The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers' code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it's not an April Fools' joke! A malicious software program that holds the victims' computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim's computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp...

Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher  Danor Cohen (An7i)   discovered the WinRAR file extension spoofing vulnerability. WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format. Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window. Danor manipulated the second filename and extension to prepare a special Z...

A year back, Security Researchers from the Antivirus firm Kaspersky found a sophisticated piece of malware which they dubbed as ' MiniDuke ', designed specifically to collect and steal strategic insights and highly protected political information, which is a subject to states' security. Now, once again the MiniDuke virus is spreading in wild via an innocent looking but fake PDF documents related to Ukraine , while the researcher at F-Secure were browsing the set of extracted decoy documents from a large batch of potential MiniDuke Samples. " This is interesting considering the current crisis in the area ," Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday. The Hacker News reported a year ago about the malicious malware that uses an exploit ( CVE-2013-0640 ) of the famous and actively used Adobe Reader . MiniDuke malware written in assembly language with its tiny file size (20KB), and uses hijacked Twitter accounts for Command ...

We are already aware about the fact that most probably every mobile app is collecting our data in one or the other form. Thanks to Edward Snowden, who provided the secret documents that revealed that the world's most popular Smartphone applications, including gaming apps such as Angry Birds , are telling the government intelligence agencies (NSA) everything about us. We  reported earlier  that how the government intelligence agencies, such as British intelligence agency GCHQ and U.S. intelligence firm NSA, use popular games to collect users' personal data including their GPS location. Yes, the popular game Angry Bird , which is the top-selling paid mobile application in the United States and Europe for the iPhones, Android and has been downloaded more than a billion times by the devoted game players worldwide, who often spend hours squawking and playing the game.  In fact earlier this month,  CBS 60 Minutes  shows that how Rovio shares users' loca...

800 Million US based Credit and Debit cards compromised! Really it's a big number and till now it has not been sized by the cyber security officials but a hacker group claims that they had stolen data on hundreds of millions of U.S. card accounts. Last week, the hacker group called itself Anonymous Ukraine ( Op_Ukraine) , said it has seized information pertained to 800 million U.S. credit and debit card accounts, including the cards' data belong to U.S. President Obama and other political figures. The group says the intention behind this data theft is to harm the U.S. economy. The messages posted on March 24 shows clearly that they were by anti-American. The first message read, " After the USA showed its true face when she unilaterally decides which of the peoples to live independently and who under the yoke of the Federal Reserve, we decided to show the world who is behind the future collapse of the American banking system. We own all the financial information of the...

The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden  revealed that the NSA created a flawed random number generation system ( Dual_EC_DRBG ), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool.  Until then RSA wasn't able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak. Researchers from Johns Hopkins , the University of Wisconsin , the University of Illinois  have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension  for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster,  Reuters reported. Dual Elliptic Curve Deterministic Random Bit Generator ( D...