The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Till now we have seen a series of different malware targeting Windows operating system and not Mac, thanks to Apple in way it safeguard its devices' security. But with time, cyber criminals and malware authors have found ways to exploit Mac as well. GROUP BEHIND THE MAC VERSION OF BACKDOOR Researchers have unmasked a group of cyber criminals that has recently started using a new variant of XSLCmd backdoor program to target Mac OS X systems. This Mac version of backdoor shares a significant portion of its code with the Windows version of the same backdoor that has been around since at least 2009. According to FireEye researchers, the group, dubbed as GREF , is already infamous for its past cyber espionage attacks against the US Defense Industrial Base (DIB), companies from the electronics and engineering sectors worldwide, foundations and other NGO's as well. " We track this threat group as "GREF" due to their propensity to use a variety of Google references in th...

You all won't have forget about the dodgy update released by Microsoft in its last month's Patch Tuesday Updates which was responsible for crippling users' computers - specially users running Windows 7 PCs with the 64bit version - with the infamous " Blue Screens of Death ." The company fixed the issue at the end of last month, and now is planning to release a light edition of Patches. Today Microsoft has released its Advance Notification for the month of September Patch Tuesday Updates. There will be a total of four security Bulletins next Tuesday, September 9, which will address several vulnerabilities in its products, one of them is marked critical and rest are important in severity. CRITICAL PATCH This time also administrators can expect a cumulative patch release for Internet Explorer which will address a number of remote code execution vulnerabilities in the browser. As usual, Internet Explorer (IE) update is rated Critical on Windows client systems and Moder...

A notable number of cell phone towers around the United States are rogue that, according to latest report, could spoof legitimate towers and intercept calls. The research carried out by ESD America , a defense and law enforcement technology firm based in Las Vegas, shows that a rogue cell phone towers, also known as "interceptors", may process the call. ESD America, the company that makes the super-secure CryptoPhone, makes one of the oldest and most expensive high-security cell phones in the market. It provides equipment and training to more than 40 countries with a goal to provide technical security assistance to government and corporate clients across Asia. SEVERAL ROGUE CELL PHONE TOWERS DISCOVERED While field-testing its secure Android handset, the CryptoPhone 500 , the firm came across the existence of a series of fake base stations along the Eastern seaboard of the US. Les Goldsmith, the CEO of ESD America, told the US publication Popular Science tha...

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c...

With a need to give more controls in users' hands, LinkedIn has introduced a few new security features that the company says will help users of the social network for professionals keep their accounts and data more secure. SESSION ALERTS Just like Google, Facebook, Yahoo and other online services, LinkedIn has added a new option within the settings tab that allows users to see where and on what devices they are logged into their account. From there, users can sign out of various sessions with one click. This will include details about the users' current sessions, the browser name, operating system, carrier and IP address, which is used to give an approximate location of the device through which the session is occurring. Just like the Facebook feature, LinkedIn lets people to approve the devices to be used, and if somebody accesses a user's LinkedIn account from an unapproved device it will alert user. PASSWORD ALERTS LinkedIn has also introduced its password c...

Good news for Firefox lovers! The Mozilla Foundation has introduced a bunch of new features in Firefox to improve browser security with the launch of Firefox 32, now available for Windows, Mac, Linux, and Android platforms. The new version of Firefox makes the browser even more competitive among others. Firefox version 32 has some notable security improvements, including a new HTTP cache for improved performance, public key pinning - a defense that would help protect its users from man-in-the-middle and other attacks, and easy language switching on Android. PUBLIC KEY PINNING ENABLED BY-DEFAULT In the latest Firefox version 32, Mozilla has enabled Public Key Pinning support by default that will protect its users from man-in-the-middle-attacks and rogue certificate authorities. Public key pinning is a security measure that ensures people that they are connecting to the websites they intend to. Pinning allows users to keep track of certificates in order to specify wh...