ) - " Pingback Denial of Service possibility ". According to security company Sucuri , in a recent amplification attack more than 162,000 legitimate Wordpress sites were abused to launch a large-scale distributed denial-of-service (DDoS) attack . The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site. The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations....

Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. The new build intends to address following vulnerabilities in Adobe Flash Player: CVE-2014-0503 ,  reported by security researcher, ' Masato Kinugawa ', that lets   attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks. CVE-2014-0504 , reported by ' Jordan Milne ',   that could be used to read the contents of the clipboard(). The Clipboard can be used to store data, such as text and images, but flaw could allow hacker to stuff malware URLs onto your clipboard. Adobe Security Bulletin APSB14-08 tagged the updates with  Priority 2 , ' This update resolves vulnerabilitie...

Since mobile has become a basic need for every common as well as important figure now a days. So, every company is highly working to find more effective ways to protect sensitive data of their users and in the race, Vodafone lead the game. In collaboration with its security partner Giesecke & Devrient ( G&D ) which is an international leader in mobile security solutions, Vodafone is offering an end-to-end encryption for mobile communication based on the phone SIM card. Secure Data such as emails, documents, data carriers, and VPN connections will be signed and encrypted by the SIM in such a way that they are unreadable to unauthorized third parties assuring your security and privacy. SIM users have to encrypt the data by simply using a PIN and a digital signature, and the same is needed in order to decrypt the communication. " The solution uses the widespread S/MIME encryption program for email exchanges, and in the future, encryption via PGP will also be...

Facebook has several security measures to protect users' account, such as a user " access token " is granted to the Facebook application (like  Candy Crush Saga, Lexulous Word Game ), when the user authorizes it, it provides temporary and secure access to Facebook APIs. To make this possible, users have to ' allow or accep t' the application request so that an app can access your account information with the required permissions. The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password. Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user's data and can perform any actions on behalf of the user, till the token is valid. In Past years, Many Security Researchers ...