The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

We all are aware of the National Security Agency's (NSA) mass surveillance program to track non-Americans. Thanks to former NSA contractor Edward Snowden, who provided confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ. A recent story about NSA surveillance broke when a German public broadcaster ARD published that the Agency is using its surveillance program XKeyScore to target users who use encryption and traffic anonymizing software, including Tor Network for anonymous Web browsing and Linux-based Tails operating system in an effort to keep tracks of people outside the US. XKeyScore is a powerful NSA surveillance program that collects and sorts intercepted data, which came to limelight in documents leaked by former NSA contractor Edward Snowden last summer, but the greater detail in an investigation conducted by American security expert and Tor Project member Jacob Appelbaum , Aaron Gibsom, and...

Beginning of the new month, Get Ready for Microsoft Patch Tuesday! Microsoft has released its Advance Notification for the month of July 2014 Patch Tuesday releasing six security Bulletins, which will address a total of six vulnerabilities in its products, out of which two are marked critical, one is rated moderate and rest are important in severity. All six vulnerabilities are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Windows, Microsoft Server Software and Internet Explorer, with the critical ones targeting Internet Explorer and Windows. Microsoft is also providing an update for the " Microsoft Service Bus for Windows Server " which is rated moderate for a Denial of Service (DoS) flaw. " At first glance it looks like Microsoft may be taking it easy on us this month, which would be nice since we will be coming off a long holiday weekend here in the U.S."  Chris Goettl from IT Security firm...

Security researchers from MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), have discovered a major security vulnerability in the latest version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk. Facebook SDK for Android and iOS is the easiest way to integrate mobile apps with Facebook platform, which provides support for Login with Facebook authentication, reading and writing to Facebook APIs and many more. Facebook OAuth authentication or ' Login as Facebook ' mechanism is a personalized and secure way for users to sign into 3rd party apps without sharing their passwords. After the user approves the permissions as requested by the application, the Facebook SDK implements the OAuth 2.0 User-Agent flow to retrieve the secret user's access token required by the apps to call Facebook APIs to read, modify or write user's Facebook data on their behalf. ACCESSING UNENCRYPTED ACCESS TOKEN It is important that ...

Due to the better track inventory and accuracy of records, Point-of-sale (POS) systems are being used in most of the industries including restaurants, lodging, entertainment, and museums around the world. It can be easily set-up depending on the nature of the business. Despite that, Point-of-sale (POS) systems are critical components in any retail environment and users are not aware of the emerging threats it poses in near future. So, it is one of the apparent target for cybercriminals and the recent security breach at Information Systems & Suppliers (ISS) proves this. Information Systems & Suppliers (ISS) Inc., the vendor of point-of-sale (POS) electronic cash registers and security systems used by restaurants has warned its customers that it may have experienced a payment card breach. HACKERS COMPROMISED VENDOR'S LogMeIn SERVICE The company on June 12 notified restaurant customers of its remote-access service, the popular LogMeIn, had been compromi...

Cybercriminals have rolled out a new malicious Android application that wraps different varieties of banking fraud trick into a single piece of advanced mobile malware . GOOGLE SERVICE FRAMEWORK - APPLICATION OR MALWARE? Security researchers at the security firm FireEye have came across a malicious Android application that binds together the latest and older hijacking techniques. The malicious Android app combines private data theft, banking credential theft and spoofing, and remote access into a single unit, where traditional malware has had only one such capability included in it. Researchers dubbed the malware as HijackRAT , a banking trojan that comes loaded with a malicious Android application which disguises itself as "Google Service Framework," first and the most advanced Android malware sample of its kind ever discovered, combining all the three malicious activities together. MALWARE FEATURES By giving the remote control of the infected device to hackers,...

In an effort to infect large number of people, cybercriminals have developed a new malicious software program that contains functionality to spread itself quickly. Geodo , a new version of the infamous Cridex (also known as Feodo or Bugat ) banking information stealing Trojan works in conjunction with a worm that sends out emails automatically to continue its self-spreading infection method, effectively turning each infected Windows system in the botnet for infecting new targets, Seculert warned . The Infected Windows systems in the botnet network download and install an additional piece of malware (i.e. an email worm) from the Botnet 's command and control servers, provided with approximately 50,000 stolen SMTP account credentials including those of the associated SMTP servers. The stolen SMTP credentials appeared to come from Cridex victims and with the help of those credentials, the malware then sends out emails from legitimate accounts to other potential victim...