The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Until now, we have seen how different smart home appliances such as refrigerators, TVs and routers could expose our private data, but now you can add another worry to your list —LED light bulb. Don't laugh! It's true. Researchers at UK security firm Context have formulated an attack against the Wi-Fi connected lightbulbs, which is available to buy in the UK, that exposes credentials of the Wi-Fi network, it relies on to operate, to anyone in accessibility to one of the LED devices. Security vulnerabilities found in the LIFX Smart light bulbs , that can be controlled by the iOS-based and Android-based devices, could allow an attacker to gain access to a "master bulb" and with the help of that they could control all connected bulbs across that network, and help them expose user network configurations. Along with other Internet of Things (IoTs) devices, the smart bulbs are part of a rising trend in which the manufacturers enclose computing and networking capabilities to their devices s...

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as " Jelly Bean ." APPS CAN MAKE CALLS FROM YOUR PHONE " This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won't ask you for extra permissions to do a phone call to a toll number – but it is able to do it ," Curesec's CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. " This is normally not possible without giving the app this special permission. " By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone call...

Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency. In a blog post published Monday in The Wall Street Journal , founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it. Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world's 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure. One may think that Zuckerberg's vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide, ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

If anybody says that NSA is watching you, nobody surprises. But, a large scale investigation published by Washington Post indicates that the scope of surveillance carried out by US National Security Agency was massive even than the expectation of you and me. Just because you are an ordinary person doesn't mean that you are safe, as 90 percent of messages intercepted by the NSA were not foreign targets but ordinary users , like you and me, from the United States and abroad. Interestingly, your all those " startingly intimate " data and personal photographs had been left in plain view on NSA databases for someone else, according to a new report in The Washington Post published Sunday detailing a four-month review of about 160,000 intercepted e-mail and text message conversations involving 11,000 online accounts provided by former NSA contractor Edward Snowden . The National Security Agency has gathered nearly half of the files which contains names, email addresses or other details be...

IT security is not a luxury; it's a necessity. While IT practitioners understand this and are on the lookout for effective security options for their network, security solutions manufacturers tend to serve the enterprise market and large companies more than they do smaller organizations and resource-constrained security teams. The reality is that 99% of IT security departments are resource-constrained in terms of budget, time, and staff. This situation directly aligns with the Security Information & Event Management (SIEM) market. With the scores of costly, appliance-based and enterprise SIEM solutions on the market, the majority of security teams find it difficult to adopt SIEM to strengthen network security. Even if they do manage to meet the high cost of a SIEM purchase, they end up acquiring a SIEM which is too big for their security needs. This means incurring additional appliance maintenance costs, IT staff overhead costs to manage the SIEM product, and training an...

It's the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy. To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported . The encryption program is dubbed as miniLock , which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection. " The tagline is that this is file encryption that does more with less, " says Kobeissi, activist and security consultant. " It's super simple, approachable, and it's almost impossible to be confused using it. " Drag-and-drop interface here means, miniL...