The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers. Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up Spotify AB and is freely available for Android and iOS devices as well as for desktop computers with more than 40 million active users, out of which about 10 million users are its paid subscribers. It offers offline listening and ad-free playback are also available for Premium subscribers of the service. The company announced that a hacker had allegedly broken into its systems and gained unauthorized access to the internal company data. So far only one of its users' accounts has been accessed in the data breach, but the company believes that there is no harm to the financial information, payment details or password of the affected user. " Our evidence shows that only one Spot...

Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu , a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are sending user authentication cookies in plain text, rather than encrypting it. So, it can be easily hijacked by even a Script-Kiddie looking to steal information. HIJACKING  AUTHENTICATION COOKIES When Wordpress users log into their account, WordPress.com servers set a web cookie with name " wordpress_logged_in " into the users' browser, Yan Zhu explained in a blog post. He noticed that this authentication cookie being sent over clear HTTP, in a very insecure manner. One can grab HTTP cookies from the same Wi-Fi Network by using some specialized tools, such as F...

It has been months ago since the release of Samsung's latest Smartphone, Galaxy S5 and we have seen a portion of International units receive root, but a couple of the carrier variants including the developer edition of Samsung Galaxy S5 for Verizon and At&T hasn't been in the list, sadly. The Interesting part is that till now no hacker has found a way out to gain the root-rights of the Verizon as well as AT&T version of the Samsung Galaxy S5. Now, the Verizon and AT&T users who own Samsung Galaxy S5 are reportedly itching to get Android rooting technique for their devices, so that they can do tons of things such as customizations, patching apps, installing third-party ROMs etc. This situation is something unacceptable to the developers and Galaxy S5 users, and finally the senior members of XDA developers in collaboration with the group of Verizon and AT&T customers have started a Crowd funded Bounty program for achieving the root on Verizon and AT&...

From last few years Ransomware malwares are targeting Windows users Worldwide and experts predicted that it was just a matter of time until ransomware would hit mobile devices and other Desktop operating systems like Mac, iOS, Android etc. A Few weeks back we reported about a Ransomware malware campaign which is targeting Android mobile users. Such Malware first try to trick users into downloading it and then demanding payment to restore user control of the device. This morning reports came out that cybercriminals have targeted a large number of users of Apple's iCloud connected devices with a sophisticated Ransomware in Australia. The owners of iPhone , Mac and iPads are finding their devices locked remotely through iCloud and a message originating in Apple's find my device service that states " Device hacked by Oleg Pliss ". One user wrote on Apple Support Forum, " I went to check my phone and there was a message on the screen (it's ...

Microsoft ended its support for Windows XP officially more than a month ago on April 8, 2014 . This made a large number of users to switch to the latest version of Windows, but still a wide portion of users are using Microsoft oldest and most widely used operating system, despite not receiving security updates. While some companies and organizations who were not able to migrate their operating system's running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates. Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019. It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out...

The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit , a Texas-based Encrypted Email Service. In response, a group of young developers at the European Organization for Nuclear Research (CERN) has launched a new email service which offers end-to-end encryption and securing communications that could put an end to government snooping and will keep away our personal data from prying eyes. PROTONMAIL - AN END-to-END ENCRYPTED EMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN. ProtonMail offers a user-friendly experience with full "end-to-end" encryption . It encrypts the data on the browser...